After setting up your Horizon environment, you must set up your Workspace ONE Access environment before integrating the Horizon pods and pod federations with the Workspace ONE Access service.
Using valid certificates signed by a trusted Certificate Authority (CA) for the Horizon Connection Servers is strongly recommended. If you have not obtained CA-signed certificates and are using self-signed certificates temporarily for testing purposes, you must upload the root certificates to the Virtual App service trust store.
- To integrate Horizon pods and pod federations, you must install the Virtual App service component of the Workspace ONE Access connector.
- To sync users and groups from Active Directory to Workspace ONE Access, you must install the Directory Sync service component of the Workspace ONE Access connector.
- If the Horizon Connection Servers have self-signed certificates, upload the root certificates to the Virtual App service truststore.
- On the Windows server on which the Virtual App service is installed, run the Workspace ONE Access connector installer again.
- On the Welcome page, click Next.
- On the Program Maintenance page, select Add/Remove Services and click Next.
- Click Next until the Install Trusted Root Certificates page appears.
- On the Install Trusted Root Certificates page, click Browse and upload the certificate.
- Save your changes and close the installer.
- Restart the VMware Virtual App Service.
- Ensure that the distinguishedName attribute is mapped to the Active Directory attribute distinguishedName.
- Log in to the Workspace ONE Access console.
- Navigate to the page.
- Select the directory that contains the users and groups with Horizon entitlements.
- On the directory page, click Sync Settings, then select the Mapped Attributes tab.
- Verify that the distinguishedName attribute is mapped to the Active Directory distinguishedName attribute.
- Sync all users and groups with global or local entitlements in Horizon from Active Directory to the Workspace ONE Access service.
Note: Users must have the userPrincipalName and distinguishedName attributes set. If the userPrincipalName or distinguishedName attribute is not set for a user, the user might not be able to run desktops and applications.
- Review which users and groups are currently synced to Workspace ONE Access by going to the and pages.
- Select .
- Select the appropriate directory.
- Click Sync Settings.
- In the Users and Groups tabs, modify the settings if required, and click Save.
- On the directory page, click
or to sync the directory.Sync safeguards limit the number of changes allowed during sync. For more information, see Directory Integration with Workspace ONE Access.
- If applicable, establish a connection to multi-domains or trusted multi-forest domains in Active Directory. See Directory Integration with VMware Workspace ONE Access for information.