7. Unified Access Gateway / Horizon integration into Workspace ONE Access
Overview
- Traditional Federation with Horizon and Workspace ONE Access has been a popular approach and is used my many organizations.
- Organizations with High Security requirements do not like and SAML artifacts being validated internally
- In this session we look at the option to validate the SAML artifact on the Unified Access Gateway instead of forwarding the artifact internally.
Preparing Workspace ONE Access for Horizon Integration
- On your ControlCenter Server
- Using your assigned credentials
- Log in to your Workspace ONE Console
- In the My Workspace console
- below Services
- find the Access icon
- select Launch
- find the Access icon
- below Services
- Using your assigned credentials
- In the Workspace ONE Access Console
- select Integrations
- under Integrations
- select Connectors
- In the Connectors area
- select NEW
- In the Connector Usage Confirmation window
- select the radio button, next to :-
-
Latest Workspace ONE Access Connector
- select OK
-
Latest Workspace ONE Access Connector
- select the radio button, next to :-
- In the Confirm the latest Workspace ONE Connector window
- Select CONFIRM
- In the Add New Connector window
-
Downloader Installer area
- Select NEXT
-
Downloader Installer area
- In the Add New Connector window
-
Download Configuration File area
- next to Password: enter Pa$$w0rdPa$$w0rd
- next to Reenter Password: enter Pa$$w0rdPa$$w0rd
- select the DOWNLOAD CONFIGURATION FILE
- note an es-config.json file gets downloaded
- select NEXT
-
Download Configuration File area
- In the Add New Connector window
-
Summary window
- Select CLOSE
-
Summary window
- On your ControlCenter server
- In the File Explorer window
-
Quick Access Bar
- select the Downloads folder
- select and right-click the es-config.json file
- select Copy
- In the Quick Access Bar
- select Desktop
-
Quick Access Bar
- In the File Explorer window
- In the File Explorer window
-
Desktop area
- select the Software shortcut
- in the Software folder
- open the ACCESS folder
- in the Software folder
- select the Software shortcut
-
Desktop area
- In the File Explorer window
-
ACCESS folder
- Paste your es-config.json file
- Close your File Explorer window
-
ACCESS folder
- On your ControlCenter server
- On the Desktop.
- Open the Remote Desktops\Site1 folder
- Select and launch the WS1-Connector.RDP shortcut
- login with the following credentials
-
Username area
- techseals\administrator (default)
-
Password area
- enter Pa$$w0rd
- select OK
-
Username area
- login with the following credentials
- On the Desktop.
- On your WS1-Connector server
- open the Software Folder
- select the ACCESS Folder
- select and launch
- Workspace-ONE-Access-Connector-Installer-23.09.0.0
- select and launch
- select the ACCESS Folder
- open the Software Folder
- On your WS1-Connector server
- On the Open File - Security Warning window
- Select Run
- On the Open File - Security Warning window
- On the Workspace ONE Access Connector - InstallShield Wizard
- In the Welcome to the Installation Wizard for Workspace ONE Access Connector 22.09.0.0
- Select Next
- In the Welcome to the Installation Wizard for Workspace ONE Access Connector 22.09.0.0
- On the Workspace ONE Access Connector - InstallShield Wizard
-
Licence Agreement window
- Select the radio button next to:-
- I accept the terms in the license agreement
- Select Next
- Select the radio button next to:-
-
Licence Agreement window
- On the Workspace ONE Access Connector - InstallShield Wizard
-
Service Selection window
- Select Next
-
Service Selection window
- On the Workspace ONE Access Connector - InstallShield Wizard
-
Specify Configuration File window
- In the box in front of Browse...
- type \\horizon-01a\software\ACCESS\es-config.json
- next to Password: type Pa$$w0rdPa$$w0rd
- In the box in front of Browse...
- select Next
-
Specify Configuration File window
- In the Workspace ONE Access Connector - InstallShield wizard
- keep Default
- select Next
- keep Default
- In the Workspace ONE Access Connector - InstallShield Wizard
-
Specify Service Account window
- under User name: type
- techseals\Ws1Access
- under Password:
- type 0Mnissa1!
