To use the derived credentials feature, you must create a virtual smart card to use when you log in to a server and connect to a remote desktop. One virtual smart card can hold multiple certificates.
- Verify that the client device, remote desktops, RDS hosts, Connection Server host, and other Horizon components meet the smart card authentication requirements. See Smart Card Authentication Requirements.
- Import a certificate. You can use a third-party application, such as Purebred, to deliver the certificate to the client device. For an Android device, you can copy a certificate file to the Android device and then import it into the Android system settings.
- For an Android device, verify that the device has a passcode. A passcode is not required to create a virtual smart card on a Chromebook.
- Tap the Settings (gear) icon in the upper-right corner of the Horizon Client window.
- Tap Derived Credentials and then tap Create new virtual smart card.
- (Android device only) Perform device authentication.
- Enter and confirm a PIN for the virtual smart card.
- Tap Continue to import derived credentials and import the derived credential.
- Tap PIV Authentication Certificate.
- Select a certificate.
- Tap Select.
- (Optional) To import a digital signature certificate or encryption certificate after you import the PIV authentication certificate, tap Digital Signature Certificate or Encryption Certificate and follow the prompts.
- To create the virtual smart card, tap Done.
The derived credential appears in the Settings window. The Use Derived Credentials setting is set to on.
- To create another virtual smart card for a different Horizon environment, tap Create new virtual smartcard and repeat these steps.