With smart card authentication, you plug a smart card reader into the Chromebook, insert a smart card, and select a server in Horizon Client. During the authentication step, you enter a PIN instead of a user name and password. After you select a remote desktop or published application, all smart card commands and responses are redirected to the remote desktop or published application.
Smart card authentication has certain limitations when used with Horizon Client for Chrome.
- After using HID Global ActivID ActivClient for smart card authentication for the first time, subsequent attempts to authenticate to the server or desktop might fail. As a workaround, unplug the smart card reader from the client system and plug it in again.
- The Connection Server and Unified Access Gateway smart card user name hints feature is not supported.
- The Connection Server smart card removal policy is not supported.
- Single sign-on is not supported. When you connect to a remote desktop or published application, you must enter the smart card PIN again inside the remote session.
- After you use a smart card to authenticate to a server, you cannot switch to another authentication method, such as Active Directory authentication. To use a different authentication method the next time you connect to a server, you must log out of the Chrome OS or reboot the Chromebook.
- After you select a certificate and enter your PIN, the certificate you selected is cached on the Chromebook and is used the next time you connect to a server. To select a different certificate the next time you connect to a server, you must reboot the Chromebook.