VMware Horizon - Zero to Hero Series - Part 2 (Intermediate) - Segment 2
Updated: Nov 6, 2021
Continuing with exploring the VMware Horizon Console, this blog post is focusing on the Users and Groups section.
This blog is part of a group of bite-size segments, as follows:
Users and Groups (this blog)
Inventory (coming soon)
Settings (coming soon)
Users and Groups
The Users and Groups section by default displays all users and groups that are entitled to use the Horizon environment. Key information is available in this display, as shown below.
Table 1: Users and Groups Entitlements
From this Entitlements page, you can also click on Entitlements to add entitlements to desktops or applications, as shown below.
Any changes that you make to user information in Active Directory can be synchronized to Horizon Console by clicking on Update General User Information.
You will be presented with a dialog box explaining which information will be updated. Click on OK to continue.
1.2 Remote Access
When Unified Access Gateway is configured for Horizon Edge services, by default all users that have an entitlement can access their Horizon resources from internal or external connections. You have the ability to change this behaviour by specifying which users are allowed connectivity from external networks by using the Remote Access tab.
In this example, I have added user5 for remote access. This means that any other user except for user5 will be denied access from an external network.
When I try to log on via the Unified Access Gateway as any other user than user5, I get an alert that I’m not entitled to use the system, as shown below:
Unauthenticated Access can be configured to allow users to access their Horizon Apps without requiring their Active Directory credentials. There are many steps that are required to set this up as described below.
1.3.1 Add Unauthenticated Access User
The first step is to add a user for unauthenticated access.
Search and select the user you wish to add, for example I have selected user7.
On the Settings page, you can change the alias name for the account. You can also Enable Hybrid Logon. This gives the ability for the unauthenticated user account to access to domain-level services. Click Submit when completed.
1.3.2 Configure the Connection Server for Unauthenticated Access User
The Connection Server needs to be configured to allow unauthenticated access. Select Settings from the navigation menu and then select Servers.
Click on the Connection Server tab, select a Connection Server from the list and then click Edit.
Select the Authentication tab, scroll down to Unauthentication Access and use the drop-down list to select Enabled. Next, use the drop-down list to select the user that you configured in previous step for Default Unauthenticated Access User and click OK.
1.3.3 Entitle the Unauthenticated Access User to a Horizon App
In this step, you need to assign the user to an application that requires unauthenticated access. Click Users and Groups in the navigation menu. Click on the Entitlements button and select Add Application Entitlement.
1.3.4 Configure the Horizon Client for Unauthenticated Access
Before connecting to the Horizon App with the unauthentication access user, the Horizon client needs to be configured to allow the log in. Launch the Horizon Client and click on the Settings tab. Place a check against Log in anonymously using Unauthenticated Access.
Now when you double-click on your Connection Server URL, you are automatically authenticated against the Connection Server and your application entitlement appears.
This concludes this bite-size segment on the Horizon Console that focused on the Users and Groups section. In the next blog, I will be focusing on the Inventory section.