How to exempt a user from a Trust Factor

A Trust Factor is a visible attribute on user devices that is assessed against criteria set by administrators and used in calculating the device's Trust Score. If an attribute cannot be recognized by the device, the Trust Score may drop significantly, preventing users from accessing internal resources.

In the following scenario, the administrator chose these trust factors:

• Auto Update, with a low trust effect
• Application Check, with a low trust effect
• Disk Encryption, with a medium trust effect

However, since the application check is failing, the trust level has dropped to low, preventing the user from accessing resources. For details on how the trust factor is calculated, please refer to the following link: Trust Calculation.

To resolve this issue, please ensure the trust factor is configured correctly. You can find more details in our trust factor information. After reviewing this information, if the trust factor works for most users but fails for a few, and you have completed the necessary troubleshooting steps, you can exempt those users from the trust factor. In this scenario, we will use the application check as an example.

1.- Create a new Trust Profile for those users 

Please go to trust > Profiles > Create profile > Create trust profile > enter the trust profile name and description, you can also clone an existing Trust profile.

On device details make sure to add the serial number or assign those users to a group created on your IDP, in this scenario I will use the device platform for this exemption and click on continue.

2.-Select the Trust Factor that is failing

On trust factors, select the factors and make sure the effect of  the application check is set to “No Effect” and click on Create.

3.- Change the order of the trust factor

In SonicWall Cloud Secure Edge (CSE), the rule is that a device can only be assigned to one Trust Profile. Since the device’s features apply to both Trust Profiles, the profiles must be prioritized. To resolve this, the admin can navigate to the Trust Profile Prioritization page in the Command Center, and drag the Trust Profiles in order of priority, where 1 is the highest priority.

To prioritize Trust Profiles, select the top right triangle button, and complete the following:

• Drag and drop the profiles in the preferred order;
• Save.

Please wait up to 10 minutes for the new profile to activate. Check the number of devices listed under the trust profile you created. Refresh the app to see the trust level displayed as high.

At this point, the user should be able to access their internal resources.