Select the View Connection Server + Imprivata OneSign session connection type from the MC to configure a profile to authenticate through the Imprivata OneSign system in addition to a View Connection Server when clients connect to a VMware desktop.
This selection requires a device restart after being changed.
Note: To enable a property in the MC, click the Set in Profile check box and configure the fields as indicated. After you update the properties on this page, click Save to save your changes.
MC Session Connection Type – View Connection Server + Imprivata OneSign
MC Session Configuration Parameters
Parameter | Description |
---|---|
Onesign Bootstrap URL |
Enter the bootstrap URL used to find an initial OneSign server in a OneSign authentication deployment. |
Onesign Appliance Verification |
Select the level of verification performed on the certificate presented by the OneSign appliance server:
|
Enter the address of the View Connection Server to use when OneSign servers cannot be reached. When configured, a Direct to View link occurs on the OSD Connect page and user authentication screens. When users click the link, it cancels the current OneSign connection or authentication flow and starts a Horizon View authentication flow instead. This feature provides a mechanism for OneSign zero client users to access their View desktops when the OneSign infrastructure is unavailable. |
|
Onesign Desktop Name Mode |
Select whether the Desktop Name to Select property is used in OneSign mode.
|
Pool Name to Select |
Enter the pool name. When the list includes a pool with this name, the client will immediately start a session with that pool. Note: This field is case-insensitive. For Tera1 zero clients, this parameter is called Desktop Name to Select. |
Certification Check Mode |
Select the level of verification performed on the certificate presented by the connection server:
|
Certification Check Lockout Mode |
Select whether to lock or unlock Certification Check Mode:
|
Clear Trusted Connection Server Cache |
When enabled, clears the trusted connection server cache. |
Enable Login Username Caching |
When enabled, the username text box automatically populates with the last username entered. |
Use OSD Logo for Login Banner |
When enabled, the OSD logo banner appears at the top of login screens in place of the default banner. You can upload an OSD logo from the OSD Logo Upload page. |
Prefer GSC-IS Over PIV Endpoint |
When selected, the GSC-IS interface is used if a smart card supports more than one interface such as CAC (GSC-IS) and PIV endpoint. If a smart card supports only one interface, such as either CAC or PIV endpoint, then only the CAC or PIV endpoint interface is used regardless of this setting. This only affects smart card access performed outside of PCoIP sessions. |
Enable Peer Loss |
When enabled, the “Network Connection Lost” overlay appears on the display(s) when a loss of network connectivity is detected. Normal hypervisor scheduling delays can falsely trigger this message. Note: This option is only available for a zero client. Desktop applications that require the peer loss notification should re-enable the feature through the OSD, AWI, or MC. |
Enable Preparing Desktop Overlay |
When enabled, the "Preparing Desktop" overlay appears on the display(s) when users log in. Note: This overlay provides assurance that login is proceeding if the desktop takes more than a few seconds to appear. |
Enable Session Disconnect Hotkey |
When enabled, users can press the Ctrl+Alt+F12 hotkey sequence to pop up the "Zero Client Control Panel" overlay, which lets them disconnect the current session on the workstation or power off the workstation. Note: Before users can use this disconnect hotkey sequence, certain other configuration options must be in place. See Disconnecting from a Session for details. |
PCoIP Utility Bar Mode (Tera2 zero clients only) |
When enabled, the PCoIP Utility Bar appears at the top of the primary display when a user is in session and moves the cursor directly under the bar. The utility bar can be used to disconnect a session or to shut down a remote workstation. For Direct to Host session connection types, Local Cursor and Keyboard must be enabled in order for the zero client to process mouse events for the utility bar. For all connection types, the mouse must be locally connected (i.e., not bridged).
Note: This feature is configurable from the MC and AWI only. It requires firmware version 4.2.0 or newer. |
Proximity Reader Beep Mode |
Configure whether the proximity card reader beeps when a valid card is tapped on the reader in OneSign mode:
|
Configure whether or not the RF IDeas proximity reader will invert the Wiegand bits that are read from a user's ID token. This feature is useful when some of the RF IDeas readers in your system are programmed to invert the Wiegand data and others are not. It lets you configure all readers to read the bits in a consistent manner (whether inverted or not inverted), so that all the readers behave the same way from a user's point of view.
Note: This feature is configurable from the MC and AWI only. It requires firmware version 4.2.0 or newer. |
|
Restrict Proximity Cards |
Configure whether or not proximity cards are restricted to tap-in/tap-out only. When this feature is enabled, the proximity card reader is locally terminated (i.e., it uses drivers in the client's firmware), and proximity cards can only be used for tap-in/tap-out. When this feature is disabled, the proximity card reader is bridged by default (i.e., it uses drivers in the host OS), and proximity cards are not restricted. They can be used for tap-in/tap-out and also during a session—for example, when an application requires in-session authentication.
Note: This feature is configurable from the MC and AWI only. It requires firmware version 4.2.0 or newer. |
Disconnect Dialog Display Mode |
This field lets you control what type of messages appear when a session is disconnected. There are three categories: Information: User- or administrator-initiated actions affecting the session:
Warning: System-initiated, but expected actions affecting the session:
Error: Unexpected system-initiated actions causing session to fail:
Note: For detailed information about the above session disconnect codes, please see KB 15134-872 in the Teradici Support Site. You can choose to display:
|
Session Lost Timeout |
Enter the timeout (in seconds) for the connection of the active session. The valid timeout range for this field is 5 to 60 seconds. The session will be disconnected when this timeout period expires. |
RDS Application Access |
When enabled and users connect to a VMware Horizon View Connection Server that offers applications, a list of available applications will be presented. Note: Applications open in full-screen mode, but can be re-sized once users are in session. |
Custom Session SNI |
When enabled, sets a customized Server Name Indication (SNI) string on authorized man-in-the-middle-enabled clients. The SNI string is appended to the SSL/TLS HELLO when the client initates an SSL connection with the host. |
Enable DSCP |
When enabled, the device populates the Differentiated Services Code Point (DSCP) field in the IP header, allowing intermediate network nodes to prioritize PCoIP traffic accordingly. |
Enable Transport Congestion Notification |
When enabled, transport congestion notification is enabled to allow PCoIP endpoints to react accordingly if an intermediate network node sets the congestion notification bit in either the IP header or PCoIP transport header. Note: For more information about the PCoIP transport header, see PCoIP Packet Format. |