H: Using Workspace One with Horizon Cloud

H: Using Workspace One with Horizon Cloud

Introduction to Integration with Workspace One

VMware Identity Manager, optimized with VMware AirWatch® Conditional Access, delivers one-touch access to nearly any application from any device. At the same time, VMware Identity Manager provides you a central place to manage access policies and user provisioning with enterprise-class directory integration, identity federation, and user analytics. Components of VMware Identity Manager include the VMware Workspace™ ONE™ portal, AirWatch Directory integration, access policy integration, and Horizon Cloud integration.

VMware Identity Manager includes the following key benefits:

  • Promotes productivity by removing traditional barriers to mobility, such as complex passwords, multiple configuration steps, traditional VPNs, and tokens
  • Increases security by optimizing authentication for each device type rather than the lowest common denominator
  • Frees businesses to roll out new software-as-a-service (SaaS) and mobile apps immediately to address changing business processes and customer engagements while maintaining a single point of user entitlement and license monitoring
  • Simplifies IT maintenance by leveraging existing directory infrastructure and extending to SaaS and mobile applications with automated provisioning, utilization reporting, and conditional access policies
  • For more information, see VMware Identity Manager.

You can explore the benefits of integrating VMware Identity Manager and Horizon Cloud in the following exercises:

  • H1: Setting up VMware Identity Manager within Horizon Cloud
  • H2: Creating the Federation Artifact
  • H3: Configuring Horizon Cloud for Integration
  • H4: Accessing a Horizon Cloud Desktop from VMware Identity Manager
  • H5: Accessing an Application from VMware Identity Manager

H1: Setting Up VMware Identity Manager with Horizon Cloud

You can enable Horizon Cloud desktops and applications in VMware Identity Manager by configuring the cloud-based version of VMware Identity Manager with Horizon Cloud with Hosted Infrastructure. It is assumed that you already have a VMware Identity Manager deployment set up with users and groups synchronized with your Active Directory.

H1.1 Log In to VMware Identity Manager

  • Log in to VMware Identity Manager using your Active Directory domain.

H1.2 Switch to the Administration Console

  1. In the upper right corner, click the person icon.
  2. Select Administration Console from the drop-down menu.

H1.3 Navigate to the Virtual Apps Catalog

  1. In the VMware Identity Manager Administration Console, select Catalog.
  2. In the drop-down menu, click Virtual Apps.

H1.4 Navigate to Virtual App Configuration

  • In the Virtual Apps window, select Virtual App Configuration in the upper row.

H1.5 Select Horizon Cloud

  1. In the Virtual App Configuration window, click Add Virtual Apps.
  2. In the drop-down menu, click Horizon Cloud.

H1.6 Provide Initial Horizon Cloud Parameters

  1. In the Horizon Cloud window, provide the following parameters:
    • Name: Enter a friendly name for the virtual applications.
    • Sync Connectors: Select from the drop-down menu, or Add Connector.
  2. In the Tenants pane, click Add Tenant.

H1.7 Provide Tenant Parameters

  1. Scroll down the Horizon Cloud window to the Tenants pane.
  2. Provide the following information:
    • Tenant Host: Enter the fully qualified domain name (FQDN) of the Horizon Cloud Tenant URL.
    • Tenant Port: Accept the default port of 443.
    • Admin User: Enter the username of the tenant host.
    • Admin Password: Enter the password for the tenant administrator account.
    • Admin Domain: Enter the Active Directory NETBIOS domain name where the tenant administrator resides.
    • Domains to Sync: Enter the Active Directory NETBIOS domain names for synchronizing Horizon Cloud resources and entitlements.
    • Assertion Consumer Service URL: Enter the IP address or hostname of the Horizon Cloud tenant, such as https://cloud.horizon.vmware.com.
    • True SSO enabled on Horizon Cloud: Check the check box if True SSO is enabled for this Horizon Cloud tenant.

