Skip to main content
Date: June 27, 2026

Highlights

  • Redesigned Face Sign-In for Shared Workstations
  • Clearer, More Accurate Authentication Events
  • Continuous Authentication Enforce and Report-Only Modes
  • OAuth Client Management Improvements
  • Simplified Registration Policies
  • Bug Fixes

Enhancements

Redesigned Face Sign-In for Shared Workstations

  • You now get a cleaner, more responsive face sign-in experience on shared workstations. The camera screen has a refreshed, translucent look, no longer shows a duplicate “Look at the camera” prompt, and face is hidden as an option entirely when no camera is present on the device. These changes make sign-in at kiosks and factory-floor stations faster and less confusing.

Clearer, More Accurate Authentication Events

  • Authentication events in the Admin Console now describe what actually happened. Certificate-based sign-ins on shared workstations are now labeled “Certificate Based Authentication” instead of being mislabeled as PIN authentication, and re-authentication events show the correct details. Events are now also logged for invalid and unregistered badge taps, FIDO2 security key repairs, and driver recovery, so you have full visibility into sign-in activity.
  • Event filtering and reporting are easier to use. Event type, status, and value dropdowns are now sorted alphabetically, category filtering works correctly, and downloaded event reports include the complete information you expect.

Continuous Authentication Enforce and Report-Only Modes

  • You can now configure policy in the Admin Console for Continuous Authentication to operate in either Report-Only or Enforce mode. Report-Only lets you observe risk signals and their impact before turning on enforcement, so you can roll out continuous authentication with confidence and no surprises for your users.

OAuth Client Management Improvements

  • Managing OAuth clients is now more reliable. You can apply bulk actions across all OAuth clients at once, page filters stay applied as you navigate, and changes to OAuth clients are now properly captured in the audit trail. Behind the scenes, credential changes are tracked so failed token requests are easier to diagnose.

Simplified Registration Policies

  • The requirement for biometrics during enrollment has been removed. Biometrics can still be required for application access, but will no longer prevent a user from completing their enrollment. The policy setting for requiring MDM has been removed as well.

Bug Fixes

  • Fixed an issue where the camera light stayed on after a face recognition failure on shared workstations.
  • Fixed an issue where face enrollment could fail when switching to an external camera on a Windows device.
  • Fixed an issue where the “Switch Sign-In Option” choice disappeared after re-entering the sign-in workflow on a shared workstation.
  • Fixed an issue where an incorrect error message was shown when an invalid username (UPN) was entered on a shared workstation.
  • Fixed an issue where a valid badge was occasionally not recognized on the first tap.
  • Fixed an issue where no event was generated when face recognition failed during authentication on a shared workstation.
  • Fixed an issue where the device drill-down page would not load for shared workstation machines from the Events page.
  • Fixed an issue where the Admin Console showed an incorrect message for a non-existent user, and where invalid input produced no validation message.
  • Fixed an issue where searching for “Today’s events” returned inconsistent results and where event aggregation data was unavailable for Authentication.
  • Fixed an issue where TruFace and PIN deletion events did not display the correct text, and where YubiKey registration failures generated no event.
  • Fixed an issue where multiple events were recorded for auto-rejection and manager-rejection flows in the event log.
  • Fixed an issue where the Admin Console session expired without logging the user out.
  • Fixed an issue where the device list was missing from the User Portal and where users could land in the legacy User Portal unexpectedly.
  • Fixed an issue where incorrect unenrollment messages were shown when removing a device, and where agentless and mobile devices removed together produced an incorrect message.
  • Fixed an issue where biometric consent could be reported inconsistently between Granted and Revoked across the portal and device.
  • Fixed an issue where duplicate emails were sent to the approver during the Identity Verification flow.
  • Fixed an issue where active users could be unexpectedly unenrolled on iOS devices or on app launch.
  • Fixed an issue where certificate renewal retries could lead to unexpected unenrollment after a network reconnect on Mac.
  • Fixed an issue where a Keyfactor certificate could not be revoked.
  • Fixed an issue where user-friendly QR codes did not work as expected.
  • Fixed an issue where users could not sign in to the User Portal in some environments due to an internal server error.
  • Fixed an issue where an adapter could be created without accepting the EULA.
  • Fixed an issue where the user export produced incorrect results.
  • Fixed an issue where Entra ID SSO could fail to fetch the well-known configuration file, and where cloud identity servers were incompatible with the SSL option.
  • Fixed an issue where biometric consent redirected to an error screen.