By integrating your Horizon Cloud with On-Premises Infrastructure environment with an on-premises or cloud-hosted VMware Identity Manager™ environment, you give your VMware Identity Manager users the ability to access their entitled desktops using the Workspace ONE portal.

VMware Identity Manager is an Identity as a Service (IDaaS) offering that provides application provisioning, a self-service catalog, conditional access controls, and single sign-on (SSO) for SaaS, web, cloud, and native mobile applications. VMware Identity Manager is available both as an on-premises product and as a service hosted by VMware.

For an overview of this integration from the perspective of the VMware Identity Manager environment, see the Providing Access to Horizon Cloud overview. You configure desktop assignments for your users and groups in the Horizon Cloud Administration Console as usual. After you complete the steps to integrate the Horizon Cloud Node environment with your VMware Identity Manager environment, you sync the desktop assignment information to the VMware Identity Manager service. Then you can see the desktops in the VMware Identity Manager administration console and your end users can access their desktops from the Workspace ONE portal. You can set up a regular sync schedule to sync the assignment information from your Horizon Cloud Node environment to your VMware Identity Manager environment.

Note

When you integrate VMware Identity Manager with Horizon Cloud with On-Premises Infrastructure, a best practice is to include Unified Access Gateway in the configuration to provide your end users with seamless HTML web access to their virtual desktops. See the Unified Access Gateway product documentation for deployment steps.

The following list is a high-level summary of the end-to-end steps to enable your end users to access their entitled desktops using the Workspace ONE portal.

1

Obtain a VMware Identity Manager environment, either by deploying the on-premises version or by subscribing to the cloud-hosted version.

2

Deploy VMware Identity Manager according to the VMware Identity Manager guidelines for the deployment model you are using.

If you are using the cloud-hosted VMware Identity Manager, you must install a VMware Identity Manager connector appliance on premises in your Active Directory network. For details, see the description of the deployment scenario in the VMware Identity Manager documentation.

3

Ensure that you meet the VMware Identity Manager prerequisites for integration, as documented in the VMware Identity Manager product information appropriate for your situation:

VMware Identity Manager environment

Prerequisites

Cloud-hosted

On-premises version 2.8.x

4

Install certificates into your VMware Identity Manager environment and your Horizon Cloud Node environment.

5

Enable desktops from your Horizon Cloud with On-Premises Infrastructure environment to the VMware Identity Manager environment, as documented in the VMware Identity Manager product information appropriate for your situation:

VMware Identity Manager environment

Link to Desktop Enablement Documentation

Cloud-hosted

On-premises version 2.8.x

6

In your VMware Identity Manager environment, configure a federation artifact for your Horizon Cloud with On-Premises Infrastructure environment. The federation artifact is needed for configuration of the SAML authentication between the two environments. See Configure VMware Identity Manager for Horizon Cloud with On-Premises Infrastructure.

7

Configure Horizon Cloud with On-Premises Infrastructure for VMware Identity Manager access. See Configure Horizon Cloud Node for VMware Identity Manager.

8

In your VMware Identity Manager environment, sync the entitled desktops to VMware Identity Manager, as documented in the VMware Identity Manager product information appropriate for your situation:

VMware Identity Manager environment

Link to Desktop Enablement Steps

Cloud-hosted

On-premises version 2.8.x

9

Verify end-user access to desktops by logging in to the Workspace ONE portal as an end user and launching a desktop from the catalog. See Confirm End-User Access to Desktop Assignments in VMware Identity Manager.

To complete the integration process through the step of verifying end-user desktop access using the Workspace ONE portal, ensure that you have the following items.

A fully configured Horizon Cloud Node environment, that uses trusted certificates and has configured desktop assignments. For steps on uploading certificates to your Horizon Cloud Node, see Upload Certificates.

Access to your organization's configured VMware Identity Manager environment, either an on-premises or a cloud-hosted environment. Your VMware Identity Manager environment must be configured with trusted certificates.

If you are deploying VMware Identity Manager on premises, follow the deployment information in the VMware Identity Manager documentation center for your version of the on-premise product. The documentation centers for each on-premise product version are available from the VMware Identity Manager documentation page. For the specific versions of the on-premises VMware Identity Manager product that are supported for use with this version of Horizon Cloud with On-Premises Infrastructure, see the Release Notes.

If you are using the cloud-hosted VMware Identity Manager, you must install a VMware Identity Manager connector appliance on premises in your Active Directory network. Follow the steps as documented in the VMware Identity Manager documentation center, and see the description of this deployment scenario and subtopics. For the connector version that is required for this release of Horizon Cloud with On-Premises Infrastructure, see the Release Notes.

Verify that your configured VMware Identity Manager environment meets the prerequisites for integration with Horizon Cloud resources, as described in the VMware Identity Manager documentation.

VMware Identity Manager environment

Prerequisites

Cloud-hosted

On-premises version 2.8.x

Optionally integrate Unified Access Gateway with Horizon Cloud with On-Premises Infrastructure. Using Unified Access Gateway in this configuration is a best practice. See the deploying and configuration information available at the Unified Access Gateway, in the Unified Access Gateway product documentation available at its Unified Access Gateway documentation landing page.

1

To integrate Horizon Cloud with On-Premises Infrastructure with VMware Identity Manager, you must configure VMware Identity Manager with Horizon Cloud Node information. This process configures the federation artifact in your VMware Identity Manager environment for Horizon Cloud with On-Premises Infrastructure. The federation artifact is needed for the SAML authentication.

2

To integrate your Horizon Cloud with On-Premises Infrastructure environment with your VMware Identity Manager environment, you must configure your Horizon Cloud Node with the appropriate VMware Identity Manager information. You use the Administration Console to configure this information.

3

After you integrate Horizon Cloud with On-Premises Infrastructure with a VMware Identity Manager on-premises deployment, you can confirm that end users have remote access to their virtual desktops.

After you have verified the integration is working, you can optionally enforce end users to access their desktops using VMware Identity Manager. See Enforce End-User Access Through VMware Identity Manager.