Skip to content

Using a Smart Card to Authenticate a Session

The Trusted Zero Client supports pre-session smart card authentication when connecting to Omnissa Horizon hosts. Trusted Zero Clients can also read and process smart card information and allow SSO (single sign-on) authentication of the user prior to session establishment.

Prerequisites

  • The following card/reader combination has been tested:

    • Identiv SCR3310
    • PIVKey C910

    Other CAC/ PIV cards are expected to work, but have not been tested.

  • The client machine must be running Trusted Zero Client 24.03 or later.

Connecting Using a Smart Card

Note: Concurrent Users Cannot Logon

Concurrent users cannot log on to agent machines using the same smart card for authentication. Smart cards having multiple certificates allow only one user to log on at a time. To be able to log in, others users must wait until the current users logs off.

  1. Attach the smart card reader to the Trusted Zero Client machine.

  2. Launch the Trusted Zero Client.

  3. On the Saved Connections window, select a connection.

    Connections list

  4. When the Smart Card Verification window appears, insert your smart card and wait until it is verified.

    Insert Smart Card

  5. Do one of the following:

    • If the client detects only one certificate, provide the smart card PIN and click Connect on the Smart Card Verification window.

      Single Certificate

    • If the client detects multiple certificates, on the Smart Card Verification window, select a certificate, provide the smart card PIN, and click Connect.

      Multiple Certificates

      Info

      If an incorrect PIN is provided while using smart cards, information about the remaining number of attempts is displayed.

  6. On the Desktop Selection window, select a desktop and connect to this session.

Note: Removing the Smart Card During Session

Removing the smart card while in session will end the session. However, the smart card will continue to be available on the client machine.

Viewing Certificate Information

You can view detailed information about each of the certificates detected by the client, such as certificate authority, certificate recipient, certification path, and certificate properties.

To view certificate information:

  1. Launch the client, insert your smart card, and select a connection. Wait until it is verified.

  2. From the available certificates, select the one for which you want to view details.

The following information related to the certificate is displayed on the Certificate details window:

  • Certificate information: The purpose of this certificate.

  • Issued to: The recipient of the certificate.

  • Issued by: The certifying authority of the certificate.

  • Valid from: The start date of the certificate's validity.

  • Valid to: The end date of the certificate's validity.