SSO with Horizon Cloud Next-Gen

Updated on

In this lab section, we'll explore the implementation of Single Sign-On (SSO) for Horizon edge deployments on cloud-native capacity providers. SSO streamlines user access to the service, and its integration involves the Horizon Edge Gateway Appliance. The SSO component operates as a Certificate Authority (CA), establishing a trust relationship with Microsoft Active Directory. We'll delve into the specifics of SSO configurations and their impact on user authentication and resource availability.

SSO Implementation:

For Horizon edge deployments, SSO is facilitated through the Horizon Edge Gateway Appliance. The SSO component, acting as a Certificate Authority (CA), establishes a trust relationship with a Microsoft Active Directory. Depending on the SSO configuration, different CAs are utilized:

Native SSO Configuration: In this setup, a VMware Horizon CA is employed for SSO.

True SSO Configuration: For True SSO, a Microsoft CA is used, enhancing authentication capabilities.

User Authentication and Resource Availability:

With SSO implemented, users who have been verified and authorized via the Identity Provider (IdP) are seamlessly granted access. The Horizon Cloud Service leverages the granted token from user authentication to request a certificate from the configured CA. This CA, having a trust relationship with the Active Directory, uses the authenticated certificate for user authentication on the service's behalf. This initiation of the Windows login service allows immediate availability of resources upon completion of the login process.

Important Notes:

Azure Active Directory (Azure AD) and SSO: Currently, SSO is not applicable when using Azure AD for Machine Identity. Users will need to manually log in to their virtual machine resources in this scenario.

True SSO Availability: True SSO functionality is available upon customer request. To enable this feature, kindly reach out to VMware Support for assistance.


Understanding the implementation of Single Sign-On (SSO) for Horizon edge deployments enhances user authentication and resource access. By configuring SSO through the Horizon Edge Gateway Appliance and utilizing appropriate Certificate Authorities, you can provide seamless access to resources while maintaining security. As you proceed through the next lab exercise, you'll gain practical experience in setting up and utilizing SSO as an Trusted Intermediate CA.