24x7x365 Entisys360 Client Technical Support: Call (877) 368-4797 opt 9, or

We have now arrived at the final conclusion of this blog series—integration with Workspace ONE Access. Although not a requirement for a Horizon Cloud on Azure deployment, it does provide a way to aggregate all on-prem and cloud-based Horizon environments, SaaS applications, and even Citrix Virtual Apps and Desktops into a single, user friendly app catalog.

If you missed the first three blogs in the series, you can access them below:

Before continuing with the steps below, please be sure you have met all prerequisites:

  1. Workspace ONE Access tenant setup and integrated with Active Directory
  2. Make sure to deploy a Connector which has access to your Horizon Cloud Azure tenant and Manager Nodes.
  3. Determine FQDN for Horizon Cloud Manager Access
  4. Certificate for Horizon Cloud Pod

Configure Horizon Cloud Manager Fully Qualified Domain Name

1. The Horizon Cloud Managers must be accessible by the Workspace ONE Access Connector via fully qualified domain name (FQDN). In a highly available deployment, we must obtain the LB IP to configure DNS. Login to your Azure admin portal, locate Virtual Networks, then select the Virtual Network which you deployed your Horizon Cloud Pod to.

2. Locate the Device name that ends with pod-lb. Note the IP Address for the Load balancer.

3. Now we need to configure DNS with an A record that corresponds to the pod-lb Load balanced IP Address. This will likely be configured on your internal DNS server. I named my Horizon Cloud manager pair hcaztenant1 but any available name will suffice.

Upload Certificate to Horizon Cloud Pod

A certificate must be uploaded to the Horizon managers so that the Workspace ONE Access Connector trusts the Pod managers.

1. Navigate to Settings and click on Capacity. Select the applicable Pod, click on the ellipses, then select Upload Certificate.

2. Browse to the applicable CA Certificate File, SSL Certificate File, and SSL Key File. Certificates and Keys must be in PEM format.

3. Under Summary you will now see the Pod has a valid CA Certificate and SSL Certificate.

Create a Horizon Cloud Virtual Apps Collection

1. Login to Workspace ONE Access tenant as Tenant Admin. Navigate to Catalog, then select Virtual Apps Collection.

2. Select New.

3. Select Horizon Cloud as the Source Type

4. Provide a Name for the Horizon Cloud collection. Select the Connector associated with your Horizon Cloud Active Directory and click Next.

5. Click to Add a Tenant.

6. In the Host field, type in the fully qualified domain name created above. Provide the Admin User and Password. Provide the Admin Domain and Domains to Sync. Must be the NETBIOS Domain.

7. Type in the Unified Access Gateway URL provided in the Horizon Cloud Pod setup. To enable Single Sign-On from Workspace ONE Access to Horizon Cloud desktops, TrueSSO can be configured here as well. The configuration of TrueSSO is outside the scope of this blog, though it is recommended for an enhanced user logon experience. I will leave TrueSSO Click Add.

8. Return to the New Horizon Cloud Collection wizard and click Next.

9. Configure the Sync, Activation, and Launch Client

The options for Sync are Manual, Weekly, Daily, and Hourly. This setting specifies when changes to pools and entitlements are replicated to Workspace ONE Access.

Select whether the collection will appear to all users automatically or if users should select it from the catalog.

Choose between Browser, Native, or None as the Default Launch Client.

10. Review the settings provided for the new Horizon Cloud Collection. If correct, click Save.

11. The new Horizon Cloud Collection is now available in Workspace ONE Access.

Horizon Cloud Service and Workspace ONE Access SAML Integration

1. Before configuring the Horizon Cloud Service and Workspace ONE Access integration, the WS1 Access Metadata URL must be obtained. While logged into WS1 Access as Tenant Admin, navigate to Catalog the select Web Apps.

2. Click on Settings.

3. Select SAML Metadata then click Copy URL to copy the Metadata URL to your clipboard.

4. Return to the Horizon Cloud Service admin console. Select Settings, then Identity Management to bring up the Workspace ONE Access integration configuration. Click on New to integrate with your Workspace ONE Access environment.

5. Paste in the Metadata URL obtained from Step 3 Select the appropriate Location, Pod, and Data Centersettings. Type in the Client Access FQDN, which is the DNS name provided for the external Unified Access Gateway. To ensure users can only access the Horizon Pod through Workspace ONE, click to enable Workspace ONE Redirection (you may leave this disabled if users will access the Pod directly through the Horizon Client). Click Save.