- select Next
- under User name: type
-
Specify Service Account window
I had to reset my AD administrator password to Pa$$w0rd
- In the Workspace ONE Access Connector - InstallShield Wizard
-
Ready to Install window
- Select Install
-
Ready to Install window
The Installation of the Workspace ONE Access Connector will take about 10 minutes to complete. Continue with Part 5 while the installation is going. Check back periodically to ensure it has successfully installed.
- In the Workspace ONE Access Connector - InstallShield Wizard
-
Installation Wizard Completed window
- Select Finish
-
Installation Wizard Completed window
First we will configure the Attributes. Note! Every organisation will need to research their requirements when deciding whether or not to set attributes to required. For specific applications where this needs to be considered, if the associated user object does not have the attribute, authentication might fail.
- In the Workspace ONE Access Admin console
- Select Settings
- Select User Attributes
- Select Settings
- In the User Attributes console
-
In the right area under Custom Attributes
- Select ⊕ ADD ROW 2 times
-
In the right area under Custom Attributes
- In the User Attributes console
- Under Name
- Add the following additional attributes
- note this is case sensitive :
- objectGuid
- managerDN
- Add the following additional attributes
- Under Name
- In the User Attributes console
- under User Attributes
- select SAVE
- under User Attributes
- In the Workspace ONE Access admin console.
- select Integrations,
- select Directories
- select Integrations,
- In the Directories area
- to the right
- select Add Directory
-
In the Add Directory dropdown
- select Active Directory
- to the right
- In the Add Active Directory page,
- under Directory Information
- next to Directory Name:
- type TechSEALs
- ensure the radio button next to Active Directory over LDAP is selected
- select NEXT
- next to Directory Name:
- under Directory Information
- In the Configure Directory section,
- leave the Directory Sync and Authentication as default
- In the Bind User Details area
- enter the following next to :
- Base DN: dc=techseals,dc=co
- Bind DN: cn=administrator,ou=corp,dc=techseals,dc=co
- Bind DN Password: Pa$$w0rd
- enter the following next to :
- select Save
- In the Select the Domains page,
- next to techseals.co
- select the checkbox
- select SAVE
- select the checkbox
- next to techseals.co
- On the Map User Attribute page
- Map the following attributes :
- (what you enter here is case sensitive)
-
managerDN select custom input and type manager
- Scroll down next to:-
- objectGuid: select objectGUID
- click SAVE
- Scroll down next to:-
-
managerDN select custom input and type manager
- On the Select the Groups you want to sync page,
- click the +ADD
- under Create Group
- enter dc=techseals.co
- click ADD
- under Create Group
- click the +ADD
- On the Select the Groups you want to sync page,
- Under Select All
- select the check box
- select Save.
- Under Select All
- In the Select Users you would like to sync window
- Under Specify the user DNs
- edit the existing syntax so that it reads
- ou=corp,dc=techseals,dc=co
-
select TEST
- after the successful message
- select SAVE
- Scroll down
- edit the existing syntax so that it reads
- Under Specify the user DNs
- On the Sync Frequency window
- next to Sync Frequency
- from the dropdown
- select Every hour
- from the dropdown
- select SAVE & SYNC
- next to Sync Frequency
- On the Directories window
-
Refresh your browser window
- Note the Synced Groups and Synced Users
-
Refresh your browser window
- In your Workspace ONE Access admin console
- select Settings
- select Login Preferences
-
under Login Preferences
- select EDIT
-
under Login Preferences
- select Login Preferences
- select Settings
- In the Login Preferences area
-
In line with:
-
Sync Group Members to the Directory When Adding Group
- select the Checkbox
-
Sync Group Members to the Directory When Adding Group
-
In line with:
- In the Login Preferences area
- In the bottom right
- select SAVE
- In the bottom right
- In the Workspace ONE Access console
- select Integrations
- select Directories
- select Integrations
- In the Directories area
- select techseals
- In the TechSEALS directory area
- In the right corner
- next to Sync
- select the dropdown
- select Sync without Safeguards
- select the dropdown
- next to Sync
- In the right corner
Part 1. Enabling SAML federation with the Unified Access Gateway for Workspace ONE Access as the IDP
The Federation of Unified Access Gateway and Horizon with Workspace ONE Access will be done in three phases
- Phase 1. We enable and configure the SAML federation on 4 Unified Access Gateway servers in a multi-site scenario
- Phase 2. We enable and configure the SAML Integration as a Web App in Workspace ONE Access
- Phase 3. We will create deep links in Workspace ONE Access for our Desktop entitlements
- In your Workspace ONE Access Console
- select the Resources tab
- in the left menu
- select Web APPS
- in the Web Apps area
- to the right
- select SETTINGS
- to the right
- in the left menu
- select the Resources tab
- In the Settings window
- In the left menu, under SaaS Apps
- select SAML Metadata
- In the left menu, under SaaS Apps
- In the Settings window
- Below SAML Metadata
-
select Identity Provider (IdP) metadata
-
right-click
- in the dropdown menu
- select Save link as...
