VMware True SSO – Connection Server and WS One Access configuration

Release date: December 13th 2020

Welcome to my VMware True SSO (single sign-on) series. In this sub-section I will describe how I configured True SSO on my Connection server and on my Workspace One Access server. The first ting I must do is to verify that True SSO is enable in VMware Horizon Administrator GUI. From Settings – Global Settings I verify my enabled SSO setting.

Next I verify the SAML-set up on the Connection server. I select my Connection Server and click “Edit”

From the Authentication tab, I have already configured my Workspace One Access server as a SAML Authenticator, as part of my Workspace One set up, but I click Manage SAML Authenticators.

If I hadn’t already set up my Workspace One Access server as a SAML Authenticator, I would have clicked ADD to set up a new server. Instead I clicked Edit to show my set up below. The important ting to notice below is the use of FQDN. This requires a working DNS-resolution. I my Lab I have set up a “Split Brain DNS setup” in order to resolve the frelab.net hostnames to the actual DMZ-addresses, not the external addresses.

Finally I enable True SSO in Workspace One Access

With that my VMware True SSO Lab setup is complete, the only thing that remains is testing this in an actual production environment with Smart Cards and certificates based authentication.

My VMware True SSO Lab Set Up

VMware Horizon (2006) documentation: Setting Up True SSO

VMware Workspace ONE and VMware Horizon Reference Architecture

Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.

%d bloggers like this: