TruGrid Secure RDP - Trusted Location Login

How to Configure Trusted Location Login for TruGrid SecureRDP


Trusted Location Login allows TruGrid administrators to define trusted network locations (by IP address) where users will experience a simplified login flow. When connecting from a trusted location, users authenticate against On-Premise AD without MFA. When connecting from outside a trusted location, users authenticate against EntraID with full MFA and Conditional Access enforcement.


This feature is available for Hybrid Domains with AD syncing with EntraID.


How It Works


TruGrid detects the public IP address of the user's location at login time. If the IP matches an address on the domain's Trusted Location list, the login flow switches from Entra ID to On-Premises AD authentication.


Trusted Location

Untrusted Location

Authentication

On-Premises AD

EntraID

MFA

Not required

Enforced via EntraID

Conditional Access

Not applied

Applied

Automated Shortcut Creation

Supported

Not supported

User experience

Direct login with AD credentials

EntraID sign-in with MFA prompt




Important Notes


  • This feature requires that the environment is configured for both Entra ID and On-Premises AD authentication. The EntraID connection serves as the default, and the On-Premises AD path is used when a trusted location is detected.
  • Trusted Location detection is based on the user's public IP address as seen by TruGrid at the time of login. Users on VPN or split-tunnel configurations may present a different IP than expected.


Requirements


  • Domain must be connected to EntraID (setup guide)
  • On-Premises AD authentication must also be configured (setup guide)
  • Desktop Shortcut feature must be turned ON
  • Remember me and password reset features must be turned OFF 
  • TruGrid Sentry has to be installed and online
  • At least one trusted IP address needs to be configured for the domain
  • Latest version of TruGrid Windows Connector must be installed (2026.3.1)

Setup


Trusted Location Login is currently configured by the TruGrid team on a per-domain basis.

To enable this feature:


  1. Contact TruGrid support via Live Chat or email (help@trugrid.com)
  2. Provide the domain name and public IP address(es) to be added to the Trusted Location list for the domain
  3. TruGrid will configure the trusted IPs for the domain and confirm when the feature is active


To find a location's public IP address, visit whatismyip.com from a machine on that network.


Note: Self-service configuration via the TruGrid admin portal is planned for a future release.


Verifying the Feature


Once TruGrid confirms that the trusted IPs have been configured:


  1. Test from a trusted location: Connect to TruGrid from a machine on a trusted network. A standard AD login prompt without an Entra ID sign-in or MFA prompt is presented.
  2. Test from an untrusted location: Connect from a network not on the Trusted IP list (mobile hotspot, home, VPN to a different location). Full Entra ID login flow with MFA will apply.


Desktop Shortcuts


In environments which have this feature enabled, for ease of access and frictionless access to RemoteApps, all the apps assigned to the user will be placed as Desktop Shortcuts in a folder that will be created on the users Desktop.

The folder will be created in the following format: TG-APPS user.name@domain.com :



Frequently Asked Questions


Q: Can I add multiple IPs?

A: Yes. Contact TruGrid support to add as many trusted IPs as needed for your environment.


Q: What happens if my office IP changes?

A: If your ISP assigns a new public IP, the trusted location match will fail, and users will fall back to the EntraID login flow. Contact TruGrid support to update your IP list.


Q: Does this work with dynamic IPs?

A: Trusted Location Login requires static public IPs. If your office uses a dynamic IP from your ISP, this feature may not be reliable. Consider requesting a static IP from your ISP or using a VPN with a fixed exit IP.


Q: Can I use IP ranges instead of individual IPs?

A: At the moment, only individual IP addresses are supported.


Q: Does this affect Conditional Access policies I have configured in Entra ID?

A: No. When connecting from a trusted location, the login bypasses Entra ID entirely, so Entra Conditional Access policies are not evaluated. When connecting from an untrusted location, all your existing Conditional Access policies apply as normal.


Q: Is this the same as Microsoft's Trusted Locations in Conditional Access?

A: No. This is a TruGrid feature that controls which authentication flow is used at the TruGrid login level. It operates independently of Microsoft's Named Locations or Trusted Locations configured in Entra ID Conditional Access.


Updated on: 13/03/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!