Skip to main content

Arculix Device Trust release notes


For operating system compatibility with Device Trust, make sure to review the Arculix Device Trust section in the Arculix compatibility guide.

Release notes for Arculix Device Trust (formerly Acceptto Device Trust).

macOS - 4.1 Build 1884-0956 - April 23, 2024

  • Symbol answer is now reported in the log.

  • Policy for Post-Authentication w/ action Require Password Factor requires password factor enabled.

  • Support logging in with multiple users on the same MAC via VNC.

  • Authentication message isn't initialized at times.

Windows - 4.1 Build 1899-1402 - April 23, 2024

  • Avoid multiple ADCS re-enrollments in case of expiration.

  • Added CEPolicyServerUrl RTC setting to specify the enrollment policy server.

  • Add the following RTC settings:

    • CertCAServerName (default is whatever ADCS sends us)

    • CertTemplateName (default is “SecureAuthSmartCardLogon”)

    • CertRenewalThresholdHours (default is 24 hours)

  • If CEPolicyServerURL is empty, the url will be discovered.

  • Symbol answer is now reported in the log.

  • Policy for Post-Authentication w/ action Require Password Factor requires password factor enabled.

  • Retrieve and use credentials for RDP sessions.

  • Other providers Sign-in option appears on first lock for standard user.

  • Support using system-wide proxy settings.

  • ATAgent crash when switching users.

  • Enable Control Flow Guard.

  • Cert expiration doesn’t renew.

  • Enrollment metadata no longer outputted in info logs.

  • KSP is now MS signed after switching to HSM signing.

  • Builds are now SA signed using sha256.

  • KSP certificate login causes double MFA on next launch.

  • Authentication message isn’t initialized at times.

4.1 Build 1767-1030 - November 3, 2023


  • macOS - Extensive logs around the proxy detection logic

  • macOS - Enabled install for macOS Sonoma 14 minor revisions (14.1 etc)

  • Windows - Improve Username/Password mode

  • Windows - Password field shown while passwordless

  • Windows - Enable Windows 11 KSP support by submitting the KSP module to Microsoft for signing

  • macOS - Ensures system proxy detection on macOS only kicks in when the RTC file allows it

  • macOS - Several fixes for handling corner cases when executing PAC files

  • macOS - Crash when policy to auto login is enabled

  • macOS - SALock cancel button doesn’t reappear when the MFA window closes with an error

  • macOS - In SA Lock Screen: You can see 1 fraction of a second the desktop when unlock in a specific circumstance

  • Windows - Win 10 with TPM - remote locking crashes credential provider

macOS - 4.0 Build 1676-0811 - August 18, 2023


  • Support using system wide proxy settings

  • “Sign in >” on the login window has been changed to a button

  • Added another change for broken Sonoma beta. Now SALock runs after login

  • Improve Username/Password mode

  • Emergency help desk code

  • Device Trust does not accept more than 6 digits (Temporary PIN)

  • The login window functionality has returned for macOS Sonoma (Apple fixed their issues)

  • Added padding around button images

  • Various UI changes

  • SALock crashes on SMS

  • Enabled system proxy support

  • No “Sign-in request denied” message after 3 incorrect SMS/Email codes.

  • Push doesn’t work with PasswordLessEnabled = false (temporary pin)

  • SALock - Only part of the screen is covered

  • Crash if system proxy port is empty

Windows - 4.0 Build 1687-1518 - August 16, 2023


  • Add Windows Native HTTP Client

  • Add support for Emergency help desk code

  • Device Trust does not accept more than 6 digits (Temporary PIN)

  • Improve Username/Password mode

  • Various UI changes

  • AllowTOTPFactor set to false on Windows not blocking TOTP code

  • Fixed pair QR scaling and spacing

  • BLE QR scaling and horizontal centering

  • Fix for Faye connection not working when intermediate cert is missing in the chain

  • No “Sign-in request denied” message after 3 incorrect SMS/Email codes

  • Password field shown while passwordless

macOS - 4.0 Build 1618-1541 - June 8, 2023

  • SALock – The Cancel button is now hidden while the MFA window is running

  • SALock – The Sign in button is now hidden when the MFA window is automatically shown

  • SALock – Add user’s profile picture like the Lock Screen

  • Net check fails when using system proxy

macOS - 4.0 Build 1591-1103 - May 18, 2023

  • Implement ReplaceLockScreen setting. When enabled, SALock will show after boot. It will also appear when the user is locked, after Apple’s lock screen has been authenticated.

