Skip to main content
Date: November 13, 2025

Highlights

  • Improved CyberArk (fka Venafi) Adapter
  • Enrollment/Authentication Lock-Out After Too Many Failed Attempts
  • Bug Fixes

Enhancements

Improved CyberArk (fka Venafi) Adapter

The former Venafi ZTPKI Adapter has been updated in two ways:
  • The adapter name has been changed to CyberArk ZTPKI.
  • The adapter now allows Admins to specify the use cases that they are issuing certificates for, and which certificates (CyberArk Policies) to use for each. This change allows a single adapter to be used for both standard Windows Authenticators and Shared Workstations with different certificate validity periods for both.
NOTE: If you are managing your own Identity Servers, you will need to upgrade to version 25.194 (or higher) in order to use this feature.

Enrollment/Authentication Lock-Out After Too Many Failed Attempts

We have improved security with this release to prevent brute-force attacks by imposing a lock-out period for enrollment and authentication after too many failed attempts. By default, a 10-minute lockout is invoked after 5 failed enrollments or authentications within a 10-minute period. The thresholds and time periods are not configurable by Admins, but TruU can change the settings for a customer upon request.

Bug Fixes

  • We have fixed a UI issue with workflow-based authentication where the help text and the field name would occasionally overlap making the text difficult to read.
  • We have fixed an issue where SSO authentication would not complete using a Mac Authenticator if the user ignores an authentication prompt and lets the session expire.
  • We have fixed an issue that prevented users from being able to login to the User Portal using a resent authentication code as part of an authentication workflow.
  • We have fixed an issue that prevented users from being able to save the configuration for Entra ID as a directory without enabling the feature to automatically remove devices based on changes to user status in the directory.

Known Issues

Ticket NumberComponentSummary
PLAT-11042Event LoggingNo event is generated in the Admin Console when a user cancels enrollment.
PLAT-9359Admin ConsoleThe view of devices does not get updated immediately when dormant settings are modified. If the Admin changes the “Stale Device Handling” configuration under “Settings > Security”, the status for devices (Active / Dormant) may not be accurate for up to 15 minutes as the status is cached and updated every 15 minutes.
PLAT 26.198 Release Notes PLAT 25.192 Release Notes