What you need?
1 – Vmware Horizon Infrastrutcture and Unified Access Gateway
2 – Azure AD license enabled for MFA
3 – Sync Active Directory User to Azure AD
4 – Private Microsoft CA
What you will doing?
- Install Enrollment Horizon Server
- Create a Certificate Template for True SSO
- Install Enrollment certificate on Enrollment server
- Export Horizon Enrollment Certificate from Horizon installation and install it into Enrollment Horizon Server
- Configure TrueSSO on Horizon Connection Server
- Test TrueSSO with TrueSSO Diagnostic Utility
- Configure an enterprise application on Azure AD, configure it and export XML
- Assign Users or Groups permission to Enterprise application
- Import XML on UAG and configure it
- Import XML on Horizon Connection Servers and configure it
- Enable truesso for Horizon Authentication method
REFERENCE
Setting Up True SSO (vmware.com)
Install Enrollment Horizon Server
Install and Set Up an Enrollment Server (vmware.com)
- Create a Windows Server 2012 R2, Windows server 2016, or Windows Server 2019 virtual machine with at least 4GB of memory, or use the virtual machine that hosts the enterprise CA. Do not use a machine that is a domain controller.
- Verify that no other Horizon component, including Connection Server, Horizon Client, or Horizon Agent is installed on the virtual machine.
- Verify that the virtual machine is part of the Active Directory domain for the Horizon deployment.
- Verify that you are using an IPv4 environment. This feature is currently not supported in an IPv6 environment
VMware recommends that the system must have a static IP address.
- Verify that you can log in to the operating system as a domain user with Administrator privileges. You must log in as an administrator to run the installer.
Download Horizon Connection Server installer and start it:
