You might need to perform certain tasks in Active Directory when you implement smart card authentication. Add UPNs for Smart Card UsersBecause smart card logins rely on user principal names (UPNs), the Active Directory accounts of users and administrators that use smart cards to authenticate in Horizon 7 must have a valid UPN. Add the Root Certificate to the Enterprise NTAuth StoreIf you use a CA to issue smart card login or domain controller certificates, you must add the root certificate to the Enterprise NTAuth store in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA. Add the Root Certificate to Trusted Root Certification AuthoritiesIf you use a certification authority (CA) to issue smart card login or domain controller certificates, you must add the root certificate to the Trusted Root Certification Authorities group policy in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA. Add an Intermediate Certificate to Intermediate Certification AuthoritiesIf you use an intermediate certification authority (CA) to issue smart card login or domain controller certificates, you must add the intermediate certificate to the Intermediate Certification Authorities group policy in Active Directory. Parent topic: Setting Up Smart Card Authentication