Horizon Workspace user authentication requires the use of one or more identity provider instances, which can be Connector instances, third-party identity provider instances, or a combination of both. The identity provider instances authenticate users with Active Directory within the enterprise network.

Horizon Workspace authenticates users based on how you configure authentication methods, default access policy set, network ranges, and identity provider instances.

The identity provider instances that you use with Horizon Workspace create an in-network federation authority that communicates with Horizon Workspace using SAML 2.0 assertions. The identity provider instances authenticate the user with Active Directory within the enterprise network (using existing network security).

By default, Horizon Workspace supports the following authentication methods with the Connector:

Active Directory password

Kerberos

RSA SecurID