Enabling SSO for the Edge

Objective and Tasks

Enable SSO for the Azure edge:

  1. Install SSO on the Workspace ONE Access Cloud Connector
  2. Validate That SSO Works
Task 1: Install SSO on the Workspace ONE Access Cloud Connector

You install the SSO PowerShell script on the Workspace ONE Access cloud connector.

  1. On the browser go to
    • www.portal.azure.com
    • Login User name: <company>.<full_name>.<student_number>@outlook.com
    • Password: Omnissa1!Omnissa1!
    • Click on Hamburger icon in the azure portal
    • Go to Virtual machines.
  1. Login to the Cloud Connector.
    • Click WS1-CC-<student_number>.
    • On the cloud connector page, navigate to Connect > Bastion.
    • Authentication type: VM Password
    • User name: hcsmaadmin
    • Password: Omnissa1!Omnissa1!
    • Click Connect.
  1. Login to Horizon Console.
    • On your browser, go to https://connect.omnissa.com and log in to the Omnissa Cloud Services console.
    • User name: horizonseals<student_number>@techseals.co
    • Password: Omnissa1Omnissa1
    • Under Workspace ONE Cloud, click LAUNCH SERVICE.
    • Under Horizon Cloud, click LAUNCH.
  1. In the left navigation pane.
    • Select Integrations.
    • Under Identity & Access, click MANAGE.
    • Click the SSO Configurations tab.
    • Click ADD.
    • Select Horizon Cloud CA.
  1. Configure the settings in the Add SSO Configuration dialog box.
    • Name: Enter <geo>hcsmadm<student_number>-SSO in the text box.
    • Certificate authority mode: Select Root from the drop-down.
    • Configuration domain name: Enter CN=Configuration,DC=techseal,DC=co in the text box.
    • Description: Enter SSO Configuration for Edge<student_number> in the text box.
    • Select Domains: Select techseals.co from the drop-down menu.
    • Leave the other options unchanged and click ADD.
  1. Download CA bundle.
    • Click the vertical ellipsis icon next to the newly created SSO configuration.
    • Select Download CA bundle.
    • Open File Explorer and navigate to the Downloads folder.
  1. On the File Explorer.
    • Navigate to the Downloads folder.
    • Right-click the VmwAuthEngine-CA-<xxx> file.
    • Select Extract All.
    • Leave the default options unchanged and click Extract.
  1. On the VmwAuthEngine-CA-<xxx> file.
    • Right-click the PowerShell script file.
    • Select Run with Powershell.
    • You might need to expand the Type column to see the file type.
    • On the Open File-Security Warning pop-up window, click Open.
  1. Configure the Powershell settings.
    • At the Do you want to change the execution policy?
    • In the Command prompt, type Y and press Enter.
    • At the Do you want to publish the CA certificate to AD?
    • In the Command prompt, type Y and press Enter.
    • The PowerShell window closes.
    • Log out of WS1-CC-<student_number> and close the Bastion tab.
  1. Return to the Horizon Cloud console and log in again if necessary.
    • User name: horizonseals<student_number>@techseals.co
    • Password: Omnissa1!Omnissa1!
    • Under Workspace ONE Could, click LAUNCH SERVICE.
    • Under Horizon Cloud , click LAUNCH.
    • In the left navigation pane, select Resources > Capacity.
    • On the Horizon Edges tab, select your edge.
    • Click EDIT.
    • Click NEXT for each section until you reach Horizon Edge Gateway expands.
  1. Configure SSO.
    • Use SSO: Turn on the toggle.
    • SSO Configurations: Select <geo>hcsmadm<student_number>-SSO.
    • Click NEXT.
    • Under Unified Access Gateway, click SAVE.
    • Select you edge and scroll down to SSO Configuration.
      • The status appears as Pending.
      • The process takes about 3 to 5 minutes. It is ready when the status changes to Ready.
  1. Edit the Multi-Session Pool Group.
    • Select Resources > Pool Groups.
    • Select MS Win2022 Pool.
    • Click EDIT.
    • Edit Multi-Session Pool Group page opens.
  1. Enable SSO.
    • On the Policies pane, turn on the Use SSO toggle.
    • Scroll to the bottom and click SAVE.
    • Repeat the Step 12 & 13 for the other two pool groups.
  1. Validate the  SSO status
    • In the Horizon Universal Console portal
    • Navigate to Integrations > Identity & Access > Manage
    • Go to SSO Configuration
    • Expand the SSO by clicking on >>
    • Validate the SSO Status.
    • If it shows Pending, it will take time.

If it takes very long, run a gpupdate /force on the ws1-cc-<student ID>

  1. Wait for SSO status to be Ready
    • If the SSO status takes very long proceed with Lab 9
    • Inform the same to the trainer

The reason SSO status takes time is to ensure the certificate gets replicated in all the Domain Controllers which is used by the students

Task 2: Validate That SSO Works

You connect to one of the pools to validate that SSO works as required. You verify that no sessions are active.

  1. Navigate to User's page.
    • Enter hcsmadm<student_number> in the search box at the top of the page.
    • Select the user from the drop-down menu.
  1. On the user’s page, log out of any disconnected or connected sessions.
    • Select the session and click LOG OFF.
    • In the pop-up window, click LOG OFF.
    • Refresh the page until the sessions are removed.
  1. Login to Omnissa Horizon Client.
    • Double-click the Omnissa Horizon Client icon on your desktop.
    • Double-click the cloud.omnissahorizon.com icon.
    • Click Continue.
  1. To access desktop.
    • Double-click the Floating Windows 11 Manual Pool icon.
    • You might need to wait for the single-session assignment to complete.
    • Repeat this for all other resources that you want to experiment with.
    • After you verify that it works, close the session by selecting See more (...) > Disconnect.
      • You must leave the session in a disconnected state.
    • Click OK to confirm.  

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.