The ZoneBuilder feature of SafeConsole allows devices to be unlocked through certificates. If you would like to share a device and have it unlock on multiple host computers, you will need to use your own certificates generated by a CA that you control.
Please see this article for information on how to setup ZoneBuilder to use these certificates. Once you are ready to distribute the client certificates see the image below for an example of how devices can be shared.
In this example, SafeConsole pulls the Active Directory Structure from the AD server. You will also select the Public CA Key that you want SafeConsole to use. All the ZoneBuilder policies in this example will use the same public CA certificate. Inside SafeConsole, three separate policies are created:
- Engineering
- Marketing
- John Doe
We will then in turn create one client certificate for each of the policies. These client certificates can be integrated into the active directory and pushed out to user accounts using the same structure we used to build the SafeConsole policies. Once the certificates are installed and devices are registered you will be able to "Trust this account" in the device Settings. This binds the device to the client certificate that you installed on the PC.
You will now be able to unlock the SafeConsole Ready Device on any computer with the same client certificate.