![Uag vmware horizon](https://cdn1.cdnme.se/5447227/9-3/24_64e61dfd9606ee7f8b257167.png)
![uag vmware horizon uag vmware horizon](https://s3-us-west-2.amazonaws.com/horizon-workshop/Screenshots/UAG+3.jpg)
When the SAML Unauthenticated Username Attribute text box is empty or the attribute name specified in this text box is missing in the SAML assertion, Unified Access Gateway uses the default user name configured in the Default Unauthenticated Username text box as Horizon's unauthenticated access user alias. If the SAML Unauthenticated Username Attribute text box is set in the Admin UI, when Unified Access Gateway validates the SAML assertion and if the name is present in the SAML assertion, Unified Access Gateway uses that value as Horizon's unauthenticated access user alias. These text boxes are available on the Admin UI when the authentication method is SAML and Unauthenticated. Unified Access Gateway Admin UI has two text boxes - SAML Unauthenticated Username Attribute and Default Unauthenticated Username - which can be used to specify the user alias. This alias can also be specified as a default in Unified Access Gateway configuration ( Default Unauthenticated Username) or this can be the value of a named SAML attribute presented as a claim in the SAML assertion sent by the identity provider. The user alias can be used as the default alias by Horizon.
![uag vmware horizon uag vmware horizon](https://docs.secureauth.com/acceptto/en/image/uuid-c3f0e306-612b-4312-0408-89e0b2df7a1d.png)
In the Horizon unauthenticated access feature, a role-based user alias is used with Horizon to determine application entitlements. If the SAML assertion is valid, the user can access RDS hosted applications with no further authentication required. In the SAML and Unauthenticated method, Unified Access Gateway combines SAML user authentication with Horizon's unauthenticated access feature. In this authentication method, UAG does not pass the SAML assertion to the Horizon Connection Server. If the SAML assertion is valid, the user is prompted to provide the Active Directory authentication credentials when accessing the Horizon Client. In the SAML and Passthrough authentication method, UAG validates the SAML assertion. Horizon Connection Server, SAML authentication method must be used. Note: If the TrueSSO setting is enabled on
![Uag vmware horizon](https://cdn1.cdnme.se/5447227/9-3/24_64e61dfd9606ee7f8b257167.png)