Administrator Guide
2. Reboot the client.
The login dialog box is displayed.
3. Enter credentials to open the VDI broker dialog box.
You can also set this feature in your INI file, see the Dell Wyse ThinOS INI Guide.
For more details about SECUREMATRIX, see the SECUREMATRIX documentation.
Configure HealthCast
HealthCast Single Sign-On (SSO) solution is designed to improve user convenience, streamline workflow, and strengthen security
compliance in demanding environments. The same proximity cards used for physical access are used to tap-in and tap-out of unique user
sessions and to tap-over any sessions unintentionally left open on the ThinOS devices. Typically, you must type in your password only one
time each day and use your proximity cards to streamline workflow and save time as they move between shared computers securely. Also,
proximity cards can be secured with a PIN, if configured by the organization. The HealthCast SSO solution also supports user self-service
password reset so that you can reset your own passwords without the need to call the help desk.
NOTE: HealthCast SSO Solution on ThinOS is a client-server solution. ThinOS provides the client-side functionality, but
you must also install and configure the HealthCast Server components on a server system in order for the solution to
work properly. Contact HealthCast on HealthCast website for one or more server installation executables, server
requirements, and configuration information.
HealthCast Web API Server is integrated with ThinOS release to implement the HealthCast SSO solution. To use the HealthCast SSO
solution, ThinOS must be configured to use the HealthCast Web API Server. You can do this by using the INI file (wnos.ini), or using the
ThinOS UI. It is recommended that you use the INI file for large deployments.
To use the HealthCast Web API, configure the HealthCast settings on the thin client side. To configure, do the following:
1. From the desktop menu, click System Setup, and then click Remote Connections.
The Remote Connections dialog box is displayed.
2. Click the Authentication tab, and then click HealthCast.
3. Enter the HealthCast server details in the box provided.
4. To import the client certificate, click Browse, and select the appropriate certificate you want to use.
5. Click OK to save the settings.
To configure using INI parameters, add the following INI parameters to your wnos.ini file:
HealthCastServer— The server address and options needed for the client to connect to the HealthCast Web API Server.
HealthCastServer=<https address> SecurityMode=<default, full, warning, low>
ClientCertificate=<cert-pfx-file-name>
For example: HealthCastServer=https://server1.example.com SecurityMode=full
ClientCertificate=client-cert.pfx. For more information on INI parameters, see Dell Wyse INI Reference Guide.
HealthCast SSO features and functionality on ThinOS
The following are the HealthCast SSO features and functionality on ThinOS:
• Proximity card enrollment—HealthCast supports user self-enrollment. There is no need to bring the proximity card to a special
registration station, or for IT staff to be involved. Instead, you must only tap the disenrolled proximity card at a terminal and you can
follow the registration process. This is a one-time event after which you can use the card wherever HealthCast is installed.
• Manual login and lock/unlock terminal—If you do not have a card, or choose not to use your card, then you can manually log in
using your user name and password. Administrators can disable manual login, if they want, so that users can sign on with their
proximity cards. You can also lock or unlock the terminal, if you have signed on with a manual login.
• Proximity card login and lock/unlock terminal—After the proximity card is registered, tap the card at a terminal to log in.
You can lock the session to secure it, but leave the remote session connected for fast access when you return. To do this, tap the
proximity card and the session is locked.
To resume the session, tap the card again.
• Walk away—Terminals can be configured to lock or log off sessions that have been left open. The time that elapses before automatic
lock or log off can be set by an administrator using the convenient web administration application.
• Tap-Over—If a session is locked or left open, a second user can tap their own proximity card and this disconnects the first session
and log the second user into their own unique session.
• Forgotten card—If you forget your card at home, you can receive a temporary card and register it for the day using the same
registration process that is mentioned in this section.
54
Configuring connectivity