You can create a virtual smart card to use when you log in to a server and connect to a remote desktop. With a virtual smart card, you do not need to connect a traditional smart card reader to the client device. One virtual smart card can hold multiple certificates.


  • Import a certificate. You can use a third-party application, such as Purebred, to deliver the certificate to the client device. For an Android device, you can copy a certificate file to the Android device and then import it into the Android system settings.
  • For an Android device, verify that the device has a passcode. A passcode is not required to create a virtual smart card on a Chromebook.
  • Verify that the client device, remote desktops, RDS hosts, Connection Server host, and other Horizon components meet the smart card authentication requirements. See Smart Card Authentication Requirements.


  1. Tap the Settings (gear) icon in the upper-right corner of the Horizon Client window.
  2. Tap Derived Credentials and then tap Create new virtual smart card.
  3. (Android device only) Perform device authentication.
  4. Enter and confirm a PIN for the virtual smart card.
  5. Tap Continue to import derived credentials and import the derived credential.
    1. Tap PIV Authentication Certificate.
    2. Select a certificate.
    3. Tap Select.
  6. (Optional) To import a digital signature certificate or encryption certificate after you import the PIV authentication certificate, tap Digital Signature Certificate or Encryption Certificate and follow the prompts.
  7. To create the virtual smart card, tap Done.
    The derived credential appears in the Settings window.
  8. Toggle the Use Derived Credentials setting to on.
  9. To create another virtual smart card for a different Horizon environment, tap Create new virtual smartcard and repeat these steps.

What to do next

Log in to the server and connect to a remote desktop. The process is the same as when you use a physical smart card. See Connect to a Remote Desktop or Published Application.

Note: If you enter the wrong PIN more than five times when using a virtual smart card to authenticate, the virtual smart card is removed and you must create a new virtual smart card.