- in the dropdown menu
-
right-click
- In the Save As window
- select Save
-
select Identity Provider (IdP) metadata
- Below SAML Metadata
- On your Site 1 Browser profile
- In the Favourites bar
- select the UAG-HZN-01a shortcut
- In the Favourites bar
- In the Unified Access Gateway login
- in the Admin Username area
- enter admin
- in the Password area
- enter Pa$$w0rd
- select Login
- in the Admin Username area
- In the Unified Access Gateway admin console
- below Configure Manually
- click Select
- scroll down to Identity Bridging Settings
- below Configure Manually
- In the Unified Access Gateway admin console
-
Identity Bridging Settings section
- to the right of Upload Identity Provider Metadata
- select the GEAR icon
- to the right of Upload Identity Provider Metadata
-
Identity Bridging Settings section
- In the Upload Identity Provider Metadata window
- select Upload IDP Metadata
- next to Entity ID
- enter Workspace ONE Access
- next to IDP Metadata
- click Select
- In the File Explorer - Open window
-
Quick Access > Downloads folder
- (this should be the default)
- select idp.xml
- (this should be the default)
- in the bottom right corner
- select Open
-
Quick Access > Downloads folder
- In the Upload Identity Provider Metadata window
- next to Always force SAML auth
- switch the Toggle from OFF to ON
- select Save
- switch the Toggle from OFF to ON
- scroll back up to the top of UAG admin console
- next to Always force SAML auth
- In the Unified Access Gateway admin console
- In the General Settings area
- next to Edge Service Settings
- turn the TOGGLE from OFF to ON
- to the right of Horizon Settings
- select the GEAR icon
- next to Edge Service Settings
- In the General Settings area
- In the Horizon Settings window
-
scroll down to the bottom
- next to More
- select the expand icon
- next to More
-
scroll down to the bottom
- In the Horizon Settings window
- next to Auth Methods
- from the dropdown
- select SAML and Passthrough
- from the dropdown
- next to Auth Methods
- In the Horizon Settings window
- below Auth Methods
- next to Identity Provider*
- from the dropdown
- select Workspace ONE Access
- from the dropdown
- next to Identity Provider*
- below Auth Methods
- In the Horizon Settings window
- below Identity Provider*
- select Download SAML service provider metadata
- below Identity Provider*
- In the Download SAML service provider metadata window
- next to External Host Name
- enter corp.techseals.co:5002
- select Download
- enter corp.techseals.co:5002
- next to External Host Name
- In the Horizon Settings window
-
scroll down to the bottom of the window
- select Save
-
scroll down to the bottom of the window
- In the UEM admin Console
- scroll down to Advanced Settings
- to the right under Advanced Settings
- in line with System Configuration
- select the GEAR
- in line with System Configuration
- to the right under Advanced Settings
- scroll down to Advanced Settings
- In the System Configuration window
-
scroll down until you find Allowed Host Headers
- to the right of Allowed Host Headers
- enter corp.techseals.co
- select the PLUS icon
- enter corp.techseals.co
- to the right of Allowed Host Headers
-
scroll down to the bottom of the window
- select Save
-
scroll down until you find Allowed Host Headers
- On your Site 1 Browser profile
- In the Favourites bar
- select the UAG-HZN-01B shortcut
- In the Favourites bar
- In the Unified Access Gateway login
- in the Username area
- enter admin
- in the Password area
- enter Pa$$w0rd
- select Login
- in the Username area
- In the Unified Access Gateway admin console
- below Configure Manually
- click Select
- below Configure Manually
- In the Unified Access Gateway admin console
-
scroll down to Identity Bridging Settings
- to the right of Upload Identity Provider Metadata
- select the GEAR icon
