Login for Mac release notes
The version numbers here apply to the Login for Mac (L4M) product version.
To download the latest version of SecureAuth Login for Mac, go to Product Downloads.
See also the Login for Mac configuration guide.
L4M version 22.12.01
Release date: June 6, 2023
Compatibility: SecureAuth® Identity Platform release 19.07.01 or later.
Support for macOS 13: Ventura
CP-1321 – Addressed issue in cross domain logins with group bypass.
General performance improvements
Release date: November 2, 2022
Compatibility: SecureAuth® Identity Platform release 19.07.01 or later.
CP-1331 – Addressed an issue with the installer not working on macOS Monterrey 12.5 and above due to the Python script not running properly.
Release date: August 2, 2022
Compatibility: SecureAuth® Identity Platform release 19.07.01 or later.
New properties in the installer configuration. A new property is available to use in the installer
config.json
file.Note: This new property will be available in a later update to the Identity Platform on the Login for Endpoints installer UI. As a workaround, you can manually add this new property to the installer
config.json
file.User bypass. This new configuration property,
user_bypass
allows you to define a local username to bypass multi-factor authentication (MFA).
For more information about the installer configuration properties, see Configure Identity Platform and Login for Endpoints.
CP-1296 – When a user logs in locally on a workstation with a validated password that does not match their password stored in their organization's domain data store, the login screen will prompt the user for their domain password before MFA.
Note: This issue is resolved only in the Identity Platform release 21.04 and requires at minimum, hotfix 21.04-9.
CP-1298 – New installer configuration property,
user_bypass
to define a local username to bypass MFA.
Release date: April 18, 2022
SecureAuth® Identity Platform release 19.07.01 or later
Biometric fingerprint recognition requires the Identity Platform release 19.07.01 or later, using the 2019 theme.
Transactional logging requires the Identity Platform release 20.06 or later, using the
/authenticated
endpoint.
Login for Mac supports macOS 12.3 (Monterey)
Login for Mac supports macOS M1 ARM-based architecture
CP-1167 – After installation where "Suggests use of an OATH-based method on first login regardless of your Adaptive Policy settings" is set and "Bypass interval" is set, when end users first log in, they will no longer automatically see a login page that suggests setting a second factor.
Release date: April 30, 2021
SecureAuth IdP 9.3 or later and the SecureAuth Identity Platform 19.07 or later.
Biometric fingerprint recognition requires the Identity Platform release 19.07.01 or later, using the 2019 theme.
Transactional logging requires the Identity Platform release 20.06 or later, using the
/authenticated
endpoint.
All of these features are supported only in the Identity Platform release 21.04 or later.
New integrated Login for Endpoint configuration page in Identity Platform. Open the new Login for Endpoint page from the Identity Platform user interface to customize your Login for Endpoints user experience. The easy-to-use pages help you set up your operating system, the multi-factor methods, and even personalize your users' experience during authentication. (Existing customers will recognize the options that were manually set in the config.json file in previous releases.)
To learn more, see Configure Identity Platform and Login for Endpoints
New second-factor authentication methods added. You can now choose the following new 2FA methods: PIN and link-to-accept available for both SMS/text and email.
CP-1037 – PIN as a second factor works with Login for Mac release 21.04 in the SecureAuth Identity Platform release 21.04.
CP-1039 – Link-to-accept as a second factor via SMS/text and email works with Login for Mac release 21.04 in the SecureAuth Identity Platform release 21.04.
CP-1044 – End users must enter a response for OTP and KBQ second factors if using Login for Mac with PAM.
CP-1046 – End users can now show or hide the passcode to see characters instead of dots by using the Hide passcode checkbox under the passcode field.
CP-1058 – When using PAM with Login for Mac, login messages are now displayed on the console.
CP-1071 – Use the new option, Suggests use of an OATH-based method on first login regardless of your Adaptive Policy settings, to display a message that suggests end users authenticate for the first login by using an OATH-based method. This ensures that they can log in when offline.
CP-1116 – Login for Mac supports Mac OS 11+ (Big Sur) on Mac and PAM.
Release date: January 12, 2021
SecureAuth IdP 9.2 or later and the SecureAuth Identity Platform 19.07 or later.
Biometric fingerprint recognition feature requires the Identity Platform release 20.06 or later, using the 2019 theme.
