SafeNet Agent for macOS Logon
Version Number: 2.2.0
Customer Release Notes (CRN) - This document describes capabilities, resolved issues, limitations, and known issues for different product releases.
Product Description
The SafeNet Agent for macOS Logon is designed to help enterprise customers to ensure that valuable resources are accessible only by authorized users. It delivers a simplified and consistent user login experience, virtually eliminates help desk calls related to password management, and helps organizations comply with regulatory requirements.
The use of Two-Factor Authentication (2FA) instead of just traditional static passwords to access a macOS environment is a critical step for information security.
Release Description
Release Summary – SafeNet Agent for macOS Logon 2.2.0
The following release has been issued for SafeNet Agent for macOS Logon v2.2.0:
General Availability Release - September, 2024
This release introduces the following significant feature.
Number Matching
The agent now supports MobilePASS+ push with number matching feature, which secures push authentications to protect against MFA fatigue or push bombing attacks.
Number matching gives control to the user for every login request, because they must select the number in the push notification on their MobilePASS+ application as is displayed on the login screen.
For more details, refer to Testing the Solution section.
Release Summary – SafeNet Agent for macOS Logon 2.1.0
The following release has been issued for SafeNet Agent for macOS Logon v2.1.0:
General Availability Release - February, 2024
This release introduces a new OS support and resolves a customer-reported issue.
Extended Operating System Support
The SafeNet Agent for macOS Logon is now compatible with Sonoma 14.0.
Resolved Issues
Issue | Synopsis |
---|---|
SASNOI-18369 | Summary: A delay of few minutes is observed during login if the primary authentication server is not available. Failover from primary to secondary authentication server is now configurable through a newly added property internetReqTimeoutInSec in the sampleConfig.agent file. |
Known Issues
The following table provides a list of known issues for SafeNet Agent for macOS Logon.
Issue | Synopsis |
---|---|
SASNOI-18922 SASNOI-18923 |
Summary: During the agent upgrade, the MACConfig.plist file fails to update. As a result, - The newly added features in the latest release, if any, do not work. - MFA on system unlock does not work. Workaround: After the upgrade, run the Configure_macLogon script available in the package. It will be fixed in a future release. |
Release Summary – SafeNet Agent for macOS Logon 2.0.0
The SafeNet Agent for macOS Logon v2.0.0 release focuses on enhanced user experience due to the native login UI based implementation. It also resolves some customer-reported and performance issues thereby resulting in faster authentications.
Extended Operating System Support
The SafeNet Agent for macOS Logon is now compatible with Ventura 13.0.
Note
To view supported Operating System (OS) versions, see System Requirements.
Other enhancements in this release are:
-
Support of automated agent deployment through JamfPro. For more information, see Installing, Configuring, Upgrading, and Uninstalling the agent using Jamf Pro section.
-
Agent compatibility with macOS native FDE tool, FileVault.
-
The Settings tab in the SafeNet Logon Configuration is modified to select the STA supported username format.
Resolved Issues
Issue | Synopsis |
---|---|
SASNOI-13319 | Summary: While logging into an MLA protected machine, there was a time lag of several seconds after providing the second factor of authentication. This performance issue is fixed and now it takes few seconds to access the terminal after user submits the second factor of authentication. |
SASNOI-15357 | Summary: While manually replenishing the offline tokens in the management console, the tokens were not replenished even though it displayed a successful message. This has been fixed now and the offline tokens are being replenished. However, there is a known issue due to which the count of the offline tokens does not update in the management console, please refer SASNOI-10737 for more details. |
SASNOI-15414 | Summary: After providing the second factor authentication, users were still able to update the passcode field in the login screen. This UI issue is now fixed and the users can no longer update the passcode field after submitting the second factor of authentication. |
SASNOI-15279 | Summary: If MLA was already installed on a Touch ID machine, a Touch ID specific message overlapped the credential field of the login screen after machine start/restart. This UI issue is now fixed and the Touch ID specific message is now displayed below the password input field. |
Known Issues
The following table provides a list of known issues for SafeNet Agent for macOS Logon.
