Use a Virtualized Smart Card
To use smart card credentials on a remote system, you must Jump to that system using a Jump Client, and the Jump Client must be running in service mode. The appropriate virtual smart card drivers must be installed on both your local system and the remote system, with their services running.
Alternatively, a system can be accessed using a Jump Item. Using a Jump Item does not require the virtual smart card driver to be pre-installed on the remote system. In this scenario, BeyondTrust installs the driver as part of the Jump to the endpoint being accessed.
The endpoint smart card driver is installed during a Jump Item push ONLY when the user performing the Jump has the user smart card driver installed on their local system.
Begin a screen sharing session, and then click the Smart Card button to access a dropdown of available smart card readers on your system.1If the smart card button does not appear in the screen sharing tool bar, make sure the user smart card service is running on your local computer. If the smart card button is present but disabled, make sure the endpoint smart card service is running on the remote computer. Select the reader you would like to share with the remote computer. Once the reader has been virtualized on the remote system, a message indicating that you have shared this reader is logged in the chat window. The smart card in the selected reader is now available to use on the remote computer, just as if it were physically present on the system being supported.
The smart card dropdown menu displays the name(s) of the available smart card readers and smart cards, along with an icon indicating the availability of each card reader or presence of each card:
- Black icon - Card not present
- Blue icon - Card present
- Gray icon - Reader and card not available
Once you have shared a reader, it remains selected and available for use throughout the session, as long as you do not log out the current user. If you do log out the current user on the remote computer, the shared reader is deselected and must be re-selected if you need it later in the session.
When screen sharing, use a virtual smart card to perform administrative actions. You can run programs in another user context, or even log in as a different user.
Also, if the virtual smart card feature is available in a session which is not elevated and a smart card reader has been shared into the session, then certificates stored on the inserted smart card can be selected and used for elevation.
Elevation performed using this feature takes slightly longer due to the extra transactions required to the virtual smart card reader.
A smart card reader can be attached to only one active session at a time. From the Smart Card dropdown, you can deselect a virtualized reader to free it for use in another session.