VMware Horizon Technical Guides

Using JWT with Access and UAG to combine internal and external Connection Servers – Ron’s Cool Feature of the Week

For the latest episode of my video series, I spoke with Nick Burton, a VMware EUC Champion, vExpert, Consultant Extraordinaire, and all-around smart guy. Nick published a blog back in July on how to combine internal and external Connection Servers (often kept separate due to different authentication requirements for external access) using a JSON Web Token feature available in the UAG when combined with Workspace ONE Access.

The JWT configuration allows us to wrap the SAML artifact that is passed to the Connection Server for validation. This basically configures a “trust” between UAG and Workspace ONE Access and prevents you from having separate SAML-required Connection Servers just to point the UAGs at when enforcing MFA via Access.

For more information, check out Nick’s original blog and our official JWT UAG documentation.


In the Ron’s Cool Feature video series, I talk with VMware Product Managers, Engineers, and Field Engineers to dig into and find cool and sometimes overlooked features within our product stacks. Some of these will be new and exciting with lots of fanfare, and others may just be a cool feature that I think has been overlooked but has the ability to really impact the average admin that is dealing with our technology on a daily basis.

See previous episodes on Horizon Session Recording, Dynamic Environment Manager Condition Engine and Apps On-Demand  – on my author page.