There are a few policies that require you to be inside the Trusted Zone. Essentially what the Trusted Zone allows is for an Administrator to restrict device access to devices based on their location even when devices are offline. This is accomplished by installing a trusted certificate on the computers that are inside the Trusted Zone.
There are two ways to define a Trusted Zone:
Trusted Network is the first way. Any device inside the Trusted Network will be inside the Trusted Zone. This requires devices to be online and connected to the Server. You are able to set a whitelist of IP addresses that are permitted to be inside the Trusted Network. If Trusted Network is turned off or blank then all valid IP addresses will be considered inside the Trusted Network, and thus the Trusted Zone. Trusted Network uses the IP address of the computer as it reaches the SafeConsole server. Thus if traffic is routed through a VPN, then it will need to be the VPN's address that is whitelisted.
ZoneBuilder is the Second way to be inside the Trusted Zone. Unlocking the device once when ZoneBuilder is turned on, and from a computer inside the Trusted Network will install a certificate for the current user on that computer. This allows that computer to be considered inside the Trusted Zone even when offline. When ZoneBuilder is set to "NO - Allow device software to generate certificates" the certificate is uniquely created for each computer and cannot be shared or exported to other computers. If you would like to manage the certificates on your own please see this article: ZoneBuilder Requiring Certificates from own CA
Use Case Example:
You only want to allow SafeConsole Ready Devices to be used on company provided workstations.
- Whitelist your company's public IP (Cloud) or Private IP range (On-Prem) inside the Trusted Network policy.
- Enable ZoneBuilder, And the Option to "Only allow device usage on computers linked within your Trusted Zone"
Once your users unlock their device once inside your network they will be use their device offline and at home on their company computer.