How to enable Smart Card login for Remote Desktop on Mac

Susja 751 Reputation points
2023-09-01T03:31:36.0133333+00:00

Hello,

I am using MacBook Pro 2020 as client and have to connect to PC in my office. I have to use PIV and smart Card for authentication.

I downloaded Microsoft Remote Desktop for Apple MacBook and added PC to workspace.

Now when I try to connect to remote PC it ask for my

but only allow to provide username and password. When I do this from Windows client ... it give me options to provide either username/password or Smart Card ... but not on Mac

I don't see the option to provide PIV and PIN.

Hence ... how could I enforce my MacBook client to provide me access using PIV?

Thanks,

Windows for business | Windows Client for IT Pros | User experience | Remote desktop services and terminal services
Microsoft Security | Microsoft Authenticator
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. RevelinoB 3,675 Reputation points
    2023-09-01T04:10:24.01+00:00

    Hi Susja,

    When you are connecting to a remote Windows PC using a PIV or Smart Card from a MacBook, that can be a bit more complex than from a Windows client due to various compatibility and middleware requirements.

    Here's are some steps to set up your MacBook Pro by using a Smart Card for Microsoft Remote Desktop:

    • Middleware: Before your Mac can read the smart card, you will need middleware that can understand and interact with the card. Software like Centrify Express or PKard for Mac are popular options. Install the appropriate middleware for your card.
    • Smart Card Reader: Ensure that you have a compatible smart card reader for your Mac. It should be connected and the drivers for it should be installed.
    • Setting up Microsoft Remote Desktop:
    • Launch the Microsoft Remote Desktop app.
    • Click on the "+" button at the top to add a new connection.
    • Fill out the necessary fields such as PC name.
    • Under "User Account", instead of choosing "Add User Account", select "Ask When Required". This should prompt you for credentials when you try to connect.
    • Connection:
    • Once everything is set up, try to connect to your office PC using Microsoft Remote Desktop. When prompted for authentication, insert your PIV/Smart Card into the reader.
    • If your middleware and drivers are set up correctly, it should recognize the smart card and ask for the PIN.
    • Enter the PIN associated with your PIV/Smart Card.
    • Troubleshooting:
    • If you're still having issues, check the version of Microsoft Remote Desktop. Ensure you have the latest version installed from the Mac App Store.
    • Check that your middleware is up-to-date and is known to work with Microsoft Remote Desktop.
    • Verify that your Smart Card reader drivers are updated.
    • It might be worth reaching out to your office's IT support or the software's support channel. Sometimes there might be specific configurations or updates that are required which are specific to your organization's setup.
    • Alternative Software: If you are still facing issues, you might consider looking into other RDP clients for Mac that might offer better support for PIV/Smart Card authentication. Remember, integrating Smart Card authentication on a non-native platform can sometimes be tricky, so it might require a bit of patience and troubleshooting. If you’re unfamiliar with some of these steps, I would recommend getting in touch with your IT department or someone with experience in this area to assist you further.

    I hope this steps could help?


  2. Susja 751 Reputation points
    2023-09-01T22:27:27.3766667+00:00

    hi @RevelinoB

    I am checking each point you highlighted:

    1. I asked my IT and they said it's not possible because it's no way that app 'Microsoft_Remote_Desktop' would be able to handle PIV password and transfer it securely. Unfortunately my company is almost completely Windows based and they acknowledged that they don't have much experience with Mac. Anyway .. I am positive that my Card Reader and PIV card should be OK. My confidence based on the fact that I am using VPN Cisco AnyConnect Secure Mobility Client and I am already in business network. I want only connect to another Windows PC.
    2. I did not install yet software that you suggested because it's business MacBook and I'm not allowed to install anything that is not approved by company. I assume that my Card Reader is OK base on the fact I am using VPN via PIV with no issue
    3. I followed each step you recommended for Microsoft Remote Desktop but it still didn't recognize Smart Card.
    4. Hence I don't have the option to enter PIN
    5. Next time I connected and provided username/password, it accepted it and when it get to final authentication I provided again username/password but it rejected it with the message: 'You must use Windows Hello or Smart Card' but did not give me prompt for PIV
    6. The version of app is the latest
    7. What are your other suggestions?

    Thanks


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.