Some customers require the use of DigiCert USB eTokens (or similar hardware-based security keys) to perform application code signing within Workspot virtual desktops. Recent policy changes from DigiCert now mandate the use of a physical eToken to verify developer identity during the signing process.
In certain scenarios, customers may observe that the DigiCert USB eToken is not available when connecting to a Workspot desktop through the Workspot application, even though the same device works successfully when connecting to the same desktop using the Microsoft Remote Desktop (RDP) client.
This document outlines the expected behavior, supported configuration, and current limitations related to USB eToken redirection in Workspot.
Affected Use Case
Developers using Workspot-managed virtual desktops (for example, Windows desktops with Visual Studio installed)
DigiCert-issued USB eToken (or equivalent code-signing hardware token)
Application code signing workflows that rely on USB-based identity verification
Symptoms
Customers may experience one or more of the following:
DigiCert USB eToken does not appear in the device redirection options when connecting via the Workspot application
The eToken is not detected inside the Workspot virtual desktop after login
Code signing fails because no valid signing certificate is found
The same eToken functions correctly when connecting to the identical desktop using the Microsoft Remote Desktop (RDP) client with device redirection explicitly enabled
Cause
USB-based security tokens such as DigiCert eTokens rely on specific device enumeration behavior. Within Workspot, only USB devices that enumerate as Smart Cards are supported for redirection.
Supported Configuration in Workspot
To enable DigiCert USB eToken redirection where supported, ensure Smart Card Redirection is enabled in the applicable Workspot Security Policy.
Configuration Steps
Sign in to Workspot Control
Navigate to: Policies → Security Policies
Open the Security Policy assigned to the affected desktop pool
Verify the following setting:
Smart Card Redirection: Enabled
.png?sv=2022-11-02&spr=https&st=2026-02-04T23%3A46%3A54Z&se=2026-02-04T23%3A58%3A54Z&sr=c&sp=r&sig=s9211qjYqnA1RXm665SAfaPPfj4UpHZtp0VVfuS%2B2NE%3D)
Save and apply the policy
Note: Changes take effect on new user sessions. Existing sessions must be logged off and reconnected.
Expected Behavior After Configuration
If the DigiCert eToken enumerates as a Smart Card, it should be available inside the Workspot desktop
If the device continues to work only in Microsoft Remote Desktop and not in the Workspot application, this indicates that the eToken is not exposing itself strictly as a Smart Card-compatible device.
Summary
DigiCert USB eToken redirection in Workspot is supported only through Smart Card Redirection and is governed entirely by the Security Policy applied to the desktop pool.
If the eToken does not appear when using the Workspot application but functions with Microsoft Remote Desktop, this behavior is expected due to client-level differences in USB redirection handling.
For customers requiring broader USB device redirection capabilities, Microsoft Remote Desktop may remain the appropriate connection method until additional USB redirection support is introduced in Workspot.