Use a Virtualized Smart Card
To use smart card credentials on a remote system, you must Jump to that system, or you must start a customer-initiated session with a system that has the BeyondTrust Customer Service pre-installed.
If using a Jump Client, the Jump Client must be running in service mode, or the remote system must also have the elevation service pre-installed with its service running. The virtual smart card drivers must be installed on both your local system and the remote system, with their services running.
Alternatively, a system can be accessed using the Jump To functionality from within the representative console. Using the Jump To functionality does not require the VSC Customer Service to be pre-installed on the customer's system. In this scenario, BeyondTrust installs the BeyondTrust Customer Service as part of the Jump to the end system being accessed.
The VSC Customer Service is only installed during a Jump To push when the representative performing the Jump has the VSC Representative Service installed on their local system.
If using a customer-initiated session, the VSC Customer Service must be pre-installed on the remote computer, and its service must be running. Also, the appropriate smart card drivers must be installed on both your local system and the remote system, with their services running.
Begin a screen sharing session, and then click the Smart Card button to access a dropdown of available smart card readers on your system.
If the Smart Card button does not appear in the screen sharing tool bar, make sure the VSC Representative Service is running on your local computer. If the Smart Card button is present but disabled, make sure the VSC Customer Service is running on the remote computer.
The smart card dropdown menu displays the name(s) of the available smart card readers and smart cards. A reader in bold text is being shared in the current active session. An icon indicates the availability of each card reader or presence of each card:
- Black icon: Card not present
- Blue icon: Card present
- Gray icon: Reader/card is shared in another session
Click the reader you would like to share with the remote computer. Once the reader has been virtualized on the remote system, a message indicating that you have shared this reader is logged in the chat window. The selected reader is now available to use on the remote computer, and a smart card inserted locally is virtualized and operates as if it were physically present on the remote system being supported.
Once you have shared a reader, it remains selected and available for use throughout the session, as long as you do not log out the current user. If you do log out the current user on the remote computer, the shared reader is unshared and must be shared again if you need it later in the session.
When screen sharing, use a virtual smart card to perform administrative actions. You can run programs in another user context, or even log in as a different user.
If the virtual smart card feature is available in a session that is not elevated and a smart card reader has been shared into the session, then certificates stored on the inserted smart card can be selected and used for elevation, provided the certificates are associated with accounts that have the appropriate permissions.
Elevation causes the customer client to restart in order to become elevated. The restart makes the shared reader unshared, and it must be shared again with the elevated session if it is required for use.
A smart card reader can be attached to only one active session at a time. From the Smart Card dropdown in the support session in which the reader was shared, you can deselect a virtualized reader to free it for use in another session.
This feature is not supported for ARM-based Windows systems.