In many cases, enterprises enable RSA SecurID-based authentication for their end users who connect from external networks.

You can enable RSA SecurID authentication with Horizon Workspace.

Note

If you use the Horizon Workspace FQDN as the IDP URL, you must set the useGatewayAsIDP flag to y. As a result, maintenance mode is turned on for the new connector-va virtual machine. When a virtual machine is in maintenance mode, the gateway-va virtual machine will not be aware of the virtual machine or route requests to it.

1

Obtain an IP address that is resolvable using reverse DNS and select an IDP URL. This IP address must be set up using the same netmask, network gateway, and DNS server name used in the original IP pool to deploy the vApp.

2

Go to the configurator-va virtual machine and run the hznAdminTool addvm command.

hznAdminTool addvm --type=CONNECTOR --ip=New VM IP address --useGatewayAsIDP=y --directoryPassword='AD BindDN password'

The new connector is automatically activated and connected to Active Directory. Provide the password for the BindDN user that you used during initial configuration.

3

Go to the Configurator Web interface at https://ConfiguratorHostname.

a

Click System Information.

b

Find the new virtual machine you added.

c

Click Exit Maintenance Mode.

The Configurator updates all the gateway virtual machines and sends new requests to the new connector virtual machine.

Note

In the future, if you do not want requests routed to that connector-va virtual machine, return to the Configurator Web interface and put the virtual machine in maintenance mode.

4

Go to the Connector you just created using the Web interface at https://ConnectorHostname/hc/admin.

a

Log in using the administrator password.

b

Click on SecurID.

c

Click on Enable SecurID.

5

Go to the Manager Web interface at https://HorizonWorkspaceFQDN/admin.

a

Click the Settings tab.

b

Click Identity Providers.

c

Edit the new Identity Provider.

d

Edit the IP address list.

To configure SecurID for end users who connect to the network from external networks, see Configure SecurID.