VMware Application Zero Trust

Single Sign-On

SSO (Single Sign-On) means when the users log in, they can log into remote desktops and applications many times
without entering credentials again.

TrueSSO feature, which means true single sign-on to remote desktops or applications, is achieved using SAML (Security Assertion Markup Language) authentication, Microsoft AF and OKTA. And you must configure Horizon to integrate with VMware workspace ONE Access (Formerly known as VMware Identity Manager).

Integrating Horizon with Workspace ONE Access enables SSO; when users log into Workspace ONE Access with the Active Directory credentials, they can launch remote desktops and applications without a second login procedure.

The integration between Horizon and Workspace ONE Access uses SAML authentication. This involves configuring Workspace ONE Access with Horizon information. And configuring Horizon to delegate authentication responsibility to Workspace ONE Access.

The delegation responsibility involves creating a SAML authenticator in Horizon, which contains trust and metadata exchange between the horizon and Workspace ONE Access. A SAML authenticator must be associated with the connection server instance.

SAML Authentication Steps

Using Unified Access Gateway With Workspace ONE Access

The Unified Access Gateway adds a layer of security. UAG (Unified Access Gateway) supports the JSON Web Token (JWT) validation. Therefore, when using UAG the Workspace ONE Access, you must configure Workspace ONE Access with the JWT setting enabled.