True SSO when integrated with VMware Horizon and Identity Manager, allows users to authenticate with Horizon using biometric fingerprint, RADIUS or RSA SecurID, or using their AD credentials with the Identity Manager portal and then access desktops and applications without being prompted to enter their AD credentials again. Instead, single-sign on (SSO) authentication uses short-lived SSL certificates.

 

As illustrated in the diagram above, True SSO is not a single component of Horizon. To provide True SSO functionality, the tenant Management Block must contain the Enrollment Service, which consists of one or more Enterprise Certificate Authority servers (CA) and one or more Enrollment Servers. The enrollment service communicates directly with the Enterprise Certificate Authority to obtain the SSL certificate. The certificate is then used to logon to the domain. It is also possible to install the Enterprise CA on the same server as the Enrollment Service,