Got a question on Workspace One and Unified Access Gateway

Hey all,


* Workspace one 3.3
* VMware View 4.7 (old I know)

Our VMware guy left the company and now I am rushing to figure out the workflow of how our VDIs work in regards to WorkSpace one. I am sure things can be set up differently deployment to deployment, but I need a bit of generic/typical configuration clarification from some experts.

A user would authenticate using an IDProvider like OKTA for example, which then uses SAML to send the authorization to my Identity Manager (workspace one). Once this happens, the user is shown a WorkSpace One screen with an icon for their VDI. When they click “Open”, where does that request most likely go?

Does that get sent to the UAG first and then my connection server? Or would something like that be sent directly to a connection server? I guess I am not 100% sure where the UAG falls in line.

View Reddit by Hxcmetal724View Source

Related Articles


  1. There are a few ways things can be hooked up. It’s likely that the UAG is sending incoming traffic to Identity Manager (vIDM) who is talking to at least three other entities. vIDM talks to AD and does Kerberos authentication. It’s also, I think, talking to Okta for identity assertion. Lastly, it’s talking to Horizon, via the aforementioned connector or an additional connector(s). That connection is configured to point to one or more Connection Server(s). There’s an additional entry for a Cloud Pod, if there is one.

    Before the UAG sees any incoming traffic, it’s common for it to have already passed through a firewall, intrusion detection/prevention and a load balancer (LTM). For the traffic to have arrived at the site in the first place, it might have come through a GTM and even, possibly, been bounced from one site to another.

Leave a Reply