Issue | Synopsis |
---|---|
SASNOI-10312 SASNOI-19997 |
Summary: Unable to reset AD Password within the agent. It will be fixed in a future release. |
SASNOI-10737 | Summary: When an admin user manually replenishes the offline tokens, the tokens are replenished but their count is not updated in the management console. Workaround: After manual replenishment, close the management console and then reopen it to update the latest count of the offline tokens. |
SASNOI-15412 | Summary: If any admin group is set as the Primary Group for domain admin users in AD, then the Exempt admin feature does not work and the second-factor authentication will not be bypassed. Workaround: User should set any group except admin groups as the Primary Group. |
SASNOI-11774 | Summary: While upgrading the agent, the system does not display the notification for the already installed version of the agent. It will be fixed in a future release. |
SASNOI-10293 | Summary: Unable to reset STA OTP upon expiry. It will be fixed in a future release. |
SASNOI-10792 | Summary: GrIDsure challenge is not generating appropriately in the MLA management console. It will be fixed in a future release. |
SASNOI-10592 | Summary: Local users are unable to login to the macOS machine using their corresponding alias name. It will be fixed in a future release. |
SASNOI-10527 | Summary: Offline domain admin users (AD mobile users) are unable to login to the macOS agent application. It will be fixed in a future release. |
Release Summary – SafeNet Agent for macOS Logon 1.2.0
The SafeNet Agent for macOS Logon v1.2.0 release introduces some new features and resolves a customer-reported issue.
SAS PCE Support
A SAS PCE configuration setting is added in the Settings tab of the SafeNet Logon Configuration to configure the agent for SAS PCE. However, this is not applicable for the STA customers.
Extended Operating System Support
The SafeNet Agent for macOS Logon v1.2.0 now supports Monterey.
Note
To view supported Operating System (OS) versions, see System Requirements.
Removed Operating System Support
The SafeNet Agent for macOS Logon v1.2.0 now does not support Mojave.
Thales Branding
The SafeNet Agent for macOS Logon is now updated with the Thales branding. With this release, the Log File Location is also changed to /usr/local/thales/MLA/log.
Resolved Issues
Issue | Synopsis |
---|---|
SASNOI-14920 | Performance improvement: During logon, after submitting the AD password, users had to wait for more than a minute to be able to submit the second factor of authentication (2FA). This issue is fixed and now the user gets the 2FA prompt within a few seconds. |
Release Summary – SafeNet Agent for macOS Logon 1.1.2
The SafeNet Agent for macOS Logon v1.1.2 release resolves a customer-reported issue.
Resolved Issues
Issue | Synopsis |
---|---|
SASNOI-14416 | Agent was not able to fetch some user keys or attributes from Active Directory, due to which authentication was not working for such domain users. After the fix, all domain users and admins are able to authenticate through the agent. |
Release Summary – SafeNet Agent for macOS Logon 1.1.1
The SafeNet Agent for macOS Logon v1.1.1 release introduces some new features.
Extended Operating System Support
The SafeNet Agent for macOS Logon v1.1.1 now supports Big Sur.
Note
To view supported Operating System (OS) versions, see System Requirements.
Thales Branding
The SafeNet Agent for macOS Logon has been redesigned with the Thales branding.
Release Summary – SafeNet Agent for macOS Logon 1.1.0
The SafeNet Agent for macOS Logon v1.1.0 release introduces some new features.
Push Authentication
The SafeNet Agent for macOS Logon v1.1.0 now also supports Push OTP.
Automatically trigger MobilePASS+ Push, GrIDsure or SMS/Email authentication
A capability to trigger the automatic challenge is added to the Settings tab of SafeNet Logon Configuration Management Console. If this option is not selected, the user must submit an empty passcode manually for using MobilePASS+ Push , GrIDsure or SMS/Email authentication.
Release Summary – SafeNet Agent for macOS Logon 1.0.0 (GA)
The SafeNet Agent for macOS Logon v1.0.0 (GA) release introduces four new features and resolves some customer-reported issues.
Support for Authentication Tokens
The SafeNet Agent for macOS Logon v1.0.0 (GA) now supports all authentication tokens currently supported by STA except PUSH.
Extended Operating System Support
The SafeNet Agent for macOS Logon v1.0.0 (GA) now supports Catalina 10.15.2.
Note
To view supported Operating System (OS) versions, see System Requirements.
Support for Offline Authentication
The Offline tab in the SafeNet Agent for macOS Logon Configuration tool deals with the end-user offline authentication settings.
Silent Installation
The SafeNet Agent for macOS Logon now supports the silent installation and configuration of the macOS Logon agent using the terminal.
Resolved Issues
Issue | Synopsis |
---|---|
SASNOI-10291 | User can now successfully login if the user's full name and account name is different. |
SAS-33458 | GPO button is not visible in the macOS agent application in STA. |
Release Summary – SafeNet Agent for macOS Logon 1.0.0 (Beta)
The SafeNet Agent for macOS Logon v1.0.0 (Beta) is the first release of the product.
Functionality not supported
The following functionalities are not supported by SafeNet Agent for macOS Logon:
- Localization
- Automatic login
- Fast user switching
- Sleep/Lock mode
- Touch ID