Posted On: Jan 13, 2021

Amazon AppStream 2.0 now supports the use of smart cards such as Personal Identity Verification (PIV) and Common Access Card (CAC) smart cards for authentication to AppStream 2.0 streaming instances. Smart cards are also supported for in-session authentication for streaming applications. With this launch, your users can use a smart card reader and smart card connected to their local computer to sign in to an AppStream 2.0 streaming instance that is joined to a Microsoft Active Directory domain. They can also use their local smart card reader and smart card to sign in to applications within their streaming session.  

When this feature is enabled, AppStream 2.0 redirects smart card requests from the streaming instance to the user’s local smart card reader. The smart card and smart card reader remain accessible to the user’s local computer. Previously, to use their smart card for in-session authentication, users had to redirect their smart card reader to the streaming instance, which made the smart card reader and smart card unavailable for use on their local computer. 

To ensure that your users can use smart cards for authentication to Active Directory-joined streaming instances and for in-session authentication for streaming applications, you must meet all of the following requirements:

  • Use an image that was created from a base image published by AWS on or after December 28, 2020;
  • Enable smart card sign in on the AppStream 2.0 stack that your users access for streaming sessions; and
  • Ensure that your users have the AppStream 2.0 client for Windows version 1.1.257 or newer installed.  

By default, smart card redirection is enabled when the AppStream 2.0 client is installed. You can disable this feature during client installation on managed devices. 

This feature is available at no additional cost in all AWS Regions where AppStream 2.0 is offered. AppStream 2.0 offers pay-as-you-go pricing. For more information, see Amazon AppStream 2.0 Pricing. If you are new to AppStream 2.0, you can try already installed applications by visiting the AppStream 2.0 website.