Configuration tasks include connecting and pairing the card reader with the mobile device and setting the smart card removal policy.

Prerequisites

  • Verify that you are using the correct version of the client, desktop agent, server, mobile device operating system, smart card reader, and smart card. See Smart Card Authentication Requirements.

  • Verify that smart card middleware is installed on the Android device.

  • If you have not already done so, perform the tasks described in "Prepare Active Directory for Smart Card Authentication," in the View Installation document.

  • Configure View servers to support smart card use. See the topic "Configure Smart Card Authentication," in the View Administration document.

Procedure

  1. Install the smart card middleware app on the mobile device.
  2. Pair the mobile device with the smart card reader, according to the documentation provided by the manufacturer of the reader.

    If you are using a Bluetooth smart card reader, a randomly generated number is displayed on both devices during this process. When you confirm that the numbers match, you establish secure Bluetooth communication.

  3. Configure the smart card removal policy.

    Option

    Description

    Set the policy on the server

    If you use View Administrator to set a policy, the choices are to disconnect users from Connection Server when they remove their smart cards or to keep users connected to Connection Server when they remove their smart cards and let them start new desktop or application sessions without reauthenticating.

    1. In View Administrator, select View Configuration > Servers.

    2. On the Connection Servers tab, select the Connection Server instance and click Edit.

    3. On the Authentication tab, select or deselect the Disconnect user sessions on smart card removal check box to configure the smart card removal policy.

    4. Click OK to save your changes.

    5. Restart the Connection Server service to make your changes take effect.

    If you select the Disconnect user sessions on smart card removal check box, Horizon Client returns to the Recent Connections screen (Horizon Client 3.0) or Recent tab (Horizon Client 3.1 and later) when users remove their smart cards.

    Set the policy on the desktop

    If you use the Group Policy Editor (gpedit.msc), you have the following possible settings: no action, lock workstation, force log off, or Disconnect if a Remote Desktop Services session.

    After you open gpedit.msc in the desktop operating system, go to Windows settings > Security settings > Local policies > Security options > Interactive logon: smart card removal behavior. Run the gpupdate /force command after you change the configuration to force a group policy refresh.