Posted On: May 3, 2023
Starting today, you can use Common Access Card (CAC) and Personal Identity Verification (PIV) smart cards to authenticate users into Amazon WorkSpaces through your self-managed Active Directory (AD) and AWS Directory Service AD Connector in the AWS GovCloud (US-East) Region. Additionally, you can now use the AWS Management Console to configure smart card authentication with AWS Directory Service.
When enabled, users select their smart card at the WorkSpaces login screen and enter a PIN to authenticate, instead of using a username and password. From there, the Windows or Linux virtual desktop uses the smart card to authenticate with Active Directory from the native desktop operating system. Smart card support is available on WorkSpaces when using the WorkSpaces Streaming Protocol (WSP). With AWS Directory Service and Amazon WorkSpaces with WSP, users can use smart cards to authenticate into a WorkSpaces instance (pre-session authentication) or into protected applications from within a WorkSpaces instance (in-session authentication).
To get started, visit Enable mTLS authentication in AD Connector for use with smart cards in the AWS Directory Service Administration Guide. To learn about smart card support in Amazon WorkSpaces, visit Use Smart Cards for Authentication in the Amazon WorkSpaces Administration Guide.