Chromebooks that use a smart card for user authentication must meet certain requirements.

Smart cards have certain limitations when used with Horizon Client, as described in Smart Card Authentication Limitations.

Client Hardware and Software Requirements

Users that authenticate with smart cards must have a physical smart card, and each smart card must contain a user certificate. The following smart cards are supported.
  • U.S. Department of Defense Common Access Card (CAC)
  • U.S. Federal Government Personal Identity Verification (PIV) card (also called FIPS-201 smart card)

Each Chromebook that uses a smart card for user authentication must have the following hardware and software.

  • Horizon Client for Chrome
  • A compatible smart card reader
  • Google Smart Card Connector extension

    The connector extension provides basic support for smart cards on Chrome OS. You can download the Smart Card Connector extension from the Chrome web store. VMware recommends using Google Smart Card Connector extension version 1.2.16.1 or later.

  • Charismathics CSSI Smart Card Middleware

    This middleware supports communication with the smart card and other client certificates, and is available as a download from the Chrome web store.

You might need to install root and intermediate certificates on the Chromebook. For more information, see the Google Chrome OS documentation.

Agent Software Requirements

An administrator must install one of the following middleware on the agent machine, depending on the authentication requirements of your organization:

  • Charismathics CSSI Smart Card Middleware
  • HID Global ActivID ActivClient middleware

For the supported agent operating systems, see Feature Support for Chrome Clients.

Additional Smart Card Authentication Requirements

In addition to meeting the smart card requirements for Horizon Client for Chrome, other Horizon components must meet certain configuration requirements to support smart cards.

Connection Server
For information about configuring Connection Server to support smart card use, see the Horizon Administration document.
Unified Access Gateway appliances
Unified Access Gateway 3.2 and later.
For information about configuring a Unified Access Gateway appliance to support smart card use, see the Deploying and Configuring VMware Unified Access Gateway document.
Active Directory
For information about tasks that an administrator might need to perform in Active Directory to implement smart card authentication, see the Horizon Administration document.