Use a Virtualized Smart Card
To use smart card credentials on a remote system, you must Jump to that system, or you must start a customer-initiated session with a system that has the BeyondTrust elevation service pre-installed.
If using a Jump Client, the Jump Client must be running in service mode, or the remote system must also have the elevation service pre-installed with its service running. The appropriate virtual smart card drivers must be installed on both your local system and the remote system, with their services running.
Alternatively, a system can be accessed using the Jump To functionality from within the representative console. Using the Jump To functionality does not require the virtual smart card driver to be pre-installed on the customer's system. In this scenario, BeyondTrust installs the driver as part of the Jump to the end system being accessed.
The customer smart card driver is ONLY installed during a Jump To push when the representative performing the Jump has the representative smart card driver installed on their local system.
If using a customer-initiated session, the elevation service must be pre-installed on the remote computer, and its service must be running. Also, the appropriate virtual smart card drivers must be installed on both your local system and the remote system, with their services running.
Begin a screen sharing session, and then click the Smart Card button to access a dropdown of available smart card readers on your system.1If the smart card button does not appear in the screen sharing tool bar, make sure the representative smart card service is running on your local computer. If the smart card button is present but disabled, make sure the customer smart card service is running on the remote computer. Select the reader you would like to share with the remote computer. Once the reader has been virtualized on the remote system, a message indicating that you have shared this reader is logged in the chat window. The smart card in the selected reader is now available to use on the remote computer, just as if it were physically present on the system being supported.
The smart card dropdown menu displays the name(s) of the available smart card readers and smart cards, along with an icon indicating the availability of each card reader or presence of each card:
- Black icon - Card not present
- Blue icon - Card present
- Gray icon - Reader and card not available
Once you have shared a reader, it remains selected and available for use throughout the session, as long as you do not log out the current user. If you do log out the current user on the remote computer, the shared reader is deselected and must be re-selected if you need it later in the session.
When screen sharing, use a virtual smart card to perform administrative actions. You can run programs in another user context, or even log in as a different user.
Also, if the virtual smart card feature is available in a session which is not elevated and a smart card reader has been shared into the session, then certificates stored on the inserted smart card can be selected and used for elevation.
Elevation performed using this feature takes slightly longer due to the extra transactions required to the virtual smart card reader.
A smart card reader can be attached to only one active session at a time. From the Smart Card dropdown, you can deselect a virtualized reader to free it for use in another session.