![]() If the user logs in with a username, the broker will apply the one available domain and authenticate the user. The end user sees this value in the client UI. For this reason, if Send domain list is disabled the Horizon broker 7.8 sends a dummy value, *DefaultDomain*. Older Horizon Clients expect some value in the domain list and will block login if the domain list is empty. Upgrades will honor the existing setting, but new installations of the server will set this value to enabled, hiding the domain list. In previous releases, this setting was disabled by default and the client showed the domain list as a drop down. It does not control whether the broker sends the list, only whether it is visible to the end user. The Hide domain list in client user interface is a setting which has been in the Horizon broker for some time. For more information on configuring two-factor authentication for a Unified Access Gateway appliance, see the Unified Access Gateway documentation at. Note that if the clients connect to the environment through a Unified Access Gateway appliance that is configured to perform two-factor pre-authentication, the risk is greatly diminished since the end user has already pre-authenticated. If provided, the list will be available in a drop-down menu. Administrators can choose to send the list of available user domains to connecting clients prior to user authentication. Send domain listīy default, the Send domain list setting is off. There are two settings the administrator can set. When deciding whether to enable the Accept Logon as current user setting for a server, consider the threat level to your domain joined devices. ![]() If not enabled, users are required to enter credentials, even if they have enabled the Logon as current user setting. This information is now withheld by default but can be provided by enabling the Accept logon as current user setting in Horizon Administrator. In order for the Logon as current user feature to work, the broker must provide the Connection Server’s Server Principal Name (Windows identity) to the clients prior to user authentication. For this reason, and because the older clients expect some value in the domain list, we have created settings so our customers can select a balance between ease of use and security. It will take time to train end users to change the login process they have been doing every day for years.
0 Comments
Leave a Reply. |