Remote-access Guide

how do i set up va remote access smartcard

by Annabelle Kemmer III Published 3 years ago Updated 2 years ago
image

How do I sign into remote desktop with a smart card?

Remote Desktop Services and smart card sign-in. Remote Desktop Services enable users to sign in with a smart card by entering a PIN on the RDC client computer and sending it to the RD Session Host server in a manner similar to authentication that is based on user name and password.

How do I connect to a remote smart card reader?

Locate your USB device in the list. Select “Share”. After clicking “Share”, your network smart card becomes accessible to the remote desktop session sharing the network. Not only can you access remote smart card readers over network connections like Ethernet or Internet.

Which smart cards are supported with remote PC access?

The following smart cards were tested with Remote PC Access: Fast smart card is an improvement over the existing HDX PC/SC-based smart card redirection. It improves performance when smart cards are used in high-latency WAN situations. Fast smart card is enabled by default on host machines with currently supported Windows VDAs.

What remote access options does Vava support?

VA supports remote access with two different applications 1. Citrix Access Gateway (CAG) and 2. CISCO RESCUE VPN Client. The Citrix Access Gateway is designed for users that do not have VA Government Furnished Equipment (GFE) – CAG is a good option to allow users access to general applications such as email and chat.

image

How do I get remote access from the VA?

You may request remote access by visiting the Remote Access Self Service Portal ( only available while on VA's internal network). Please note the Self-Service Portal is only accessible from within the VA network, it is not externally accessible.

What is remote access portal?

These portals emphasize security, protection, and privacy of intranet resources. The architecture of Secure Remote Access is well suited to these types of portals. Secure Remote Access software enables users to securely access intranet resources through the Internet without exposing these resources to the Internet.

What is a PIV exemption?

Personal Identification Verification (PIV) Exemptions Process. Scenarios for Temporary Exemption: New User without PIV Issuance. 1. If a new user has been issued a VA network account, but not a PIV credential, the user may contact Enterprise Service Desk (ESD) at (855) 673-4357 to request a temporary exemption.

How do I get my VA email on my phone?

Access InstructionsAccess the connected app of your choice from the VA App Store.You will arrive at VA sign-in page. ... From the ID.me page, enter your email address and password, then select Sign in.More items...

What do you need for remote access?

Remote computer access requires a reliable internet connection. You'll need to activate or install software on the device you want to access, as well as on the device — or devices — you want to use to get that access.

Why do I need remote access?

Remote access enables remote users to access files and other system resources on any devices or servers that are connected to the network at any time. This increases employee productivity and enables employees to better collaborate with colleagues around the world.

How long does it take to get a PIV card?

between 2 to 6 weeksThe PIV-II credentialing process can take between 2 to 6 weeks. This includes the time that you were sponsored, enrolled, the card being printed, delivery and when you pick up the card.

Can vatas be accessed from home?

No, you may access webTA from anywhere as long as you use Internet Explorer, version 4.0 or higher, and you use the correct URL.

Can I log into my VA email from home?

You can sign in to VA.gov with any of these 4 accounts: Login.gov. ID.me. My HealtheVet. DS Logon.

What benefits do I get with 80 VA disability?

Veterans that obtain an 80 percent VA Disability rating receive $1,778.43 a month from the Veterans Administration. Eligible disabled veterans may also be able to receive extra monthly compensation for dependent children and parents.

What benefits do I get with 70 VA disability?

All veterans with a 70 percent disability rating receive at least the minimum VA disability pay of $1,444.71 per month. Veterans receive additional compensation if they have dependent parents, minor children, or other family members who rely on their financial support.

What is my DS logon username?

To retrieve your DS Logon Premium account username, you will first need to prove your identity at the DS Access Center web site. You will be asked to answer the security questions that you previously set up. To access this service, go to https://www.dmdc.osd.mil/identitymanagement/retrieveusername.do?execution=e2s1.

What is example of remote access?

Accessing, writing to and reading from, files that are not local to a computer can be considered remote access. For example, storing and access files in the cloud grants remote access to a network that stores those files. Examples of include services such as Dropbox, Microsoft One Drive, and Google Drive.

