VMware Identity Manager can be deployed on-premises or consumed as a cloud service. Deployment of Identity Manager is outside the scope of this lab.
In the module you will integrate VMware Horizon 7 with an on-premise installation of VMware Identity Manager. The Identity Manager appliance has already been deployed, and you will configure it for Horizon integration.
- Lesson 1 - Prepare for Horizon integration with Identity Manager
- Lesson 2 - Configure SAML authentication
- Lesson 3 - Configure Horizon Pods and Pod Federations in VMware Identity Manager
- Lesson 4 - Launching Horizon desktops and applications from Workspace ONE
- Lesson 5 - Configure Access and Network Policies and Client Access URL
- Lesson 6 - Launching Horizon Desktops with Deny Access Policy Rule
Integrating Horizon 7 with Identity Manager
Integrating VMware Horizon 7, Horizon 6, or View with the VMware Identity Manager service lets you provide users the ability to access their entitled Horizon desktops and applications from the Workspace ONE portal or app. You can integrate independent Horizon pods, which consist of Horizon Connection Server instances, and pod federations, which contain multiple pods and can span multiple sites and data centers.
You deploy and manage desktop and application pools in the Horizon Administrator interface. You also create entitlements for Active Directory users and groups in Horizon, not in VMware Identity Manager. You must sync these users and groups to the VMware Identity Manager service from Active Directory before integrating with Horizon.
To integrate Horizon pods and pod federations with VMware Identity Manager, you create one or more virtual apps collections in the VMware Identity Manager administration console. The collections contain the configuration information for the pods and pod federations, as well as sync settings. You then sync the Horizon resources and entitlements to VMware Identity Manager.
In the VMware Identity Manager administration console, you can view the Horizon desktops and applications. You can also view user and group entitlements.
End users can run their entitled desktops and applications from the Workspace ONE portal or app. These desktops and apps can be accessed over HTML in a browser or over a supported display protocol in the Horizon Client.