- to the right of Upload Identity Provider Metadata
-
scroll down to Identity Bridging Settings
- In the Upload Identity Provider Metadata window
- select Upload IDP Metadata
- next to Entity ID
- enter Workspace ONE Access
- next to IDP Metadata
- click Select
- next to Entity ID
- select Upload IDP Metadata
- In the File Explorer - Open window
-
Quick Access > Downloads folder
- (this should be the default)
- select idp.xml
- (this should be the default)
- in the bottom right corner
- select Open
-
Quick Access > Downloads folder
- In the Upload Identity Provider Metadata window
- next to Always force SAML auth
- switch the Toggle from OFF to ON
- select Save
- switch the Toggle from OFF to ON
- scroll back up to the top of UAG admin console
- next to Always force SAML auth
- In the Unified Access Gateway admin console
- In the General Settings area
- next to Edge Service Settings
- turn the TOGGLE from OFF to ON
- to the right of Horizon Settings
- select the GEAR icon
- next to Edge Service Settings
- In the General Settings area
- In the Horizon Settings window
-
scroll down to the bottom
- next to More
- select the expand icon
- next to More
-
scroll down to the bottom
- In the Horizon Settings window
- next to Auth Methods
- from the dropdown
- select SAML and Passthrough
- from the dropdown
- next to Auth Methods
- In the Horizon Settings window
- below Auth Methods
- next to Identity Provider*
- from the dropdown
- select Workspace ONE Access
- from the dropdown
- next to Identity Provider*
- below Auth Methods
- In the Horizon Settings window
-
scroll down to the bottom of the window
- select Save
-
scroll down to the bottom of the window
- In the UEM admin Console
- scroll down to Advanced Settings
- to the right under Advanced Settings
- in line with System Configuration
- select the GEAR
- in line with System Configuration
- to the right under Advanced Settings
- scroll down to Advanced Settings
- In the System Configuration window
-
scroll down until you find Allowed Host Headers
- to the right of Allowed Host Headers
- enter corp.techseals.co
- select the PLUS icon
- enter corp.techseals.co
- to the right of Allowed Host Headers
-
scroll down to the bottom of the window
- select Save
-
scroll down until you find Allowed Host Headers
- On your ControlCenter server
- switch to your Site 2 Browser profile
- In the Favourites bar
- select the UAG-HZN-02a shortcut
- In the Favourites bar
- switch to your Site 2 Browser profile
- In the Unified Access Gateway login
- in the Username area
- enter admin
- in the Password area
- enter Pa$$w0rd
- select Login
- in the Username area
- In the Unified Access Gateway admin console
- below Configure Manually
- click Select
- below Configure Manually
- In the Unified Access Gateway admin console
-
scroll down to Identity Bridging Settings
- select Upload IDP Metadata window
- select Upload IDP Metadata
- to the right of Upload Identity Provider Metadata
- select the GEAR icon
-
scroll down to Identity Bridging Settings
- In the Upload Identity Provider Metadata window
- next to Entity ID
- enter Workspace ONE Access
- next to IDP Metadata
- click Select
- next to Entity ID
- In the File Explorer - Open window
-
Quick Access > Downloads folder
- (this should be the default)
- select idp.xml
- (this should be the default)
- in the bottom right corner
- select Open
-
Quick Access > Downloads folder
- In the Upload Identity Provider Metadata window
- next to Always force SAML auth
- switch the Toggle from OFF to ON
- select Save
- switch the Toggle from OFF to ON
- scroll back up to the top of UAG admin console
- next to Always force SAML auth
- In the Unified Access Gateway admin console
- In the General Settings area
- next to Edge Service Settings
- turn the TOGGLE from OFF to ON
- to the right of Horizon Settings
- select the GEAR icon
- next to Edge Service Settings
