Use a Virtualized Smart Card

To use smart card credentials on a remote system, you must Jump to that system using a Jump Client, and the Jump Client must be running in service mode. The appropriate smart card software must be installed on your local system and the remote system, with their services running.

Alternatively, a system can be accessed using a Jump Item. Using a Jump Item does not require the VSC Endpoint Service to be pre-installed on the remote system. In this scenario, BeyondTrust installs the VSC Endpoint Service as part of the Jump to the endpoint being accessed.

The VSC Endpoint Service is installed during a Jump Item push only when the user performing the Jump has the VSC User Service installed on their local system.

Begin a screen sharing session, and then click the Smart Card button to access a dropdown of available smart card readers on your system.

If the Smart Card button does not appear in the screen sharing tool bar, make sure the VSC User Service is running on your local computer. If the Smart Card button is present but disabled, make sure the VSC Endpoint Service is running on the remote computer.

Smart Card Options

The smart card dropdown menu displays the name(s) of the available smart card readers and smart cards. A reader in bold text is being shared in the current active session. An icon indicates the availability of each card reader or presence of each card:

  • Black icon: Card not present
  • Blue icon: Card present
  • Gray icon: Reader/card is shared in another session.

Click the reader you would like to share with the remote computer. Once the reader has been virtualized on the remote system, a message indicating that you have shared this reader is logged in the chat window. The selected reader is now available to use on the remote computer, and a smart card inserted locally is virtualized and operates as if it were physically present on the remote system being supported.

Once you have shared a reader, it remains selected and available for use throughout the session, as long as you do not log out the current user. If you do log out the current user on the remote computer, the shared reader is unshared and must be shared again if you need it later in the session.

When screen sharing, use a virtual smart card to perform administrative actions. You can run programs in another user context, or even log in as a different user.

If the virtual smart card feature is available in a session that is not elevated and a smart card reader has been shared into the session, then certificates stored on the inserted smart card can be selected and used for elevation, provided the certificates are associated with accounts that have the appropriate permissions.

Elevation performed using this feature takes slightly longer due to the extra transactions required to the virtual smart card reader.

Elevation causes the customer client to restart to become elevated. The restart makes the shared reader unshared, and it must be shared again with the elevated session if it is required for use.

A smart card reader can be attached to only one active session at a time. From the Smart Card dropdown in the support session in which the reader was shared, you can deselect a virtualized reader to free it for use in another session.

This feature is not supported for ARM-based Windows systems.