Enable mTLS authentication in AD Connector for use with smart cards - Amazon Directory Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Enable mTLS authentication in AD Connector for use with smart cards

You can use certificate-based mutual Transport Layer Security (mTLS) authentication with smart cards to authenticate users into Amazon WorkSpaces through your self-managed Active Directory (AD) and AD Connector. When enabled, users select their smart card at the WorkSpaces login screen and enter a PIN to authenticate, instead of using a username and password. From there, the Windows or Linux virtual desktop uses the smart card to authenticate into AD from the native desktop OS.

Note

Smart card authentication in AD Connector is only available in the following Amazon Web Services Regions, and only with WorkSpaces. Other Amazon applications are not supported at this time.

  • US East (N. Virginia)

  • US West (Oregon)

  • Asia Pacific (Sydney)

  • Asia Pacific (Tokyo)

  • Europe (Ireland)

  • Amazon GovCloud (US-West)