Posted On: May 3, 2023

Starting today, you can use Common Access Card (CAC) and Personal Identity Verification (PIV) smart cards to authenticate users into Amazon WorkSpaces through your self-managed Active Directory (AD) and AWS Directory Service AD Connector in the AWS GovCloud (US-East) Region. Additionally, you can now use the AWS Management Console to configure smart card authentication with AWS Directory Service. 

When enabled, users select their smart card at the WorkSpaces login screen and enter a PIN to authenticate, instead of using a username and password. From there, the Windows or Linux virtual desktop uses the smart card to authenticate with Active Directory from the native desktop operating system. Smart card support is available on WorkSpaces when using  the WorkSpaces Streaming Protocol (WSP). With AWS Directory Service and Amazon WorkSpaces with WSP, users can use smart cards to authenticate into a WorkSpaces instance (pre-session authentication) or into protected applications from within a WorkSpaces instance (in-session authentication).