What is a remote access application?

Remote desktop software, more accurately called remote access applications or remote access software, let you remotely control any computer in another location. With the help of these remote access applications, you can take over the mouse and keyboard of another computer and use it just like your own.

What is the main purpose of a RAS server?

A remote access server (RAS) is a type of server that provides a suite of services to remotely connected users over a network or the Internet. It operates as a remote gateway or central server that connects remote users with an organization's internal local area network (LAN).

What are the types of remote access?

The primary remote access protocols in use today are the Serial Line Internet Protocol (SLIP), Point-to-Point Protocol (PPP), Point-to-Point Protocol over Ethernet (PPPoE), Point-to-Point Tunneling Protocol (PPTP), Remote Access Services (RAS), and Remote Desktop Protocol (RDP).

How to share a smart card to a remote desktop?

Part 2: If you access smart card readers over the internet, an external IP address is required. Navigate to the “Share Local USB Devices” tab. Locate your USB device in the list. Select “Share”. After clicking “Share”, your network smart card becomes accessible to the remote desktop session sharing the network.

Where is the smart card reader on Windows 7?

Guest versions of Windows Vista and Windows 7 will see their smart card reader in their “Windows Device Manager”. The smart card is sharable with applications on both host machines and different guest operating systems.

What is USB passthrough mode?

Unlike before, USB Passthrough mode allows a single virtual machine direct control of a physical smart card reader.

What happens after you share a smart card?

After clicking “Share”, your network smart card becomes accessible to the remote desktop session sharing the network.

What happens when you connect to RDP?

Most often, connecting to RDP sessions result in any USB devices plugged into your computer becoming inaccessible.

Does VMware support smart cards?

If you use a Windows virtual machine that runs a Linux host, VMware provides complete support for smart cards.

When do you start sharing your local smart card?

As soon as set-up is established on both machines , start sharing your local smart card!

How to track a smart card?

With smart card remoting, you can track the number of times a smart card has been inserted or removed from a reader using the SCardGetStatusChange function. The function updates an array of SCARD_READERSTATE data structures—one per each reader you monitor. The high word (16 bits) of the dwEventState field of each SCARD_READERSTATE contains the reader count. For more information, see the Microsoft articles SCardGetStatusChangeA function and SCARD_READERSTATEA structure.

What is a smart card?

Smart cards for enterprise use contain digital certificates. These smart cards support Windows Logon, and can also be used with applications for digital signing and encryption of documents and email. Citrix Virtual Apps and Desktops support these uses.

How to get a CSP for Citrix?

Obtain a device driver and cryptographic service provider (CSP) software from your smart card vendor, and install them on both user devices and virtual desktops. The driver and CSP software must be compatible with Citrix Virtual Apps and Desktops; check the vendor documentation for compatibility. For virtual desktops using smart cards that support and use the minidriver model, smart card minidrivers should download automatically, but you can obtain them from http://catalog.update.microsoft.com or from your vendor. Also, if PKCS#11 middleware is required, obtain it from the card vendor.

What is class 2 smart card reader?

Class 2 smart card readers also contain a secure keypad that cannot be accessed by the user device. Class 2 smart card readers may be built into a keyboard with an integrated secure keypad. For class 2 smart card readers, contact your Citrix representative; a reader-specific device driver may be required to enable the secure keypad capability.

What is the minimum requirement for smart cards?

A minimum requirement is that smart cards and smart card devices must be supported by the underlying Windows operating system and must be approved by the Microsoft Windows Hardware Quality Labs (WHQL) to be used on computers running qualifying Windows operating systems .

Can you use a smart card with Citrix?

Within a Citrix Virtual Apps or Citrix Virtual Desktops session, using a smart card with the Microsoft Remote Desktop Connection application is not supported. This is sometimes described as a “double hop” use.

Is a smart card reader a USB device?

The smart card reader class is unrelated to the USB device class.

How to request remote access to VA?