- In the General Settings area
- In the Horizon Settings window
-
scroll down to the bottom
- next to More
- select the expand icon
- next to More
-
scroll down to the bottom
- In the Horizon Settings window
- next to Auth Methods
- from the dropdown
- select SAML and Passthrough
- from the dropdown
- next to Auth Methods
- In the Horizon Settings window
- below Auth Methods
- next to Identity Provider*
- from the dropdown
- select Workspace ONE Access
- from the dropdown
- next to Identity Provider*
- below Auth Methods
- In the Horizon Settings window
-
scroll down to the bottom of the window
- select Save
-
scroll down to the bottom of the window
- On your ControlCenter server
- on your Site 2 Browser profile
- In the Favourites bar
- select the UAG-HZN-02b shortcut
- In the Favourites bar
- on your Site 2 Browser profile
- In the Unified Access Gateway login
- in the Username area
- enter admin
- in the Password area
- enter Pa$$w0rd
- select Login
- in the Username area
- In the Unified Access Gateway admin console
- below Configure Manually
- click Select
- below Configure Manually
- In the Unified Access Gateway admin console
-
scroll down to Identity Bridging Settings
- select Upload IDP Metadata window
- select Upload IDP Metadata
- to the right of Upload Identity Provider Metadata
- select the GEAR icon
-
scroll down to Identity Bridging Settings
- In the Upload Identity Provider Metadata window
- next to Entity ID
- enter Workspace ONE Access
- next to IDP Metadata
- click Select
- next to Entity ID
- In the File Explorer - Open window
-
Quick Access > Downloads folder
- (this should be the default)
- select idp.xml
- (this should be the default)
- in the bottom right corner
- select Open
-
Quick Access > Downloads folder
- In the Upload Identity Provider Metadata window
- next to Always force SAML auth
- switch the Toggle from OFF to ON
- select Save
- switch the Toggle from OFF to ON
- scroll back up to the top of UAG admin console
- next to Always force SAML auth
- In the Unified Access Gateway admin console
- In the General Settings area
- next to Edge Service Settings
- turn the TOGGLE from OFF to ON
- to the right of Horizon Settings
- select the GEAR icon
- next to Edge Service Settings
- In the General Settings area
- In the Horizon Settings window
-
scroll down to the bottom
- next to More
- select the expand icon
- next to More
-
scroll down to the bottom
- In the Horizon Settings window
- next to Auth Methods
- from the dropdown
- select SAML and Passthrough
- from the dropdown
- next to Auth Methods
- In the Horizon Settings window
- below Auth Methods
- next to Identity Provider*
- from the dropdown
- select Workspace ONE Access
- from the dropdown
- next to Identity Provider*
- below Auth Methods
- In the Horizon Settings window
-
scroll down to the bottom of the window
- select Save
-
scroll down to the bottom of the window
Part 2. Configuring the SAML Federation for Horizon
For TrueSSO to work the Horizon SAML authenticator is required.
We configure this on both Site 1 and Site 2
- On your ControlCenter server
- Site 1 Browser
- In the Horizon Admin Console
- In the Inventory
- expand Settings,
- select Servers
- In the Servers area
- select the Connection Servers tab
- expand Settings,
- In the Inventory
- Under Servers
- Select the radio button to next HORIZON-01a
- Select Edit
- On the Edit Connection Server Settings page
- Select the Authentication tab.
- On the Authentication tab
- below Delegation of authentication to VMware Horizon (SAML 2.0 Authenticator):
- On the Drop down Arrow
- Select Allowed,
- On the Drop down Arrow
- Select the Manage SAML Authenticators box
- below Delegation of authentication to VMware Horizon (SAML 2.0 Authenticator):
- On the Manage SAML Authenticators box
- Select Add
- In the Add SAML 2.0 Authenticator window.
