UAG w/Azure Idp & Horizon SAML/SSO

Hello everyone,

First time posting on this sub-reddit, but I’m hoping to find some help or at least a bit of clarity to my situation.

I have a new Unified Access Gateway (v3.8) configured to a single connection server (no load-balancer). I also have UAG configured with SAML/MFA using Azure. SAML is working correctly – when I launch the Horizon Client or access the external address of the UAG from a browser, I am correctly routed to Azure to enter credentials and prompted for MFA. All of that works fine.

I’ve also configured the connection server with “Allowed” for **Delegation of authentication to VMware Horizon (SAML 2.0 Authenticator):** <– I set the SAML authenticator as static and uploaded the metadata from Azure for VMware View Gateway. I also ran the cli on the connection server to **Enable Idp SAML Authenticator for TrueSSO**. I have “accept logon as current user” checked and “True-SSO integration” set to enabled.

The portion not working is SSO to the desktop. When I launch a pool and connect to a VM, I have to enter my Windows AD credentials again in order log into the desktop.

I’ve poured over document from VMware on this, and it’s not clear exactly what I’m missing. I’ve read a bunch of documentation on the need for an Enrollment server and Identity Manager, but I’ve also read documentation and viewed a “deep dive” live video on this exact topic and it never mentions the need for an Enrollment server or Identity Manager.

Has anyone ever configured a setup like this before? Any helpful tips? What am I missing?

Thank YOU for your help!

View Reddit by DrDufmanKnowsView Source

Related Articles


Leave a Reply