To configure SAML authentication, you need to create a federation artifact for the Horizon Air tenant.

Verify the following with your service provider:

The Horizon Air tenant name is a fully-qualified domain name (FQDN). For example, instead of server-ta1-1.

The Horizon Air tenant appliances have valid SSL certificates from a CA installed. Self-signed certificates are not supported. The certificate must match the FQDN of the tenant appliance.


In the VMware Identity Manager administration console, click the arrow on the Catalog tab and select Settings.


In the left pane, select Horizon Air.


Enter the information for your environment to create a federation artifact.



Assertion Consumer Service

URL to which to post the SAML assertion. This URL is typically the Horizon Air tenant's floating IP or Access Point URL. For example,


Unique identifier of the Horizon Air tenant. This URL is typically the Horizon Air tenant's floating IP or Access Point URL. For example,

Tenant Appliance URLs

The URL of the Horizon Air tenant appliance, in the format https://TenantApplianceFQDN/admin/SAML/metadata. If you have multiple tenant appliances, click Add Tenant Appliance URL to add the URLs.

If the tenant appliances are behind a floating IP or Access Point appliance, specify the floating IP or Access Point appliance URL, in the format https://FloatingIPorAccessPointFQDN/admin/SAML/metadata.

For example:

Federation Artifact


Click the Accept Certificate link next to each Horizon Air tenant appliance URL to accept the certificate.


If you change the SSL certificate on the Horizon Air tenant appliance after integration, you must return to this page and accept the certificate again to re-establish trust.


Click Save.

Configure SAML authentication in the Horizon Air tenant.