Security key redirection enables the use of security keys through a TeamViewer session.
A security key plugged into the local computer can be recognized by the remote computer and used as if it were plugged directly into that computer, e.g., for web authentication, Windows logon, or running a task with elevated privileges.
⚠To ensure that the security key redirection works well, please note:
- The LAN mode should be deactivated on the remote side.
- There isn't an active RDP session on the remote side.
- 📌Note: If there has been an active RDP session at any time during a remote connection, the connection has to be restarted.
- The deployment process (MSI and EXE) will automatically remove the existing driver entirely without user input if it detects that the system is below Windows 10 or is a 32Bit system.
This article applies to customers with a TeamViewer Tensor license using Windows OS 8.1 and higher.
Benefits
While the most familiar form of Two-Factor Authentication is a one-time password texted to your phone, the most secure version is a physical security key that serves this purpose instead.
When an account is protected with a security key, nobody can gain access without having both your password and physical access to your security key.
Prerequisites
To use security key redirection:
- a TeamViewer Tensor license is required;
- TeamViewer Host or full version must be installed on the remote side; and
- the TeamViewer Virtual Security Key Driver must be installed on the remote computer.
📌Note: Some keys might require the installation of a mini driver on the remote machine. Please check the documentation of the key you intend to use.
Install the TeamViewer Virtual Security Key Driver
There are two ways to install the TeamViewer Virtual Security Key Driver: via the MSI installer or via the application settings.
Via the MSI installer
The installation can be done using the MSI installer with the following property:
INSTALLSECURITYKEYREDIRECTION=1
Via TeamViewer application settings
- In the TeamViewer application, open the options by clicking the gear icon (⚙) at the top right.
- Click on the Security tab on the left.
- You will find the Security key redirection section at the bottom.
- Click on Install... to install the driver.
If the driver is correctly installed, it will appear in the Device Manager under System devices:
Use security key redirection.
On the local computer, plug in the security key during the TeamViewer session.
Any time during a session, go to Files & Extras and click on Redirect security key. This will list all compatible security keys.
Clicking on Start redirection will make them available on the remote computer.
Once the redirection has started, any compatible security key plugged into the local computer will be automatically redirected.
Stop the redirection of a security key
To stop the redirection, go to Files & Extras and click on Enable security key. This will list all security keys that are redirected to the remote computer.
Clicking on Stop redirection will stop the redirection of all available security keys.
Compatible security keys
Security keys can be used based on the FIDO protocol and smart cards.
