The ZoneBuilder feature of SafeConsole allows devices to be unlocked through certificates. If you would like to share a device and have it unlock on multiple host computers, you will need use your own certificates generated by a CA that you control. 



Please see the this article for information on how to setup ZoneBuilder to use these certificates. Once you are ready to distribute the client certificates see the image below for example on how devices can be shared. 




In this example SafeConsole pulls the Active Directory Structure from the AD server. You will also select the Public CA Key that you want SafeConsole to use. All the ZoneBuilder policies in this example will use the same public CA certificate. Inside SafeConsole, three separate policies are created:

  1. Engineering 
  2. Marketing
  3. John Doe


We will then in turn create one client certificate for each of the policies. These client certificates can be integrated into active directory and pushed out to user accounts using the same structure we used to build the SafeConsole policies. Once the certificates are installed and devices are registered you will be able to "Trust this account." This is actually trusting the client certificate that you installed. 


You will now be able to unlock the SafeConsole Ready Device on any computer with the same client certificate.