To use a physical smart card, you must connect and pair the card reader with the device and set the smart card removal policy.
To use derived credentials, you must create a virtual smart card. See Create a Virtual Smart Card.
Verify that the client device, remote desktops, RDS hosts, Connection Server host, and other Horizon components meet the smart card authentication requirements. See Smart Card Authentication Requirements.
- Pair the device with the smart card reader, according to the documentation provided by the manufacturer of the reader.
If your iOS device has a 30-pin connector, you can plug the smart card reader into the connector. For iPad Air and iPhone 5S, which have Lightning interfaces, you must use a 30-pin adapter to plug the smart card reader into the device's 30-pin connector.
- Configure the smart card removal policy.
Set the policy on the Connection Server instance
When you set the policy on the Connection Server instance, you can disconnect users from the Connection Server instance when they remove their smart cards, or keep users connected to Connection Server when they remove their smart cards and let them start new desktop or application sessions without reauthenticating.
In Horizon Administrator, select.
On the Connection Servers tab, select the Connection Server instance and click Edit.
On the Authentication tab, select or deselect the Disconnect user sessions on smart card removal check box to configure the smart card removal policy.
Click OK to save your changes.
Restart the Connection Server service to make your changes take effect.
If you select the Disconnect user sessions on smart card removal check box, Horizon Client returns to the Recent window when users remove their smart cards.
Set the policy on the remote desktop
When you set the policy on the remote desktop, you can use the Group Policy Editor (gpedit.msc) to configure one of the following settings: no action, lock workstation, force log off, or Disconnect if a Remote Desktop Services session.
Open gpedit.msc in the desktop operating system.
Run the gpupdate /force command after you change the configuration to force a group policy refresh.