Security Assertion Markup Language (SAML) server authentication allows View to exchange authentication information with other services such as the Horizon Web service. After a user signs in to Horizon Workspace, the SAML server authentication enables the user to initiate a View session and begin using the virtual desktop without being prompted again for log in credentials.

Authentication to View is handled by the Horizon service through the SAML 2.0 authenticator. When authentication delegation is enabled, and a user is verified by SAML, the SAML identity provider performs all authentication, with the exception of the disclaimer.

When you select a View desktop icon in the Horizon User Portal, a SAML artifact is generated. The View client sends the artifact to the View Connection Server. When the View Connection Server validates the artifact, it connects with Horizon Workspace.

The View Connection Server sends the artifact to Horizon, where it is validated. Horizon Workspace then sends a SAML assertion to the View Connection Server, which is validated and authenticates the user with View. This authentication is then used to launch the View desktop after validation. The assertion is generated by Horizon Workspace after receiving the artifact from the View Connection Server. The View Connection Server validates the assertion received from Horizon Workspace.

You must associate the View Connection Server with a SAML authentication service such as Horizon Workspace to facilitate this process.

Note

If you intend to provide access to your desktops through Horizon Workspace, verify that you create the desktop pools as a user with Administrators permissions on the root folder in View. If you give the user Administrators permissions on a folder other than the root folder, Horizon Workspace will not recognize the SAML 2.0 Authenticator you configure in View, and you cannot configure the pool in Horizon Workspace.