Go to the VA home page (open Internet Explorer on a VA computer-this should be the home screen) Look at the links under the “Top Facility Resources” column on the webpage and click on “Remote Access Request” From there, click on “Self Service Portal” at the top of the page to “Request Access” for Remote Access.

What is the best URL for VHA21?

Requires one of two options: 1.Use of PIV card instead of your vha21vhasfcxxxxxxdomain name and password, or; 2.Use of a “One Time Password” (a six-digit number generated by the MobilePASSApp) in addition to your vha21vhasfcxxxxxx credentials 3.Best URL is citrixaccess.va.gov; other options are vacagwest.vpn.va.gov, vacageast.vpn.va.gov, vacagnorth.vpn.va.gov, vacagsouth.vpn.va.gov 4.Your Mac/PC/tablet must have Citrix Receiver installed (www.citrix.com) For Mac, Safari is the best browser

How many digits are in a mobile pass?

The phone’s MobilePASSapp will keep generating 6-digit numbers. When the PC Validate Box is ready, you now enter the 6 -digit number you see into the box on the PC. If you miss the 30-second deadline, you must try the next number from the app. Now you are done.

Does MobilePassapp generate activation codes?

The phone’s MobilePASSapp will now generate an Activation Code.

How to use a smart card for remote desktop?

Remote Desktop Services enable users to sign in with a smart card by entering a PIN on the RDC client computer and sending it to the RD Session Host server in a manner similar to authentication that is based on user name and password.

What is remote desktop smart card?

In a Remote Desktop scenario, a user is using a remote server for running services, and the smart card is local to the computer that the user is using. In a smart card sign-in scenario, the smart card service on the remote server redirects to the smart card reader that is connected to the local computer where the user is trying to sign in.

What does the arrow on a smart card mean?

Arrows represent the flow of the PIN after the user types the PIN at the command prompt until it reaches the user's smart card in a smart card reader that is connected to the Remote Desktop Connection (RDC) client computer.

How to enable remote access to resources in an enterprise?

To enable remote access to resources in an enterprise, the root certificate for the domain must be provisioned on the smart card. From a computer that is joined to a domain, run the following command at the command line:

Which session is LSA authentication performed?

The authentication is performed by the LSA in session 0.

Does remote desktop work across domain?

Sign-in to Remote Desktop Services across a domain works only if the UPN in the certificate uses the following form: <ClientName>@<DomainDNSName>

Can I use a smart card without a domain controller?

Note If you use the credential SSP on computers running the supported versions of the operating system that are designated in the Applies Tolist at the beginning of this topic: To sign in with a smart card from a computer that is not joined to a domain, the smart card must contain the root certification of the domain controller. A public key infrastructure ( PKI) secure channel cannot be established without the root certification of the domain controller.

How to get SafeNet on my phone?

1. Click yourAPP/PLAY Store icon on cellular device 2. Click the search magnify glass, type in SafeNet MobilePass 3. Install/+Get SafeNet to your phone

What is 2FA in VA?

The move to Two Factor Authentication (2FA) will increase security by establishing a user’s identity through a combination of two authentication factors before the user is permitted remote access to VA networks. The preferred 2FA method to gain access to VA networks is for personnel to use their Personal Identification Verification (PIV) card. Recognizing remote employees may not have a PIV enabled device readily available, an alternate solution was developed to ensure these users authenticate to the VA network using 2FA. In August 2015, the Office of Information and Technology (OI&T) hosted a successful pilot using soft tokens as a 2FA alternative to PIV for Citrix Access Gateway (CAG). VA has a phased rollout of these soft tokens scheduled to begin December 7, 2015 with a scheduled completion of April 29, 2016. This user guide is intended to provide support to VA remote users as they download and install MobilePASS soft tokens.

How to sign in to VA?

You can sign in to VA.gov in any of these ways: 1 With your existing My HealtheVet account, or 2 With your existing DS Logon account, or 3 By creating an account through ID.me (a trusted partner)

What if I can’t sign in to VA.gov because my password doesn’t work?

First, try resetting the password for the account you use to sign in to VA.gov:

What is accessva password?

