Smart Cards for Remote Authentication in the Access Console
During an access session using the Desktop Access Console, a user may need to operate with administrative rights in order to access the remote computer. In environments where security implementations require smart card use for authentication, Privileged Remote Access enables the user to share a local smart card within a session so that it can be used as an authentication source on the endpoint system.
To achieve this, the access console user's system must have a Virtual Smart Card User driver installed and the endpoint system must have a Virtual Smart Card Endpoint driver installed. The Virtual Smart Card Endpoint driver can either be pre-installed on the endpoint system or pushed to the system during the Jump process. For the latter, the Virtual Smart Card Endpoint is uninstalled when the session ends. If the session is pinned, the Virtual Smart Card Endpoint remains installed until the pinned client is uninstalled.
This feature is not supported for ARM-based Windows systems.
Only the Desktop Access Console supports sharing a smart card into a support session. The Privileged Web Access Console does not support smart cards.
For more information about specific smart cards supported and supported smart card standards, please Contact Support.
To use Privileged Remote Access smart card support through a Jump Client, the following prerequisites must be met:
- The user's computer has the appropriate Privileged Remote Access Virtual Smart Card User installed.
- Each endpoint computer has the appropriate Privileged Remote Access Virtual Smart Card Endpoint installed.
- Each endpoint computer must be running Windows 7 or newer.
- Each endpoint computer must be accessible by a Privileged Remote Access Jump Client running in elevated mode.
When Jump To is used to access the remote system, the Virtual Smart Card Endpoint driver does NOT have to be pre-installed.