- ensure Dynamic radio button is selected,
- enter the following:
- under Label:
- type Workspace ONE Access
- under Metadata URL : enter
-
https://YOUR CUSTOM Access URL/SAAS/API/1.0/GET/metadata/idp.xml
- e.g. https://aw-euclivefirefran.vidmpreview.com/SAAS/API/1.0/GET/metadata/idp.xml
-
https://YOUR CUSTOM Access URL/SAAS/API/1.0/GET/metadata/idp.xml
- under * TrueSSO Trigger Mode
- from the dropdown
- select Enabled
- from the dropdown
- select OK
- under Label:
-
In the Manage SAML Authenticators window
- next to Workspace ONE ...
- select the radio button
- select OK to close
- next to Workspace ONE ...
- In the Connection Server Settings
- select OK
- On your ControlCenter server
- Site 2 Browser
- In the Horizon Admin Console
- Inventory pane
- expand Settings,
- select Servers
- In the middle pane
- select the Connection Servers tab
- expand Settings,
- Inventory pane
- Under Servers
- select the radio button to next HORIZON-02a
- select Edit
- On the Edit Connection Server Settings page
- select the Authentication tab.
- In the Edit Connection Server Settings window
- on the Authentication tab,
- under Delegation of authentication to VMware Horizon (SAML 2.0 Authenticator):
- from the Drop down Arrow
- select Allowed,
- from the Drop down Arrow
- below SAML Authenticator
- select the Manage SAML Authenticators box
- under Delegation of authentication to VMware Horizon (SAML 2.0 Authenticator):
- on the Authentication tab,
- On the Manage SAML Authenticators box
- Select Add
- In the Add SAML 2.0 Authenticator window.
- ensure Dynamic radio button is selected,
- enter the following:
- under Label:
- type Workspace ONE Access
-
Under Metadata URL : enter
-
https://YOUR CUSTOM Access URL/SAAS/API/1.0/GET/metadata/idp.xml
- e.g. https://aw-euclivefirefran.vidmpreview.com/SAAS/API/1.0/GET/metadata/idp.xml
-
https://YOUR CUSTOM Access URL/SAAS/API/1.0/GET/metadata/idp.xml
- under * TrueSSO Trigger Mode
- from the dropdown
- select Enabled
- from the dropdown
- select OK
- under Label:
- enter the following:
- ensure Dynamic radio button is selected,
-
In the Manage SAML Authenticators window
- next to Workspace ONE...
- select OK to close
- next to Workspace ONE...
- In the Connection Server Settings
- Select OK
Part 3. Configuring Workspace ONE Access for Unified Access as the Service Provider
In this section perform the Workspace ONE Access part of the SAML Federation process with Unified Access Gateway
- On your ControlCenter server
- switch to your Workspace ONE Access admin console
- In the Workspace ONE Access Console
- select Resources
- Under the Resources > WEB Apps area
- select NEW
- In the Workspace ONE Access Console
- switch to your Workspace ONE Access admin console
- In the New SaaS Application window
-
In the Definition area
- under Name
- enter Unified Access Gateway SAML SP
-
Under Icon
- select SELECT FILE ...