6. Back at the Identity Management page, the Workspace ONE Access Configuration will show a Status of green if successful. Click Configure to further enable WS1 Access user redirection.

7. Configure the desired settings to force Remote and/or Internal Users to WS1 Access for logon. This is key for advanced authentication policy enforcement as well as providing the ability to leverage more advanced identity providers, such as Ping and Okta.

8. Now the Horizon Cloud desktop is ready to be launched from Workspace ONE. Access the Workspace ONE tenant and login as a user. You may have to sync the Virtual Apps Collection, and be sure the users and groups associated with the entitlement are synced as well.

9. On the next screen type in your Username and Password. You will be logged into Workspace ONE. Navigate to Apps and see that the new Windows 10 Multi-session Virtual Desktop pools are available!

10. When launching a desktop, Workspace ONE prompts for a password. This is because TrueSSO was not configured in this run through. To avoid the prompt and allow direct launch of the desktop, configure TrueSSO. See here for more details: Setting Up True SSO.

11. And voila, a Windows 10 Enterprise Multi-session desktop with Microsoft Office pre-installed!

For those who made it through all 4 blog posts, thank you for following along. With the automation included within the deployment of many of the Horizon Cloud management and access components, the level of effort in build outs is definitely much reduced. Of course, there are a few gotchas and caveats to look out for, especially in the pre-build work in Azure, and integration work found in this blog around Workspace ONE Access. 

There is another exciting development I’d like to share. At the time I began this blog, the newest version of Horizon Cloud on Azure did not include support for App Volumes or the Universal Broker. I am excited to share that version 3.1 does support both in greenfield deployments. See here for more details.

And finally, if you would like to walk through the steps outlined in the blog series live, please check out the recording of the webinar here.

Our Expertise

Security and Cyber Risk Services

Creating a strategy for managing risk and compliance, while helping to filter the noise of myriad cybersecurity technologies.

Automation and Cloud

Accelerating IT service delivery for our clients through the adoption of agile methodologies that are all part of a systems-oriented approach.

End User Computing

Helping businesses keep infrastructure uptodate, minimizing security risks, and maintaining compliance

Software Defined Data Center

Empowering your enterprise to achieve its full potentialand greatest efficiencyby keeping IT infrastructure operational, available and secure.

Core Infrastructure Services

Offering design, implementation, licensing optimization, and environmental services to ensure the use of Microsoft’s best practices and configurations.

Microsoft Expertise

Helping set goals and establishing benchmarks for the journey toward the successful deployment of Microsoft solutions.

Our Services

Professional
Services

Enjoy a stressfree implementation that comes through the knowledge and experience of our professional services team.

Enterprise
Managed Services

Align your business initiatives with evolving industry trends to obtain a clear understanding of the impact of future technologies.

Cloud Strategy
and Services

Meeting a diverse range of business requirements through deployments that are flexible, scalable, and have the right mix of elements.

Contract
Management

Never miss another maintenance or warranty contract renewal date or pay for unused maintenance contracts or warranties.

Project
Management

Through this service, our project management team takes the lead role in planning, executing, monitoring and closing projects.

Our Markets and Market Support Vehicles

Business

Professional services and nationallyrecognized expertise that align perfectly with the trends and challenges facing a variety of industries.

Healthcare

Recognizing the unique challenges faced by healthcare IT organizations, and offering understanding, capabilities, and trusted relationships.

Public Sector

Helping organizations contain costs maintain high availability while finding new ways to increase security, compliance and more.

Group Purchasing

Industryleading IT consulting services and technology solutionsaccessed through a streamlined contracting process.

Resources

Events

Learn about our upcoming events and webinars.

Solutions Literature

Accesstodownloadable assets with information on solutions and services offerings.

Blog

Gain expert technical insights around today’s leading enterprise technologies and solutions.

Press Releases

Read news and updates from the Entisys360 team.

News Stories

Learn about new developments with Entisys360 and our team.

About Entisys360

About Entisys360

Our mission, vision, leadership and team

Accolades

Notable industry awards and recognition

Privacy

Entisys360’s and its commitment to privacy

Community

Our commitment to the community

Careers

Entisys360 Career opportunities

Contact Us

Entisys360 locations and contact resources