When launching a Horizon resource from Workspace ONE Access, a SAML artifact is presented with the launch URI and is validated by the Connection Server. You may have noticed when configuring your Horizon launch URLs from Workspace ONE Access, you have a mysterious option for “Wrap artifact in JWT.” JWT stands for JSON Web Token and is an IETF standard for signing a payload. You could set them all the same (required), but if you have zero clients internally or workflows that require accessing the Horizon Client directly, this requires you to have two separate configurations and VIPs. While this is a great way to do this, you are separating your “internal” and “external” Connection Servers. When pointing the UAG to a Connection Server with this, it only accepts launches from Workspace ONE Access. When combined with UAG, a common scenario is to separate out Connection Servers and place them in Workspace ONE mode and setting SAML to required, like this: If you’re leveraging Workspace ONE Access with Horizon and allowing external access, you are likely leveraging multifactor authentication for additional security from the outside.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |