Configure SAML Authentication

Workspace ONE provides users with the ability to run Horizon applications and desktops from a user portal. Identity Manager provides single sign-on to these applications and desktops by sending SAML assertions to VMware Horizon.

In this section, you will configure SAML authentication in Horizon.

Note - This process must be completed using Horizon View Administrator.

Authenticate to the Horizon View Administrator Console

Launch Browser

  1. From the Desktop of the Main Console, double-click Google Chrome

Note - If you still have Chrome running, simply open a new tab

Navigate to Horizon Console

  1. Select Horizon from the bookmarks bar
  2. Select Horizon-02-NewAdminConsole

Modify URL for Horizon Administrator

  1. Highlight and delete the portion of the URL: newadmin/#/login
  2. Replace the text with: admin and press Enter

Configuring SAML authentication is one of just a few tasks where using the legacy, Flex-based Horizon Administrator is recommended.

Log In to Horizon View Administrator

  1. User name: administrator
  2. Password: VMware1!
  3. Verify Domain: CORP
  4. Select Log In

Configure SAML Authentication on Horizon Connection Server

To launch remote desktops and applications from VMware Identity Manager or to connect to remote desktops and applications through a third-party load balancer or gateway, you must create a SAML authenticator in Horizon Administrator.

A SAML authenticator contains the trust and metadata exchange between Horizon 7 and the device to which clients connect.

You associate a SAML authenticator with a Connection Server instance. If your deployment includes more than one Connection Server instance, you must associate the SAML authenticator with each instance.

Edit Horizon Connection Server

  1. Expand View Configuration and select Servers
  2. Select Connection Servers
  3. Select HORIZON-02
  4. Select Edit...

Authentication Tab

  1. Select Authentication

Workspace ONE mode

  1. Review the options on the Authentication page.

Note there are options to configure Workspace ONE mode.

Workspace ONE, or VMware Identity Manager (vIDM) administrators can configure access policies to restrict access to entitled desktops and applications in Horizon 7. To enforce policies created in vIDM you put Horizon client into Workspace ONE mode so that Horizon client can push the user into Workspace ONE client to launch entitlements. When you log in to the Horizon Client, the access policy directs you to log in through Workspace ONE to access your published desktops and applications.

In order to enable and use this feature, the Delegation of authentication to VMware Horizon must be set to required.

Workspace ONE mode will not be used in this lab.

Enable SAML

  1. Click the drop-down menu
  2. Select Allowed

Manage SAML Authenticator

  1. Select Manage SAML Authenticators...

Add SAML Authenticator

  1. Select Add

SAML Authenticator Form

  1. Label = vIDM
  2. Left-click right in the middle of the text YOUR SAML AUTHENTICATOR NAME
    Only the portion of the Metadata URL that needs to be modified will be highlighted

Metadata URL

  1. Enter vidm-01.corp.local

Be careful not to modify the rest of the Metadata URL

  1. Select OK

Valid Certificate

  1. Select OK

Authenticator Status - Enabled

  1. Once the Authenticator is ready, select OK

Complete SAML Authenticator

  1. Select OK to close the Edit Connection Server Settings window

SAML Configuration Complete

You have successfully configured your Horizon 7 Connection Server for SAML authentication.

Next Steps

Leave Chrome running as you will use it in the next lesson.


Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.