Highlights
- Policy-Based SSO Support on Safari
- Removed Need to Re-Enable Touch ID
- Improved Enrollment Error Handling
- Support for Distinguishes Name for CSR Subject
Enhancements
Policy-Based SSO Support on Safari
-
We have extended our policy-based SSO support (previously only available on Chromium-based browsers) to Safari. The application authentication experience for Safari-users will now honor the policy set in the Admin Console for Applications using the following methods:
- Seamless (where the user does not need to take any action if they logged into the computer with TruU)
- Biometrics only
- Biometrics or PIN
- PIN only
- Biometrics + PIN.
Removed Need to Re-Enable Touch ID
- Users with the macOS Sonoma or Ventura operating systems will no longer be prompted to provide their PIN to re-enable Touch ID for TruU. With this version of the Mac Authenticator, Touch ID will not time out automatically and user will not be bothered to re-enable periodically.
Improved Enrollment Error Handling
- If an enrollment fails due to a problem where the Mac is unable to obtain a certificate, we now provide a more descriptive error to the user. In the past, the user would see a message stating: “Oops something went wrong”. Now, if the enrollment fails because the Mac was unable to obtain a certificate, we provide a more descriptive error message of: “Unbale to obtain a certificate to complete enrollment.”
Support for Distinguished Name for CSR Subject
- With this release, we now support use of X500 Distinguished Name values in the subject field for end-user certificates for KeyFactor customers. This enables the certificates issued through TruU / KeyFactor to match the format customers have been using from their legacy Microsoft CA infrastructure. When generating a CSR, we use the following logic:
- If the Distinguished Name is available, we use that as the subject.
- Otherwise, we use the displayName as the subject.
Bug Fixes
- We have fixed an issue where thick client login using an embedded browser would fail on the Mac Authenticator and would require the user to login with another method (e.g., Mobile Authenticator).
- We have fixed an issue in UI when using sudo where user would be prompted to enter their Password instead of their PIN.
- We have fixed an issue where using Touch ID to authenticate may be reported in Admin Console as using a PIN.
- We have fixed an issue where user would be presented with a Password prompt to use the Login Keychain on the lock screen after installing the Mac Authenticator.
- We have fixed an issue where deleting a user / account from the Admin Console would not cause the account to be unenrolled on the device.
- We have fixed an issues in reporting events to Admin Console to prevent duplicate records, and/or blank usernames.
Known Issues
| Ticket Number | Component | Summary |
|---|---|---|
| WA-13619 | Login | TruU icon may disappear from the macOS menu bar and some capabilities (e.g., Kerberos token refresh) may stop working. If this happens, logging out and logging back in should resolve the issue. |
| WA-18329 | Login | Users may see a “Smartcard initialization error” on the lock screen after upgrading the OS. If this happens, restart the machine to fix the problem. |
MA 24.2.2 Release Notes Platform