VMware Workspace ONE Access – Horizon 8 Integration

Release date: November 9th 2021

Welcome to my VMware Workspace ONE Access series. In this session I will describe how I configured the VMware Horizon integration using the VMware Workspace ONE Access connector I installed in my previous session: VMware Workspace ONE Access – Set Up Connector. As I’m using Cloud Pod Architecture in my VMware Horizon Environment, this has to be accounted for when integrating this into Workspace ONE Access. VMware has provided a comprehensive documentation about VMware Horizon access via VMware Workspace ONE Access here: Providing Access to VMware Horizon Desktops and Applications in Workspace ONE Access

Anyway, after carefully examining the documentation, I start out by configuring the SAML authentication on my VMware Horizon Connection servers. I navigate to Settings -> Servers -> Connection Server. I select my Connection Server and click Edit…

I go to the Authentication tab and switch the delegation mode to Allowed. This means that my existing users can continue to use passwords for authenticating. Next, I click Manage SAML Authenticators…

Click Add to configure Workspace ONE Access as a SAML Authenticator

I fill in the form with Label, Description, Metadata URL and Administrative URL. I select “Enabled for Connection Server”. OK…

PS: To make sure I have the correct URL for the Metadata, I copy this from Workspace ONE Access. I click Catalog -> Settings -> SAML Metadata...

The settings looks good, OK, OK, OK…

I repeat the process above with my other VMware Horizon Connection Server(s), once done I can configure the Virtual Apps Collection in Workspace ONE Access. From the Catalog menu I select Virtual Apps Collection…

When the wizard launches, I click Get Started…

I SELECT Horizon of course…

I give the Collection a Name and select my one and only Connector, Next…

Next, I click ADD A POD…

I specify my connection server and the service account with administrative permissions in VMware Horizon. (Using FQDN wont work if the Workspace ONE Access appliance don’t have DNS resolution in the ad.admin.frelab.net domain)

I repeat the step above to add my other connection server, as this is in its separate POD

As I’m running Cloud Pod Architecture in my Horizon environment, I select this and click ADD A FEDERATION…

To configure the federation, I provide the Federation Name, the Default Client Access FQDN (The Loadbalancer in front of my UAG’s) and make sure to select both my Pods, ADD…

I configure a Daily Sync Frequency, configure the Activation Policy and Default Launch Client, but leave the rest of the settings as Default, Next…

The Summary looks good, SAVE & CONFIGURE

Next, I will configure the Network Ranges. This is a very important step to get correct, as this is where we define the VMware Horizon Entry Points (Connection server/ UAG). As I will be using this only for external access, I will be editing ALL RANGES…

I adjust the Client Access FQDN to point to the loadbalancer in front of my UAG’s, SAVE…

My new Virtual Apps Collection is now ready to SYNC…

After a while, I can check that the Virtual Apps are available in Workspace ONE Access, from the Catalog menu, I click Virtual Apps.

Finally, I log in with one of my test users and validate functionality…

With that, my session about VMware Horizon integration in Workspace ONE Access, is completed. I can now proceed with configuring the TrueSSO integration, which I have covered here: VMware Workspace ONE Access – VMware Horizon TrueSSO Configuration

VMware Official documentation: Using Virtual Apps Collections in Workspace ONE Access (v. 21.08)

Workspace ONE Access Product Page

VMware Workspace ONE Access Documentation

Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: