The synchronization and launch architecture diagrams depict how Workspace ONE Access synchronizes Horizon resources and user entitlements from the Horizon Connection Server to the Workspace ONE Access service and how it launches these resources from Workspace ONE.

Horizon Resources and Entitlements Synchronization

Figure 1. Synchronization Architecture Diagram

Synchronization Diagram of Horizon Resources and Entitlements

  1. Users and groups are synced from Active Directory to the Workspace ONE Access service by the connector.
  2. Horizon resources and entitlements are synced from the Horizon Connection Server to the Workspace ONE Access service by the connector.

Horizon Applications and Desktops Launch

Figure 2. Launch Architecture Diagram

Launch Diagram of Horizon Resources from Workspace ONE

The blue arrows in the diagram depict the authentication flow.

  1. A user enters Active Directory credentials to log into Workspace ONE.
  2. The Workspace ONE Access service sends encrypted credentials to the connector.
  3. The connector verifies the credentials with Active Directory.
  4. The connector sends an OK message to the Workspace ONE Access service, allowing the user to log in.

The black arrows in the diagram depict the launch flow.

  1. The user launches a Horizon resource from Workspace ONE.
  2. The Workspace ONE Access service creates a launch URL with the SAML artifact and passes it to the Horizon Client.
  3. The Horizon Client connects to the Horizon Connection Server through Unified Access Gateway (UAG).
  4. The Horizon Connection Server resolves the SAML artifact with the Workspace ONE Access service to get the SAML assertion and validates it.
  5. The Horizon Connection server renders the Horizon resource to the end user through the Horizon Client.