  • Certificate authentication doesn’t work from the lock screen

  • Added a new Lock Screen option to require 2 factors (SALock)

  • General fixes and improvements to overall functionality

Windows - 4.0 Build 1562-2055 - May 18, 2023

  • Added logging to output authentication result when debug is enabled

  • Certificate authentication doesn’t work from the lock screen

3.0 Build 1542-0858 - March 27, 2023

  • Configure log level output at runtime. Currently, a rebuild is required to enable debug/trace log output. This causes back and forth communication and time which could be avoided with this new ability.

  • macOS - HTTP proxy can now be disabled using RTC files

  • Show the user’s Display Name instead of the username on the MFA window

  • Make agent settings available on the command prompt.

  • Add User-Agent string to HTTP headers in Faye

3.0 Build 1486-1338 - January 31, 2023

  • Added optional symbol support to Push Notifications for enhanced security

  • Added App Link support allowing users to scan QR codes with device cameras invoking a link to the Arculix mobile app

  • Added support for pinning intermediate issuers

  • Added performance improvement for faster startup

  • Factors can now be removed based on risk score

  • Improve network diagnosis checks in ATAgent command-line tool

3.0 Build 1430-0008 - December 2, 2022

  • Fixed an issue where user parsing fails when computer name is the same as the username

3.0 Build 1416-2120 - November 23, 2022

  • Fixed an issue where users are randomly unpaired on macOS

3.0 Build 1361-0913 - September 29, 2022

  • Support for eGuardian certificates issued by enterprise CA’s

  • Windows - Capture the device serial number to send with the heartbeat

  • Handle new error message to show “Time is out of sync for this device” instead of ”No response from server…”

  • macOS - Support login with users that have no identity

3.0 Build 1346-1039 - September 08, 2022

  • macOS - Capture the device serial number to send with the heartbeat

  • Fixed an issue related to authentication via SMS causing a “TOTP Failure” message in Recent Transactions

3.0 Build 1329-1112 - August 24, 2022

  • Device Trust has been rebranded to Arculix

  • Authentication is no longer required after pairing

  • macOS - Fixed an issue where macOS gets blocked booting with Arculix installed

  • Fixed an issue with pairing via TOTP

2.3 Build 1282-0850 - July 12, 2022

  • macOS - Added new settings used to disable login under macOS safe mode

2.3 Build 1240-0935 - June 3, 2022

  • macOS - Provide help on the pair dialog

  • macOS - Add Security key PIN support

  • macOS - Smart card readers displaying wrong messages and not signing in

  • User unpairs when connected through WiFi portal

2.3 Build 1207-0955 - April 26, 2022

  • macOS - Upgrade from Big Sur to Monterey disables the authorization plugin

  • Windows - ATAgent doesn’t shutdown on upgrade

2.3 Build 1191-1253 - April 8, 2022

  • Windows - Security key improvements

  • Windows - Support PIN for Security Key

  • macOS - Provide the ability to skip pairing

2.3 Build 1162-1227 - March 17, 2022

  • Windows - Step up authentication with password based on last login time

2.3 Build 1154-1613 - March 4, 2022

  • macOS - Require MFA on reboot if user required MFA before reboot

2.3 Build 1149-2049 - March 4, 2022

  • macOS - Touch ID not detected on M1

  • macOS - Lock after FileVault boot not working

  • Windows - Add Offline Authenticator UI issue

2.3 Build 1135-1022 - February 25, 2022

  • Windows - Provide the ability to skip pairing.

