After setting up your Horizon environment, you must set up your Workspace ONE Access environment before you integrate the Horizon pods and pod federations with the Workspace ONE Access service.

Using valid certificates signed by a trusted Certificate Authority (CA) for the Horizon Connection Servers is strongly recommended. If you have not obtained CA-signed certificates and are using self-signed certificates temporarily for testing purposes, you must upload the root certificates to the Virtual App service trust store.


  1. If the Horizon Connection Servers have self-signed certificates, upload the root certificates to the Virtual App service truststore.
    1. On the server on which the Virtual App service is installed, run the Workspace ONE Access connector installer again.
    2. On the Welcome page, click Next.
    3. On the Program Maintenance page, select Add/Remove Services and click Next.
    4. Click Next until the Install Trusted Root Certificates page appears.
    5. On the Install Trusted Root Certificates page, click Browse and upload the certificate.
    6. Save your changes and close the installer.
    7. Restart the VMware Virtual App Service.
  2. Ensure that distinguishedName is set as a required attribute for the Workspace ONE Access directory and that it is mapped to the Active Directory attribute distinguishedName.
    Attributes must be marked as required before the directory is created. After the directory is created, attributes cannot be changed from optional to required.
    1. Log in to the Workspace ONE Access console.
    2. Navigate to the Identity & Access Management > Setup > User Attributes page.
    3. Under Default Attributes, select the Required check box for distinguishedName.
    4. Click Save.
    5. While creating the directory, map the distinguishedName attribute to the Active Directory attribute distinguishedName.
  3. Sync all users and groups with global or local entitlements in Horizon from Active Directory to the Workspace ONE Access service.
    To sync users and groups to Workspace ONE Access, you must install the Directory Sync service component of the Workspace ONE Access connector.
    1. To view current users and groups, click the Users & Groups tab.
    2. Select the Identity & Access Management > Directories tab.
    3. Select the appropriate directory.
    4. Modify the directory settings if needed, and click Sync.
    Note: Users must have the userPrincipalName attribute set. If the userPrincipalName attribute is not set for a user, the user might not be able to run desktops and applications.
  4. If applicable, establish a connection to multi-domains or trusted multi-forest domains in Active Directory. See Directory Integration with VMware Workspace ONE Access for information.