To use the derived credentials feature, you must create a virtual smart card to use when you log in to a server and connect to a remote desktop. One virtual smart card can hold multiple certificates.

Prerequisites

  • Verify that the client device, remote desktops, RDS hosts, Connection Server host, and other Horizon components meet the smart card authentication requirements. See Smart Card Authentication Requirements.
  • Use the Purebred app to create a derived credential and provision the credential on the client device.
  • Verify that the device has a passcode. A passcode is required to create a virtual smart card.

Procedure

  1. Tap Settings at the bottom of the Horizon Client window.
  2. Tap Derived Credentials and then tap Create New Virtual Smartcard.
  3. Perform device authentication.
    • If either Touch ID or Face ID is enabled, authenticate with Touch ID or Face ID.
    • If neither Touch ID nor Face ID is enabled, authenticate with a passcode.
  4. Enter and confirm a PIN for the virtual smart card.
  5. Tap Continue and import the derived credential from the Purebred key chain.
    1. Tap PIV Authentication Certificate.
    2. Select the Purebred Key Chain location.
    3. Select the certificate to import.
  6. (Optional) To import a digital signature certificate or encryption certificate after you import the PIV authentication certificate, tap Digital Signature Certificate or Encryption Certificate and follow the prompts.
  7. To create the virtual smart card, tap Done.
    The derived credential appears in the Settings window. The Use Derived Credentials setting is set to on.
  8. To create another virtual smart card for a different Horizon environment, tap Create new virtual smartcard and repeat these steps.

What to do next

Pair a Virtual Smart Card with Smart Card Middleware.