Highlights
- Improved Agentless Events
- Redesigned Events AI Search Experience
- Configurable Webhook Payload Format
- CAuth Model Training Status Visibility
- Clearer CAuth Event Messaging
- Human-Readable Event Type Labels
- Default Shared Workstation Entitlement Group
- Streamlined Directory Options
- Resilient Event Exports
- Bug fixes
Enhancements
Improved Agentless Events
Agentless events now capture the full picture of each authentication attempt. This includes user and device information for failed attempts and when an attempt is cancelled.Redesigned Events AI Search Experience
You can now handle all event browsing, filtering, and exporting directly from the Events AI page — no need to fall back to the legacy Events view. Natural-language queries and a structured filter panel work together, so you can start with an AI search and refine the results with standard filters without losing your place. Clicking a user or device cell lets you jump straight to that record or add it as a filter, and aggregation results are fully drillable into the underlying events. Time presets, applied-filter chips, and export all reflect exactly what you are looking at.Configurable Webhook Payload Format
You can now choose how webhook events are delivered: as newline-separated JSON (the existing default) or as a single JSON array. This makes it easier to plug TruU events into consumers that expect a particular shape, such as Microsoft Sentinel, without extra transformation on your side. Compression continues to work with whichever format you pick, and any change to the setting is captured in the audit log.CAuth Model Training Status Visibility
You can now see at a glance whether each user’s CAuth keyboard model is trained, still learning, or unavailable. The status updates automatically as users move through training, and you can filter by it on the Accounts page and in reports. When CAuth is not enabled for a tenant, the indicator is hidden so it does not add noise.Clearer CAuth Event Messaging
You can now read plain-language messages for continuous authentication events in the Events view. A successful CAuth event now reads “Continuous authentication successful. Behavioral pattern confirms user identity.”, and fallback sign-ins with PIN or biometrics are labeled as fallback methods rather than as separate CAuth failures. This makes it much easier to understand why an event was recorded without reading numeric risk codes.Human-Readable Event Type Labels
You can now read event type names in plain language — “User Registration” instead of “USER_REGISTRATION”, “Keyboard Model Reset” instead of “CAUTH_KEYBOARD_MODEL_RESET”, and so on. Labels are consistent across the Events AI page, the event detail panel, and exports, so newly introduced event types no longer show up as “Unknown”. Status has also moved into the Event Information section of the event detail for easier scanning.Default Shared Workstation Entitlement Group
New tenants now come with a default Shared Workstation entitlement group already set up under Computers and applied to the default Shared Workstation policy. This removes a manual configuration step from initial setup and gets your shared-workstation deployment running faster. Existing tenants will see the new entitlement group available but will not have their current configuration changed.Streamlined Directory Options
You now only see directory types that are fully supported by TruU when configuring directories in the admin console. Unsupported options have been removed so you do not accidentally configure a directory that would not work well for your users.Resilient Event Exports
You can now count on event exports to recover from transient issues. If a batch in the middle of an export fails, the export is automatically retried from where it left off rather than failing the whole job. Large, long-running exports are far more likely to complete successfully without needing to be restarted.Bug Fixes
- Fixed an issue where “App Download” and “App Installation” events from the Mobile Authenticator were not being ingested, so they did not appear on the Events page. These events now flow through correctly and show up in searches and reports.
- Fixed an issue where Shared Workstation sign-in failed with a CA enrollment error when using the Venafi adapter. Shared Workstation sign-in now completes as expected on deployments that use Venafi.
- Fixed an issue where the Computers page appeared empty until you applied and then cleared the App Installation filter. Records now display immediately when you open the page.
- Fixed an issue where some labels in the User Portal remained in English when the browser language was set to another language. Those strings now follow the browser’s language setting.
- Fixed an issue where the dropdown in the MDM policy was blank when enabling MDM. You can now see and choose the available options when setting up MDM.
- Fixed an issue where an assurance-level change could stall a pending device update. Updates now continue to apply as expected after an assurance change.
- Fixed an issue where a Shared Workstation registration policy could be saved without selecting an authentication method. The policy now requires at least one auth method before it can be saved.
- Fixed an issue where unchecking Computer or Download rights on a role did not persist. Removed rights now stay removed when you save the role.
- Fixed an issue where enrollment audit details were missing from the initial enrollment response, which hid useful context in audit logs. These details are now returned so audit and diagnostics work correctly.
- Fixed an issue where deeplink enrollment from an email invite did not launch correctly. Clicking the invite link now opens the enrollment flow directly.
- Fixed an issue where a failed sign-in with a passkey or a hardware key logged the same generic event, making it hard to tell which method the user attempted. The event now distinguishes between passkey and hardware key failures.
- Fixed an issue where the countdown timer was missing from the Access Denied screen shown after too many failed enrollment attempts. Users can now see how long they need to wait before trying again.
- Fixed an issue where exports from the Events AI page did not include the full event content. Exports now contain all event data.
- Fixed an issue where a user could bypass part of a configured workflow. The workflow now enforces all configured steps.
- Fixed an issue where the legacy Events page showed an incorrect value in the Target column. The column now reflects the correct target.
- Fixed an issue where clicking the lock icon on the Integrations page led to a 404 error. The icon now opens the expected page.
- Fixed an issue where certain SAML attribute values could cause an error during SSO. SAML-based sign-ins that previously failed with this error now succeed.
- Fixed an issue where a translation bundle could not be deactivated from the Internationalization page. Setting a bundle to Inactive now takes effect and removes it from user-facing screens.
- Fixed an issue where enrolled accounts did not appear in the Admin Console for FIDO-joined devices. These accounts now show up correctly.
- Fixed an issue where scheduled event reports stopped being generated. Event reports now generate and deliver on schedule.
- Fixed an issue where failure events from agentless authentications were not being published. These events now appear in the events feed and in reports.
- Fixed an issue where deleting a translation on the Internationalization page did not work. You can now delete translations as expected.
Known Issues
| Ticket Number | Component | Summary |
|---|---|---|
| PLAT-11042 | Event Logging | No event is generated in the Admin Console when a user cancels enrollment. |
| PLAT-9359 | Admin Console | The view of devices does not get updated immediately when dormant settings are modified. If the Admin changes the “Stale Device Handling” configuration under “Settings > Security”, the status for devices (Active / Dormant) may not be accurate for up to 15 minutes as the status is cached and updated every 15 minutes. |