Transactional logging requires SecureAuth Identity Platform v20.06 or later, using the
/authenticated
endpoint.The
grace_period
option replaces thelogin_attempts
option.
Install without connection to the Identity Platform. Configure Login for Mac so it can be installed on a machine without a connection to the Identity Platform. This is useful if a third-party company configures machines for end users and the third-party company does not have connectivity to the Identity Platform.
Set number of days to log in with password-only. You can configure Login for Mac so that end users can log into their machine with password-only for the specified number of days. This allows end users to access their device to set up their two-factor authentication methods, such as push-to-accept and answers to Security Questions, before they must authenticate to access their device.
The
grace_period
option replaces thelogin_attempts
option.Enable custom message to assist end users locked out of Login for Mac. You can configure Login for Mac so that end users receive customized assistance when they are locked out of their accounts or their password or passcode is incorrect or expires. You can set a custom message to guide end users to next steps after an issue occurs during login.
Dashboard metrics for Login for Mac. Dashboard metrics are available for Login for Endpoints transactions. These metrics include login information for VPNs and endpoint desktop access to Windows and Mac. View metrics by selecting Home on the left side of the Identity Platform page.
Transactional logging requires SecureAuth Identity Platform v20.06 or later, using the
/authenticated endpoint
.For more information, see the Authentication API guide.
CP-507 – Characters in user IDs sent to Login for Mac are handled appropriately.
CP-944 – Active Directory group bypass validations are case-insensitive for Login for Mac. (Local group bypass validations remain case-sensitive.)
CP-950 – If a fatal error occurs in Login for Mac after end users have authenticated in, an error message with guidance text explains next steps to end users and guides admins to view logs. See Admin needs to view log information.
CP-966 – If Login for Mac is installed and references a realm that does not have the Authentication API enabled, the installation fails. This is the appropriate behavior.
CP-970 – Product logging is enabled by default for DEBUG; when troubleshooting product issues, Support might require that you view this log located at /Library/Application Support/com.secureauth.saap/
CP-971 – Log files are not uninstalled to assist with troubleshooting any issues with the uninstallation.
CP-991 – Message improvements were added to help the user experience.
CP-1082 – Push-to-accept works with Login for Mac version 20.09.02 in the SecureAuth Identity Platform version 20.06+ cloud deployment. If you use a load balancer, there is no cloud deployment restriction.
Release date: April 14, 2020
SecureAuth IdP 9.2 or later and the SecureAuth Identity Platform 19.07 or later.
Biometric fingerprint recognition feature requires the Identity Platform release 20.06 or later, using the 2019 theme.
CP-106 – If the "login_attempts" attribute is set in conf_version 4 in the config.json file, end users are allowed to log in with a password only for a set number of times. This enables end users to have time to set up their 2FA methods, such as PIN creation and answers to Security Questions, before they must authenticate to access their device.
CP-755 – If any settings that determine login are changed, for example, an adaptive rule is changed or users no longer belong to a bypass group, end users automatically receive a 3 minute time period to enter their password.
CP-815 – Improvements to login performance were completed.
CP-823 – The installation version number now matches the public version release value; for example, if the public product version is 20.03.01, then the installation version number, which is visible if you uninstall Login for Mac manually, is also 20.03.01. (In previous versions of Login for Mac, the versions were different, but now they match.)
CP-825 – The error log displays system information, such as the type and version of the operating system, the version of Login for Mac your organization is running, and more.
CP-833 – Fingerprint recognition works correctly when an administrator is running in Run as administrator mode.
CP-837 – Login for Mac SSL certificate hostname validation works correctly with a SecureAuth IdP configured for Login for Mac.
CP-869 – End users assigned a recently created YubiKey can log in to Login for Mac on the first attempt, even if they have not previously logged in to SecureAuth IdP with the YubiKey.
CP-888 – Sites using MFA throttling are no longer locked out of their accounts after successful logins.
CP-891 – Login for Mac installer works correctly, even if some intermediary paths do not exist.
CP-900 – Login for Mac runs fine when logging is activated.
TW-926 – When upgrading to the Identity Platform v19.07 or later, admins must use the 2019 theme and end users who already use the SecureAuth Authenticate app must reconnect their accounts to add the ability to accept biometric push notifications to use face (iOS) or fingerprint recognition through the mobile app.
Workaround: None