- under Name
-
In the Definition area
- In the File Explorer > Open window
- In the Quick Access pane
- select Desktop
- in the Desktop area
- select software > UAG > Icons
-
in the Icons folder
- select UAG.png
- select Open
-
in the Icons folder
- select software > UAG > Icons
- In the Quick Access pane
- In the New SaaS Application window
- In the Definition area
- Select NEXT
- In the Definition area
- On the ControlCenter server
- from the Taskbar
- select the Folder icon
- from the Taskbar
- In the File Explorer window
- from the Quick Access pane
- select Downloads
- from the Quick Access pane
- In the File Explorer window
-
Downloads folder
- select corp.techseals.co:5002.xml
- right-click
-
from the menu
- select Edit with Notepad++
-
from the menu
- right-click
- select corp.techseals.co:5002.xml
-
Downloads folder
- In the Notepad++ application
- with your keyboard
- enter CTRL + A
- enter CTRL + C
- switch back to the New SaaS Application wizard
- with your keyboard
- In the New SaaS Application window
- In the Configuration area
- the box below URL / XML
- paste your corp.techseals.co:5002.xml metadata
-
scroll down the Configuration area to the bottom
- Open in Workspace ONE Web
- turn the Toggle from No to Yes
- below Show in User Portal
- change the Toggle from ON to OFF
- Open in Workspace ONE Web
- select NEXT
- the box below URL / XML
- In the Configuration area
- In the New Saas Application window,
- In the Access Policies section
- Select NEXT
- In the Access Policies section
- In the New Saas Application window,
- In the Summary section
- Select SAVE & ASSIGN
- In the Summary section
- In the Assign window
- under Users / Groups
- enter Sales
- select [email protected]
- enter Devel
- select [email protected]
- enter Sales
- under Deployment type
- from the dropdowns
- ensure both Sales and Developers are set to
- Automatic
- ensure both Sales and Developers are set to
- from the dropdowns
-
In the bottom right corner
- select SAVE
- under Users / Groups
- In your Workspace ONE Access Console
-
Web Apps interface
- note your Unified Access Gateway SAML SP Web APP
-
Web Apps interface
Part 4. Deploying VMware Horizon Deep Links for entitlements
As we are not using the Workspace ONE Access Connector to sync entitlements, we will create Deep Links for our Entitlements and assign these to our Security Groups
In this Part we will create Deep Links for existing entitlements
- In the Workspace ONE Access Console
- select Resources
- under the Resources > WEB Apps area
- select NEW
- under the Resources > WEB Apps area
- select Resources
- In the New SaaS Application window
-
In the Definition area
- under Name
- enter Enterprise Instant Clone Windows 11 Desktops
-
under Icon
- select SELECT FILE ...
- under Name
-
In the Definition area
- In the File Explorer > Open window
- in the Quick Access pane
- select Desktop
- in the Desktop area
- select software > software > Icons
-
in the Icons folder
- select Enterprise Desktop.jpg
- select Open
-
in the Icons folder
- select software > software > Icons
- in the Quick Access pane
- In the New SaaS Application window
- In the Definition area
- select NEXT
- In the Definition area
- In the New SaaS Application window
- In the Configuration area
- below Authentication Type *
- from the dropdown
- select Web Application Link
- from the dropdown
- below Authentication Type *
- In the Configuration area
- In the New SaaS Application window
- In the Configuration area
- below Target URL *
- enter the following URL
- below Target URL *
- In the Configuration area
https://corp.techseals.co/portal/nativeclient/Enterprise_Desktop?action=start-session&desktopProtocol=BLAST&launchMinimized=false
- In the bottom right corner
- select NEXT
For more information on how we get DEEP Links , go to this TechZone Article, scroll right to the end
- In the New Saas Application window,
- In the Summary section
- select SAVE & ASSIGN
- In the Summary section
- In the Assign window
- under Users / Groups
- enter Devel
- select [email protected]
- enter Devel
- under Users / Groups
- In the Assign window
- under Users / Groups
- enter sales
- select [email protected]
- enter sales
- under Deployment type
- from the dropdowns
- ensure both Sales, Developers and IT Support are set to
- Automatic
- ensure both Sales, Developers and IT Support are set to
- from the dropdowns
- in the bottom right corner
- select SAVE
- under Users / Groups
- In your Workspace ONE Access Console
-
Web Apps interface
- note your Enterprise Instant Clone Windows 11 Desktops Web Application Link
-
Web Apps interface
Part 5. Testing the Horizon desktop sessions in Workspace ONE Access
Part 5 brings everything we have done on Day 2 together.
