Skip to main content
Date: December 23, 2025 We are pleased to announce the first general availability (GA) release of TruU Shared Workstation, version 25.3.0. Please review this document in its entirety for details about the release, including highlights and known issues. Highlights
  • Frontline Access Overview
  • Policy Management
  • Authentication
Frontline Access Overview TruU Shared Workstation enables passwordless sign-in for environments where workstations are shared by multiple users. Each authentication session is isolated, ensuring that no user-specific secrets or credentials persist on the device after sign-out. Key capabilities include:
  • Secure access on non-personal, shared Windows workstations
  • No dependency on locally stored passwords
  • Centralized authentication and authorization through TruU Cloud
  • Designed for regulated and security-sensitive environments
Policy Management TruU Shared Workstation is fully policy-driven, allowing administrators to centrally define and enforce authentication requirements for shared devices. Administrators can:
  • Define which authentication factors are allowed or required for shared workstations
  • Control enrollment and authentication behavior without binding devices to individual users
  • Enforce consistent security policies across all shared endpoints
  • Manage access rules from the TruU Admin Console without local workstation configuration
Policies ensure that security requirements are applied uniformly while still allowing flexibility based on organizational needs. Shared workstation policy includes an authorization component where the policy itself provides the authorization for users, so that Admins have control over who is allowed to use the shared workstation. Authentication Administrators configure the shared workstation policy to specify the method of authentication. The following authentication means are currently supported:
  • TruPIN
  • Physical Access Badge
  • TruU Mobile App
  • Identity Verification Workflow (available upon request)
TruPIN TruPIN is a cloud-managed personal identification number (PIN) that users create and maintain through the TruU User Portal. Its availability depends on the applicable registration policy, which determines whether enrollment in this specific TruFactor is permitted. Unlike locally managed credentials, TruPIN is fully managed within the TruU Cloud, not stored or validated on individual workstations or mobile devices. Depending on policy configuration, the TruPIN may be used in one of two ways:
  • Username-based authentication - after the user provides an identifier (e.g., username or email address).
  • Badge-assisted authentication - after the user taps a physical access badge to an attached card reader, which identifies the user and triggers the PIN prompt.
Physical Access Badge For computers equipped with NFC card readers-including those supported through USB-based peripherals-the shared workstation can be configured to accept an access badge as an authentication method. When used, the access badge functions as both the user identifier for the shared workstation and as a possession factor in the authentication process. Administrators can configure shared workstations to allow badge-only sign-in (single-factor authentication) or to require multifactor authentication (MFA) by combining the badge with their TruPIN as a required knowledge factor. TruU can register access badges automatically and/or manually:
  • Automatic badge registration: if badge values are stored in the enterprise directory, badges can be added as a global attribute for the directory. In this mode, a scanned badge value is read and sent to the directory for validation.
  • Manual badge registration: if badge values are not stored in the enterprise directory, users can be enabled to manually register a badge. When users have manual badge registration enabled as a registration policy, they will see an option to add a badge in the TruU User Portal.
TruU Mobile App When signing in to a shared workstation using the TruU Mobile App, the workstation displays a QR code that can be scanned from the mobile device. The user can scan the QR code and authenticate using their PIN and/or biometrics with the TruU mobile app to logon to the shared workstation. Identity Verification Workflow (available upon request) The initial shared workstation offering does not include workflow-based authentication as a default option; however, it can be enabled upon request. When enabled, workflow-based authentication allows users to verify their identity using knowledge factors and/or possession factors (such as registered phone numbers (SMS) or email (OTP code delivery)) stored within the enterprise directory. These factors can be incorporated into customized authentication workflows to meet specific organizational or security requirements.

System Requirements

The following prerequisites must be met in order to install and use TruU Shared Workstation: Supported Windows Versions
  • Windows 10 - 22H2
  • Windows 11 - 24H2
Workstation Domain Requirements
  • The workstation must be joined to Active Directory (Shared Workstation 25.3.0 is supported on Windows devices joined to on-premises Active Directory (AD Join))
Runtime Requirements
  • The workstation must have .NET Desktop Runtime 8.0.17 or greater installed

Known Issues

Ticket NumberComponentSummary
WA-23183Sign inSSO from Shared Workstations is not yet supported.
Android 25.3.01 Release Notes Admin Assisted Enrollment