  • Windows - Provide help on the pair dialog.

  • macOS - Add the ability to disable requiring MFA after loss of internet

  • macOS - Unpair doesn’t always lock the user.

2.3 Build 1116-1559 - February 9, 2022

  • Added SSL certificates for new environments to improve security.

  • Hide 'More Options' field when all of the UI elements it hides are disabled.

  • macOS - Can now be installed on Monterey 12.2

2.3 Build 1101-1126 - January 24, 2022

  • Settings are now applied when AutoPushEnabled is disabled

  • Added setting AllowAddOfflineAuthenticator - Enable/Disable the use of external TOTP authenticators

  • Settings are now stored in the secure store which means even admins with the ability to take ownership cannot change settings locally.

  • Settings can no longer be configured via the command-line

  • Runtime configuration. In order to change MFAUrl, FayeUrl or HttpProxyAddress an administrator will need to use the new ATAgent command ‘ATAgent rtc install company.rtc’.

  • macOS - Enabled support for Monterey 12.1 installs

  • Windows - Add the ability to sign in via a QR code scan.

  • Windows - Add the ability to use BLE Authentication to sign in.

  • Fixed an issue with Device Trust still waiting for a push notification when It’sMe is unpaired.

2.3 Build 1046-1245 - November 23, 2021

  • Windows - Added the ability to login using a Certificate instead of a password

  • Windows - Added HTTP proxy support for eGuardian communications (HTTP and Faye)

  • Added support for Kensington VeriMark Guard. Device Trust now supports the following security keys: YubiKey 5 series (C/NFC), Feitian BioPass, YubiKey Bio, Kensington VeriMark Guard

2.2 Build 994-0735 - September 29, 2021

  • macOS Login Configurations added: Basic, Hybrid and Advanced. Depending on the value of settings MFAFileVaultEnabled and MFALockEnabled, these 3 modes require MFA at either the Login screen, on Boot and/or the Lock Screen.

  • Unpairing a workstation now sends the user to the login screen if they are currently logged in/unlocked.

  • File Logging can now be enabled/disabled by eGuardian.

  • Logging now reports setting changes made by eGuardian.

2.2 Build 958-0919 - August 24, 2021

  • macOS - Always MFA after FileVault boot. When a macOS workstation has FileVault enabled and boots up, MFA will always be required.

  • Limit rapid security key attempts to prevent potential UI issues.

  • Holding the enter key for the password or holding number keys for TOTP causes numerous entries in the audit trail.

  • Security key timeout issue. Verification will now be restarted as soon as the security key times out until either the user logs in or closes the MFA dialog.

  • Windows - If Security key is plugged in while the MFA dialog is up, then login or unlock is required to use it again. Security key presence will now be detected after MFA dialog is canceled.

2.2 Build 939-1628 - August 4, 2021

  • ATAgent user list command to display users on the system

  • Enhanced Event reconnection

  • macOS - Don’t lock immediately after losing internet connection

  • macOS - Agent doesn't supply gateway mac address

  • Fixed: Windows - ATAgent Stop not synchronous

  • Fixed: Windows - Biometric crash via RDP

2.2 Build 911-1546 - July 12, 2021

  • macOS - Now detects macOS 12 Monterey and verified working

  • macOS - Use Apple Lock Screen by default if Touch ID is present

  • Windows - Changed system login timeout to 3 minutes.

  • Windows - Now detects Windows 11 and verified working.

2.2 Build 874-1459 - May 8, 2021

  • macOS - Send the user to login window if loss of internet, only if MFALoginEnabled is true

  • macOS - Notarized build

  • Regression: Timer incorrect after channel reuse change

  • Add Push button instead of “send another push” link

  • Push icon

  • Windows - Improved DPI scaling

  • Windows - Security Key slowing down pairing process

  • Windows - Kanji error message on an English system

  • Windows - UI username cutoff

  • Timer reset is delayed when requesting SMS or Email after auto push

  • Security key changes cause a random crash while pairing