H1.8 Provide Custom ID Mapping Parameters

  1. Scroll to the bottom of the Horizon Cloud window, and provide the Custom ID Mapping:
    • Name ID Format
    • Name ID Value
  2. Provide the following additional parameters:
    • Default Launch Client
    • Sync Frequency
    • Activation Policy
  3. Click Save.

When the parameters are saved and the operation is completed, proceed to the next exercise to configure the Federation Artifact.

H2: Configuring Horizon Cloud for Integration

Your Horizon Cloud infrastructure must be configured to communicate with VMware Identity Manager.

H2.1 Navigate to Identity Management

  1. In the Horizon Cloud Administration Console, select Settings.
  2. In the Settings menu, click Identity Management.
  3. In the Identity Manager window, click New.

H2.2 Provide Parameters

  1. In the New Identity Manager window, provide the following information:
    • VMware Identity Manager URL: Enter the URL, such as https://horizon.vmware.com/idp.xml
    • Timeout SSO Token: Accept the default.
    • Data Center: Select the data center from the drop-down menu.
    • Tenant Address: Enter the address, such as cloud.horizon.vmware.com
  2. Click Save, and verify that a message appears saying the settings have been saved successfully.

After you finish configuring Horizon Cloud to communicate with VMware Identity Manager, proceed to the next exercise to entitle a user to applications and desktops, synchronize VMware Identity Manager manually, and launch a connection to an application or desktop through VMware Identity Manager.

H3 Establishing Trust Between Horizon Cloud and VMware Identity Manager

In this exercise, you gather information in the Workspace ONE administration console, that you then provide to Horizon Cloud in the Horizon Cloud Administration Console, to establish the connection.

H3.1 Navigate to Workspace ONE Web Apps

  1. In the Workspace ONE console, select the Catalog tab.
  2. In the Catalog menu, select Web Apps.
  3. In the upper right of the Web Apps window, click Settings.

H3.2 Gather the SAML Metadata

  1. On the navigation bar to the left under SaaS Apps, click SAML Metadata.
  2. In the SAML Metadata pane on the right, click Copy URL.
  3. When the green banner appears confirming the data is copied to the clipboard, you can paste it and save to use later.

H3.3 Navigate to Identity Manager

  1. Return to the Horizon Cloud Administration Console, and click Settings.
  2. In the Settings menu, select Identity Manager.
  3. In the Identity Manager window, click New.

H3.4 Provide the Identity Manager Parameters

  1. In the New Identity Manager window, provide the following parameters:
    • VMware Identity Manager URL: Paste the VMware Identity Manager SAML IdP metadata URL that you copied earlier.
    • Timeout SSO Token: You can enter an optional period of time in minutes before the session times out. In this example, that time period is 0 minutes.
    • Data Center: Click the down arrow and select a Data Center from the menu for the Identity Manager.
    • Tenant Address: Enter the address of the tenant appliance.
  2. In the lower right, click Save.

When you complete this exercise, proceed to the next exercise to verify that the integration is working.

H4: Accessing an Application from VMware Identity Manager

You can verify that you integrated Horizon Cloud with VMware Identity Manager by launching a Horizon Cloud application and accessing it in VMware Identity Manager as a user would.

H4:1 Select an Application

  1. From the VMware Identity Manager User Portal, click Bookmarks.
  2. Select an application.

H4:2 View the Application Details

  1. Right-click an application to view details.
  2. Choose one of the following options:
    • To launch the application using the Horizon Client, click Launch in Client.
    • To launch the application using the HTML5 Client, click Launch in Browser.

H4:3 Verify That the Application Launches Properly

  1. Verify that the application launches properly.
  2. Explore the features of the application.

After you launch the Horizon Cloud application from VMware Identity Manager to verify that the integration works properly, you have finished this section of the Quick-Start Tutorial. This also concludes the exercises of the Quick-Start Tutorial. To find out more about additional products that enhance Horizon Cloud, see I: VMware User Environment Manager with Horizon Cloud.