Product Documentation

Enabling Smart Card Logon

Jun 03, 2013

Enabling smart card logon allows users to use smart cards instead of passwords to authenticate to XenApp and XenDesktop servers. Receiver prompts users for their smart card PIN only once, during initial log on. You can use smart card logon either with or without pass-through authentication.

Receiver for Windows Enterprise supports smart cards for Web Interface deployments only. For configuration information, see the Web Interface documentation.

You must enable smart card support on the server and set up and configure the user device properly with third-party smart card hardware and software. Refer to the documentation that came with your smart card equipment for instructions about deploying smart cards within your network.

To enable pass-through authentication for smart cards, configure the following policies in the Group Policy Editor:

  • Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Citrix Components > Citrix Receiver > User authentication > Smart Card authentication
  • Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Citrix Components > Citrix Receiver > User authentication > Local user name and password

The smart card removal policy set on XenApp and XenDesktop determines what happens if you remove the smart card from the reader during an ICA session. The smart card removal policy is configured through and handled by the Windows operating system.