In-session Certificates
Certificates and private keys securely managed by the Federated Authentication Service can be made available to programs running in users' sessions. If this policy is disabled, this feature will be unavailable.
If this policy is enabled, the Prompt Scope setting will control how users are prompted for consent. There are three options:
- No consent required -- This option disables the security prompt and private keys are used silently.
- Per-process consent -- Each running program will individually prompt for consent.
- Per-session consent -- Once the user has clicked ok, this will apply to all programs in the session
If this policy is enabled, the Consent Timeout will control how long (in seconds) the consent lasts. So for example, if set to 300 seconds the user will see a prompt every five minutes. A value of zero will prompt the user for every private key operation.
If this policy is enabled, it is also possible to automatically disconnect a user's session rather than display the logon prompt. This functionality provides similar behaviour to the "disconnect on smart card removal" policy, and is useful for situations where users do not have Active Directory logon credentials.
Supported on: Windows 10
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Citrix\Authentication\VirtualSmartcard |
Value Name | Enabled |
Value Type | REG_DWORD |
Enabled Value | 1 |
Disabled Value | 0 |
citrixfederatedauthenticationservice.admx