In AccessVA, a username and password that is issued to you (one example of an online credential) will be used at multiple participating VA applications. As the AccessVA sign-in service grows, so will the number of VA applications that will accept your credential. One of the main goals is to simplify the process for users to do business with ...

Who is participating with AccessVA?

The current participating VA application partners are Box , Community Care Referrals and Authorization (CCR&A) , Direct Upload , Education Development Management System (EDMS) , eScreening , Fiduciary Accountings Submission Tool (FAST) , Life Insurance Online Policy Access , Million Veteran Program (MVP) , My HealtheVet (MHV) , Prosthetics Vendor Portal , Remote Order Entry System (ROES) , Service-Disabled Veterans Insurance (S-DVI) , Stakeholder Enterprise Portal (SEP) , Stipends4Vets for Veteran Athletes , Stipends4Vets for Certifying Officials , VA Loan Electronic Reporting Interface Reengineering (VALERI-R) , VA Salesforce SQUARES (SQUARES) , Vet Sports Reporting , VetBiz Portal (VetBiz) , Veterans Enterprise Management Solution (VEMS) , Veterans Identification Card (VIC) , Veteran Patient Statement , Veteran Travel Claim Entry , VHIC Self-Service , Virtual Medical Center (VMC) , and yourIT .

What does AccessVA do?

In AccessVA, a username and password that is issued to you (one example of an online credential) will be used at multiple participating VA applications. As the AccessVA sign-in service grows, so will the number of VA applications that will accept your credential. One of the main goals is to simplify the process for users to do business with the VA online.

How do I update my Sign-In Partner / Credential information?

If your personal information, such as last name or address, has changed you may need to update your Credential information with the Sign-In Partner you registered for the credential with. Your Sign-In Partner is the organization who assigned and maintains your credential. We are not able to update your credential through AccessVA. You will need to contact your Sign-In Partner to make these updates. The following provides contact information for AccessVA's Sign-In Partners:

How do I Receive a Credential from the DoD DS Access (DS Logon)?

A request for a DS Logon can be made in one of three ways: 1. A DoD Sponsor can request a DS Logon for them self and eligible family members using the DoD Self-Service Access Center web site. If DoD Sponsor is self-requesting using their Common Access Card (CAC), they will be able to obtain their DS Logon immediately. Otherwise, an activation code will then be sent to the DoD individual for whom the DS Logon was requested through the United States Postal Service (USPS). This will result in a Level 2 assurance credential. 2. A DoD Sponsor or family member can request a DS Logon at a military identification card (ID) issuing facility when obtaining a new military ID. You will need to request for a DS Logon during the military ID issuance. The activation code will be sent to the DoD individual for whom the DS Logon was requested through the United States Postal Service (USPS). This will result in a Level 2 assurance credential. 3. A Veteran may register through a link at VA's eBenefits portal. This process first grants you a Level 1 credential but immediately makes you eligible to upgrade that account to a Level 2 (Premium Account) by performing the remote proofing process. Use the DS Access Center website to register for a DS Logon. Also see the DS Access FAQ for more information.

How does AccessVA save taxpayer dollars?

Saves Taxpayer Dollars - AccessVA promotes efficiencies and cost savings by establishing a unified authentication system that can be interoperable among various agencies that service our Veterans and citizens. By adopting a single system, we save taxpayer dollars.

What is the Department of Veterans Affairs?

The Department of Veterans Affairs exists to serve our Veterans. Veterans will realize substantial benefits by using AccessVA for online transactions including:

How to request VA employee self service?

Click on 'I am a VA Employee or Authorized Contractor' then 'Employee Self-Service'. Log in with ID.me, or create an account if needed. From here you can make your request. Once on the yourIT Service Portal select:

How to use a PIV card?

To use a USB PIV card reader, plug the USB card reader into your computer, and insert your PIV card. Navigate to the citrix portal and click 'Click here to us Smartcard'. You will be prompted to enter your PIN and select a security certificate.

What is the phone number for Enterprise Service Desk?

You need these accounts. For any trouble with them, call the Enterprise Service Desk +1-855-673-4357 or the operator and ask for the Enterprise Service Desk:

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9