Horizon Cloud on Azure – Workspace One Access Install and Configuration [Part-11]

By / 5 minutes of reading
Introduction

Most of the Horizon admins knows this product as vIDM and it provides a centralized management console to manage multiple resources mentioned below

  • Manage Entitlements
  • Manage Users & Groups
  • Manage Access & Authentication policies and etc

In this article, we will discuss how to create and integrate Workspace One access with Horizon Cloud on Azure step by step.

How to create a Tenant

This is a straightforward process if you already have a Horizon cloud POD and access to the admin console.

  1. Login to Horizon admin Console
  2. Navigate to Settings –> Identity Management
  3. Click on Setup
  4. Now you will be prompted with a tenant creation wizard as below
  5. Enter the required details like Name of the tenant, Username & E-mail.
  6. Once you click on SET UP, you will receive an activation email to the mail provided in the setup wizard
  7. Let’s park the activation for some time here and will go with Workspace One access installation
Prerequisites
  • Windows VM – the preferably latest version with all windows updates installed
  • Join the Domain
  • Service account to run the connector service (this is to use Kerberos)
Workspace One connector Installation

Since we are going to use Workspace One for only Horizon desktops & apps, we must choose a windows-based connector.
The latest version of Windows workspace one connector version is 19.03.1
It’s good to create a new Windows VM in Azure only for better managing and for less latency in accessing desktops & apps

  1. Download the VMware Identity Manager Standalone Connector 19.03.01 from the downloads section (we will get a download link embedded in the Tenant creation welcome email)
  2. Once the exe file is downloaded, double click, and proceed with the installation
  3. Proceed with the default location of install which is C:\VMware\
  4. If JRE is not present already in the machine it will ask for an install, yes to proceed with JRE install

  5. After JRE install, since we are installing a new connector, leave the migrating your connector checkbox unchecked
  6. Since the VM already domain joined, Installer displays the FQDN of the VM – click Next
  7. Select the checkbox – run the Connector service as a domain user account
  8. Enter the service account name & password ( Username should be in Domain\Username format )- then click Next
  9. Click on Install & Wait till Installation completed
  10. Click On Finish, and select Yes to launch the admin page to set the password
  11. Click Continue on Get Started page
  12. Set the password and click on Continue
  13. Enter the Activation Code (copy from the welcome email) & click Continue
  14. Now the setup is Complete

Workspace One connector Configuration
  1. Copy the link from the welcome mail, to set the password for Workspace one tenant
  2. After the password set, Accept the terms of service so that you will be prompted Dashboard page
  3. For Horizon integration, we need to configure Virtual apps so that we must choose the Legacy Connectors
  4. Click on Identity & Access management –> Connectors –> select Legacy Connectors

  5. Now it’s time to Bind Active Directory to Workspace One access
    Identity & Access Management → Setup → Add Directory → Active Directory
  6. Enter the Details as shown below screenshot and click Next
  7. Once the given details are correct, you will be prompted with the below screen to select the Domain and proceed with Next
  8. Go with the Defaults in Map User Attributes and proceed with Next
  9. Add the group that you want to sync and proceed with Next

  10. Select the Users you would like to sync – specify the OU where User accounts are located and proceed with Next

  11. Sync the Directory
Virtual Apps Collections

Once the Sync is completed, to complete the integration with Horizon we have to create a Virtual app collection

Prerequisites
  • Create a DNS record (Host A & PTR) for POD Load Balancer IP
  • Generate a certificate with DNS Name of POD Load Balancer
  • Create a service account to bind the Workspace One access with Horizon (Minimal privileges account will suffice)
  • Add the service account to Super Administrators group (Horizon admin)
  • Obtain CA Certificate to upload in Workspace One connector console
CA Cert Upload into Workspace One connector Console
  1. Login to connector using –> https://<ConnectorserverFQDN>:8443
  2. Click on Install SSL Certificates
  3. Select Trusted CAs –> ADD (Upload CA Cert here)
  4. Optionally Restart service to take affect
New Virtual App Collections
  1. Login to the Tenant Workspace One admin console (Copy the link from the welcome mail)
  2. Click on Catalog –> Virtual Apps Collection
  3. Click NEW
  4. Provide a Name to the Virtual Apps Collection in Connector section as below
  5. Provide the details on Horizon tenant as below

  6. Click on SAVE
  7. Provide Daily Sync Frequency and click Next
  8. Click SAVE on Summary page
Launch Apps from Internet –> Connector Outbound Mode

If your users always connect from VPN or internal network this configuration isn’t required.
When a user login from the external means from internet after clicking in the Desktop/App the redirection goes to the Workspace One connector server FQDN and which isn’t resolvable from the internet hence below changes will be helpful

  1. Still in the Tenant admin console
  2. Navigate to Identity & Access Management –> Identity Providers –> Built-in
  3. Select the Domain from the User Section
  4. Select the checkbox for ALL RANGES in the Network Section in the same page
  5. Click on Add Connector from the connector section
  6. From the connector Authentication Methods –> Select Password (cloud deployment)
  7. Click on SAVE
  8. Navigate back to Identity & Access Management –> Policies
  9. Edit the already existing default_access_policy_set
  10. Click NEXT on the Definition page
  11. Click in ALL RANGES and change the value for then the user may authenticate using to Password (cloud deployment) – Do the same for Both Network range

  12. Click on SAVE
Identity Manager Configuration in Horizon Admin console
  1. Log in to the admin console
  2. Navigate to Settings → Identity Management 
  3. Click on NEW
  4. Update the below details.

    Workspace One redirection will redirect the User logins to Workspace One page even if they trying to connect POD URL.
  5. Click on SAVE
  6. If you would like to specify the Workspace One redirection only to either remote or internal users, you can specify it from the Configure

Related Posts

Scroll to Top