We will look at 3 primary testing scenarios
- On your ControlCenter server
- from the Desktop
- open the Remote Desktops \ Site 1 folder
- launch the W11Client-01a.rdp shortcut
- open the Remote Desktops \ Site 1 folder
- from the Desktop
- In the Windows Security page
- ensure Craig is the username
- in the password area
- enter Pa$$w0rd
- select OK
- enter Pa$$w0rd
- On your W11Client-01a desktop
- From the taskbar or Desktop
- launch your Horizon Client
- In the Horizon Client
- select + Add Server
- below the Name of the Connection Server window
- enter corp.techseals.co
- select Connect
- enter corp.techseals.co
- In the Horizon Client
- launch your Horizon Client
- From the taskbar or Desktop
- On your W11Client-01a desktop
- in the Workspace ONE console
- below Select Your Domain
- from the dropdown
- select techseals.co
- select Next
- select techseals.co
- from the dropdown
- below Select Your Domain
- in the Workspace ONE console
- In the Workspace ONE console
- below username area
- enter Craig
- in the Password area
- enter Pa$$w0rd
- select Sign in
- enter Pa$$w0rd
- below username area
- In the Open VMware Horizon Client? window
- select Open VMware Horizon Client
Workspace ONE Access cannot offer Single Sign-on on its own. In a later lab we will deploy and configure TRUESSO
- In the Horizon Client
- select the Enterprise_Desktop entitlement
- On your W11Client-01a desktop
-
Horizon Client session
- select Other user
-
Horizon Client session
- In the Horizon Client session
-
username area
- enter craig
-
password area
- enter Pa$$w0rd
- select the Sign in arrow
- enter Pa$$w0rd
-
username area
The reason there is no single sign-on is because we still need to configure TrueSSO, we will do this in a later lab
- On your Horizon Desktop session
- from the taskbar
- select and right-click the START button
- from the inventory
- select Run
- from the taskbar
- In the Run window
- next to Open:
- enter cmd.exe
- select OK
- next to Open:
- In the CMD.exe window
- In the prompt area:
- enter hostname
- with your keyboard
- select ENTER
- with your keyboard
- enter hostname
- Notice that you have a Horizon virtual desktop with the BLR naming convention representing Bangalore
- In the prompt area:
- On your ControlCenter server
- from the Desktop
- Open the Remote Desktops \ Site 2 folder
- Launch the W11Client-02a.rdp shortcut
- from the Desktop
- In the Windows Security page
- ensure Malcolm is the username
- in the password area
- enter Pa$$w0rd
- select OK
- On your W11Client-02a desktop
- From the taskbar or Desktop
- launch your Horizon Client
- In the Horizon Client
- select + Add Server
- below the Name of the Connection Server window
- enter corp.techseals.co
- select Connect
- enter corp.techseals.co
- In the Horizon Client
- launch your Horizon Client
- From the taskbar or Desktop
- On your W11Client-02a desktop
- in the Workspace ONE console
- below Select Your Domain
- from the dropdown
- select techseals.co
- select Next
- select techseals.co
- from the dropdown
- below Select Your Domain
- in the Workspace ONE console
- In the Workspace ONE console
- below username area
- enter Malcolm
- in the Password area
- enter Pa$$w0rd
- select Sign in
- enter Pa$$w0rd
- below username area
- In the Horizon Client
- select the Enterprise_Desktop entitlement
- On your W11Client-02a desktop
-
Horizon Client session
- select Other user
-
Horizon Client session
- In the Horizon Client session
- next to Exit Fullscreen
- select the more button
- from the dropdown
- select Logoff Desktop
- next to Exit Fullscreen
The reason we have single sign-on is because TrueSSO has been configured for site 2
- On your Horizon Desktop session
- from the taskbar
- select and right-click the START button
- from the inventory
- select Run
- from the taskbar
- In the Run window
- next to Open:
- enter cmd.exe
- select OK
- next to Open:
- In the CMD.exe window
- In the prompt area:
- enter hostname
- with your keyboard
- select ENTER
- with your keyboard
- enter hostname
- Notice that you have a Horizon virtual desktop with the BLR naming convention representing Bangalore
- In the prompt area:
0 Comments
Add your comment