Configure SAML Authentication

Workspace ONE provides users with the ability to run Horizon applications and desktops from a user portal. WS1 Access provides single sign-on to these applications and desktops by sending SAML assertions to VMware Horizon.

In this section, you will configure SAML authentication in Horizon.

Configure SAML Authentication on Horizon Connection Server

To launch remote desktops and applications from Workspace ONE Access or to connect to remote desktops and applications through a third-party load balancer or gateway, you must create a SAML authenticator in Horizon.

A SAML authenticator contains the trust and metadata exchange between Horizon and the device to which clients connect.

You associate a SAML authenticator with a Connection Server instance. If your deployment includes more than one Connection Server instance, you must associate the SAML authenticator with each instance.

Edit Horizon Connection Server

  1. Expand Settings and select Servers
  2. Select Connection Servers
  3. Select HORIZON-02
  4. Select Edit...

Authentication Tab

  1. Select Authentication

Workspace ONE mode

  1. Review the options on the Authentication page.

Note there are options to configure Workspace ONE mode.

Workspace ONE Access administrators can configure access policies to restrict access to entitled desktops and applications in Horizon. To enforce policies created in WS1 Access you put Horizon client into Workspace ONE mode so that Horizon client can push the user into Workspace ONE client to launch entitlements. When you log in to the Horizon Client, the access policy directs you to log in through Workspace ONE to access your published desktops and applications.

In order to enable and use this feature, the Delegation of authentication to VMware Horizon must be set to required.

Workspace ONE mode will not be used in this lab.

Enable SAML

  1. Click the drop-down menu
  2. Select Allowed

Manage SAML Authenticator

  1. Select Manage SAML Authenticators

Add SAML Authenticator

  1. Select Add

SAML Authenticator Form

  1. Label = WS1Access
  2. Select the text  <YOUR SAML AUTHENTICATOR NAME> and be sure to get the < > in the selection.

Metadata URL

  1. Enter vidm-01.corp.local

Be careful not to modify the rest of the Metadata URL

  1. Click OK

Authenticator Status - Enabled

  1. Once the Authenticator is ready, click OK

Complete SAML Authenticator

  1. Click OK to close the Edit Connection Server Settings window

SAML Configuration Complete

You have successfully configured your Horizon Connection Server for SAML authentication.

Next Steps

Leave Chrome running as you will use it in the next lesson.

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.