SafeNet Agent for macOS Logon
Product Description
The SafeNet Agent for macOS Logon is designed to help enterprise customers to ensure that valuable resources are accessible only by authorized users. It delivers a simplified and consistent user login experience, virtually eliminates help desk calls related to password management, and helps organizations comply with regulatory requirements.
The use of Two-Factor Authentication (2FA) instead of just traditional static passwords to access a macOS environment is a critical step for information security.
Release Description
Release Summary – SafeNet Agent for macOS Logon 2.2.0
The following release has been issued for SafeNet Agent for macOS Logon v2.2.0:
General Availability Release - August, 2024
This release introduces the following significant feature.
Number Matching
The agent now supports MobilePASS+ push with number matching feature, which secures push authentications to protect against MFA fatigue or push bombing attacks.
Number matching gives control to the user for every login request, because they must select the number in the push notification on their MobilePASS+ application as is displayed on the login screen.
For more details, refer to Testing the Solution section in SafeNet Agent for macOS Logon: Installation and Configuration Guide.
Release Summary – SafeNet Agent for macOS Logon 2.1.0
The following release has been issued for SafeNet Agent for macOS Logon v2.1.0:
General Availability Release - February, 2024
This release introduces a new OS support and resolves a customer-reported issue.
Extended Operating System Support
The SafeNet Agent for macOS Logon is now compatible with Sonoma 14.0.
Resolved Issues
| Issue | Synopsis |
|---|---|
| SASNOI-18369 | Summary: A delay of few minutes is observed during login if the primary authentication server is not available. Failover from primary to secondary authentication server is now configurable through a newly added property internetReqTimeoutInSec in the sampleConfig.agent file (available in the package). |
Known Issues
The following table provides a list of known issues for SafeNet Agent for macOS Logon.
| Issue | Synopsis |
|---|---|
| SASNOI-18922 SASNOI-18923 |
Summary: During the agent upgrade, the MACConfig.plist file fails to update. As a result, - The newly added features in the latest release, if any, do not work. - MFA on system unlock does not work. Workaround: After the upgrade, run the Configure_macLogon script available in the package. It will be fixed in a future release. |
Release Summary – SafeNet Agent for macOS Logon 2.0.0
The SafeNet Agent for macOS Logon v2.0.0 release focuses on enhanced user experience due to the native login UI based implementation. It also resolves some customer-reported and performance issues thereby resulting in faster authentications.
Extended Operating System Support
The SafeNet Agent for macOS Logon is now compatible with Ventura 13.0.
Other enhancements in this release are:
- Support of automated agent deployment through JamfPro. For more information, see Installing, Configuring, and Uninstalling the agent using Jamf Pro section in SafeNet Agent for macOS Logon: Installation and Configuration Guide.
- Agent compatibility with macOS native FDE tool, FileVault.
- The Settings tab in the SafeNet Logon Configuration is modified to select the SafeNet server supported username format.
Resolved Issues
| Issue | Synopsis |
|---|---|
| SASNOI-13319 | Summary: While logging into an MLA protected machine, there was a time lag of several seconds after providing the second factor of authentication. This performance issue is fixed and now it takes few seconds to access the terminal after user submits the second factor of authentication. |
| SASNOI-15357 | Summary: While manually replenishing the offline tokens in the management console, the tokens were not replenished even though it displayed a successful message. This has been fixed now and the offline tokens are being replenished. However, there is a known issue due to which the count of the offline tokens does not update in the management console, please refer SASNOI-10737 for more details. |
| SASNOI-15414 | Summary: After providing the second factor authentication, users were still able to update the passcode field in the login screen. This UI issue is now fixed and the users can no longer update the passcode field after submitting the second factor of authentication. |
Release Summary – SafeNet Agent for macOS Logon 1.2.0
The SafeNet Agent for macOS Logon v1.2.0 is the first release of the product for SAS PCE version 3.14 (and later).
Known Issues
The following table provides a list of known issues for SafeNet Agent for macOS Logon.
| Issue | Synopsis |
|---|---|
| SASNOI-10312 SASNOI-19997 |
Summary: Unable to reset AD Password within the agent. It will be fixed in a future release. |
| SASNOI-10737 | Summary: When an admin user manually replenishes the offline tokens, the tokens are replenished but their count is not updated in the management console. Workaround: After manual replenishment, close the management console and then reopen it to update the latest count of the offline tokens. |
| SASNOI-15412 | Summary: If any admin group is set as the Primary Group for domain admin users in AD, then the Exempt admin feature does not work and the second-factor authentication will not be bypassed. Workaround: User should set any group except admin groups as the Primary Group. |
| SASNOI-11774 | Summary: While upgrading the agent, the system does not display the notification for the already installed version of the agent. It will be fixed in a future release. |
| SASNOI-10293 | Summary: Unable to reset STA OTP upon expiry. It will be fixed in a future release. |
| SASNOI-10792 | Summary: GrIDsure challenge is not generating appropriately in the MLA management console. It will be fixed in a future release. |
| SASNOI-10592 | Summary: Local users are unable to login to the macOS machine using their corresponding alias name. It will be fixed in a future release. |
| SASNOI-10527 | Summary: Offline domain admin users (AD mobile users) are unable to login to the macOS agent application. It will be fixed in a future release. |
Functionality not supported
The following functionalities are not supported by SafeNet Agent for macOS Logon:
- Localization
- Automatic login
- Fast user switching
- Sleep/Lock mode
- Touch ID
Compatibility and Component Information
Operating Systems
- Sonoma v14.0
- Ventura v13.0
- Monterey v12.0
Note
The agent is expected to be supported for subsequent minor OS versions, assuming they are backward compatible. Support for major OS versions will be added as they release.
Supported Authentication Tokens
All authentication tokens currently supported by SafeNet server.
Unsupported Tokens in Offline Authentication Mode
- Challenge-response-enabled tokens, SMS, GrIDsure, and time-based tokens.
- When using MobilePASS+ in this scenario, the Push OTP feature does not work, but standard One Time Password (OTP) authentication works.
SAS Releases
- SAS PCE/SPE 3.14 (and later)
Upgrade
The SafeNet Agent for macOS Logon v2.2.0 supports upgrade from v1.2.0 and above.
Product Documentation
The following product documentation is associated with this release:
We have attempted to make these documents complete, accurate, and useful, but we cannot guarantee them to be perfect. When we discover errors or omissions, or when they are brought to our attention, we endeavor to correct them in succeeding releases of the product.
