We have now arrived at the final conclusion of this blog series—integration with Workspace ONE Access. Although not a requirement for a Horizon Cloud on Azure deployment, it does provide a way to aggregate all on-prem and cloud-based Horizon environments, SaaS applications, and even Citrix Virtual Apps and Desktops into a single, user friendly app catalog.

If you missed the first three blogs in the series, you can access them below:

Before continuing with the steps below, please be sure you have met all prerequisites:

  1. Workspace ONE Access tenant setup and integrated with Active Directory
  2. Make sure to deploy a Connector which has access to your Horizon Cloud Azure tenant and Manager Nodes.
  3. Determine FQDN for Horizon Cloud Manager Access
  4. Certificate for Horizon Cloud Pod

Configure Horizon Cloud Manager Fully Qualified Domain Name

1. The Horizon Cloud Managers must be accessible by the Workspace ONE Access Connector via fully qualified domain name (FQDN). In a highly available deployment, we must obtain the LB IP to configure DNS. Login to your Azure admin portal, locate Virtual Networks, then select the Virtual Network which you deployed your Horizon Cloud Pod to.

2. Locate the Device name that ends with pod-lb. Note the IP Address for the Load balancer.

3. Now we need to configure DNS with an A record that corresponds to the pod-lb Load balanced IP Address. This will likely be configured on your internal DNS server. I named my Horizon Cloud manager pair hcaztenant1 but any available name will suffice.

Upload Certificate to Horizon Cloud Pod

A certificate must be uploaded to the Horizon managers so that the Workspace ONE Access Connector trusts the Pod managers.

1. Navigate to Settings and click on Capacity. Select the applicable Pod, click on the ellipses, then select Upload Certificate.

2. Browse to the applicable CA Certificate File, SSL Certificate File, and SSL Key File. Certificates and Keys must be in PEM format.

3. Under Summary you will now see the Pod has a valid CA Certificate and SSL Certificate.

Create a Horizon Cloud Virtual Apps Collection

1. Login to Workspace ONE Access tenant as Tenant Admin. Navigate to Catalog, then select Virtual Apps Collection.

2. Select New.

3. Select Horizon Cloud as the Source Type

4. Provide a Name for the Horizon Cloud collection. Select the Connector associated with your Horizon Cloud Active Directory and click Next.

5. Click to Add a Tenant.

6. In the Host field, type in the fully qualified domain name created above. Provide the Admin User and Password. Provide the Admin Domain and Domains to Sync. Must be the NETBIOS Domain.

7. Type in the Unified Access Gateway URL provided in the Horizon Cloud Pod setup. To enable Single Sign-On from Workspace ONE Access to Horizon Cloud desktops, TrueSSO can be configured here as well. The configuration of TrueSSO is outside the scope of this blog, though it is recommended for an enhanced user logon experience. I will leave TrueSSO Click Add.

8. Return to the New Horizon Cloud Collection wizard and click Next.

9. Configure the Sync, Activation, and Launch Client

The options for Sync are Manual, Weekly, Daily, and Hourly. This setting specifies when changes to pools and entitlements are replicated to Workspace ONE Access.

Select whether the collection will appear to all users automatically or if users should select it from the catalog.

Choose between Browser, Native, or None as the Default Launch Client.

10. Review the settings provided for the new Horizon Cloud Collection. If correct, click Save.

11. The new Horizon Cloud Collection is now available in Workspace ONE Access.

Horizon Cloud Service and Workspace ONE Access SAML Integration

1. Before configuring the Horizon Cloud Service and Workspace ONE Access integration, the WS1 Access Metadata URL must be obtained. While logged into WS1 Access as Tenant Admin, navigate to Catalog the select Web Apps.

2. Click on Settings.

3. Select SAML Metadata then click Copy URL to copy the Metadata URL to your clipboard.

4. Return to the Horizon Cloud Service admin console. Select Settings, then Identity Management to bring up the Workspace ONE Access integration configuration. Click on New to integrate with your Workspace ONE Access environment.

5. Paste in the Metadata URL obtained from Step 3 Select the appropriate Location, Pod, and Data Centersettings. Type in the Client Access FQDN, which is the DNS name provided for the external Unified Access Gateway. To ensure users can only access the Horizon Pod through Workspace ONE, click to enable Workspace ONE Redirection (you may leave this disabled if users will access the Pod directly through the Horizon Client). Click Save.

6. Back at the Identity Management page, the Workspace ONE Access Configuration will show a Status of green if successful. Click Configure to further enable WS1 Access user redirection.

7. Configure the desired settings to force Remote and/or Internal Users to WS1 Access for logon. This is key for advanced authentication policy enforcement as well as providing the ability to leverage more advanced identity providers, such as Ping and Okta.

8. Now the Horizon Cloud desktop is ready to be launched from Workspace ONE. Access the Workspace ONE tenant and login as a user. You may have to sync the Virtual Apps Collection, and be sure the users and groups associated with the entitlement are synced as well.

9. On the next screen type in your Username and Password. You will be logged into Workspace ONE. Navigate to Apps and see that the new Windows 10 Multi-session Virtual Desktop pools are available!

10. When launching a desktop, Workspace ONE prompts for a password. This is because TrueSSO was not configured in this run through. To avoid the prompt and allow direct launch of the desktop, configure TrueSSO. See here for more details: Setting Up True SSO.

11. And voila, a Windows 10 Enterprise Multi-session desktop with Microsoft Office pre-installed!

For those who made it through all 4 blog posts, thank you for following along. With the automation included within the deployment of many of the Horizon Cloud management and access components, the level of effort in build outs is definitely much reduced. Of course, there are a few gotchas and caveats to look out for, especially in the pre-build work in Azure, and integration work found in this blog around Workspace ONE Access. 

There is another exciting development I’d like to share. At the time I began this blog, the newest version of Horizon Cloud on Azure did not include support for App Volumes or the Universal Broker. I am excited to share that version 3.1 does support both in greenfield deployments. See here for more details.

And finally, if you would like to walk through the steps outlined in the blog series live, please check out the recording of the webinar here.

Services

Security

Creating a strategy for managing risk and compliance while helping to filter the myriad of cybersecurity technologies

Modern Infrastructure

Empowering your enterprise to its greatest potential through an efficient and secure IT infrastructure

Digital Workplace

Enhancing enterprises with Application and Desktop Virtualization, Device Management, Identity and Security Compliance, and Communications and Collaboration.

Cloud Enablement

Accelerating IT service delivery through the adoption of agile methodologies using systems-oriented approach

Microsoft Expertise

Helping set goals and establishing benchmarks with the successful deployment of Microsoft solutions

Enterprise Managed Services

Best IT practices with design, configuration, implementation, licensing and environmental services

Markets and Market Support Vehicles

Business

Professional services and renowned expertise aligned with the trends and challenges facing a variety of industries

Healthcare

Addressing IT challenges faced by healthcare organizations through trusted services, solutions and relationships

Public Sector

Helping organizations manage costs and high availability while increasing security, compliance and efficiency

Group Purchasing

Industry-leading IT consulting services and technology solutions through a streamlined contracting process

Resource Library

Events

e360 in-person and online events

Solutions Literature

Access content on e360 services

Blog

Read about trending technology

Press Releases

Get official updates about e360

News Stories

Read about industry and e360 news

Media

e360 webinar and podcast content

About e360

Who We Are

Our mission, vision, leadership and team

Accolades

e360 awards and recognition

Privacy

e360's commitment to privacy

Community

e360's commitment to privacy

Careers

e360 career opportunities

Connect With e360

e360 locations and contact resources