Continuing to PART – 01 & PART – 02 post on prerequisites …
In this article let us discuss about Identity provider & requirements
Introduction
Horizon Cloud next-gen required an external identity provider to perform below
– User Authentication
– Entitlements
At present , horizon cloud next-gen supports 2 identity providers
1 – Microsoft Entra ID ( formerly Azure AD)
2 – Workspace ONE Access ( Cloud / On-Prem)
Identity Provider
Microsoft Entra ID
Formerly knows as Azure AD can be integrated with Horizon Cloud next-gen for User Authentication & Entitlements
If you don’t have an Azure Entra ID created yet on Azure , please visit Microsoft site for more info,
Pre-requisites
- Valid On-Prem domain synced to Azure Entra ID tenant through Microsoft Entra Connect Provisioning Agent
- Global Administrator account created or Existing Account with Global Administrator privileges exist
There is no specific attributes needs to be mapped if you would like to use Entra ID
Workspace ONE Access Cloud
Workspace ONE Access having a main advantage than Entra ID where you can sync entitlements to Access to launch the desktops directly from Access console page.
Pre-requisites
- Valid Workspace ONE Access Cloud tenant
- On-Prem Active directory is synced to Workspace ONE Access Cloud tenant
- Super Admin account
- User attributes required for next-gen is configured
- People search is enabled on the Workspace ONE Access tenant
We need a super Admin account to bind the Workspace ONE Access tenant to Horizon Cloud next-gen
User Attributes Mapping
To use Workspace ONE Access as an identity provider we need to add & map 5 customer user attributes
- objectGuid
- sid
- netBios
- businessUnit
- managerDN
Add 5 of the customer attributes as below
Workspace ONE Access Admin UI –> Settings –> User Attributes –> Customer Attributes
Map the Active directory attributes to Workspace ONE customer attributes
Workspace ONE Access Attribute | Active Directory Attribute |
---|---|
objectGuid | objectGUID |
sid | objectSid |
netBios | msDS-PrincipalName |
businessUnit | department |
managerDN | manager |
objectGuid , sid & netBios has to be mapped as per the table ( do not assign to different Active directory attribute)
WS1 Access console UI –> Directories –> Directory –> Sync Settings –> Mapped Attributes
Once the above is completed – then complete the sync once at-least
People Search
People search enablement is mandatory if you would like to use Workspace ONE Access to search the users through Horizon next-gen admin console.
- Workspace ONE Access Admin console UI –> Integrations –> People Search
- Select the Directory and Click Next
- Select the required attributes
- Add the User DNs ( add the top level OU DN to search for all the users )
SAVE & SYNC - Wait for sync to complete and you check the sync info using View Sync Log