What’s New in XCreds 5.2

Version 5.2 is available to download from XCreds Version History.

Command Line Interface

XCreds 5.2 adds a command line interface that can be used to check XCreds status, securely store local admin credentials to help with user password reset, and to configure user info for logging in with RFID cards. To begin using the XCreds CLI, use the following command to view the help info. More information is available in the CLI Guide and the video below.

sudo /Applications/XCreds.app/Contents/MacOS/XCreds -h

RFID Authentication

XCreds now supports signing in with an RFID card. Use the XCreds command line interface to map RFID values to existing or new user accounts. Or optionally allow users to register a new RFID tag to their account when signing in at the XCreds login screen. The new preference ccidSlotName is used to provide XCreds with the name of a connected RFID reader device. The new preference shouldAllowLoginCardSetup can be set to allow users to register a new card at the login screen. More information is available in the RFID card guide and the video below.

Local Admin

The XCreds command line interface can be used to securely store an existing macOS admin’s credentials to help with user password reset. If a user signs in to XCreds with their cloud password and it has changed recently, they will be asked for their prior local password. If they do not know their prior local password, XCreds will prompt for an admin user to enter credentials to approve a password reset. In some situations it can be preferable to instantly approve the password reset without requiring assistance from an admin. This can now be done by using the XCreds CLI to securely store admin credentials for later use. More information on how this is done is described in the video below.

Multiple Active Directory Domains

Use the new preference key AdditionalADDomains if more than one domain is used for Active Directory.

Active Directory Domain Mapping

Use the new preference key upnSuffixToDomainMappings to allow XCreds to map one Active Directory domain to another for certain sign-in scenarios.

In some Active Directory environments, users do not use username@domain to login; they use a UPN suffix to make the username easier to use. This setting maps the UPN suffix to the correct AD domain name. For example, if you have an AD domain of foo.com but want users to sign in as user@bar.com, a UPN suffix of foo.com is created in AD and the user account is set to user@foo.com. This setting then would map foo.com to bar.com by setting the key upn to foo.com and the domain key to bar.com.

Suppress Prompting for Local Password

The new preference key shouldSuppressLocalPasswordPrompt can be used if the XCreds menubar app should not prompt a user for their password. When this preference is set to true, the menubar app will not prompt the user to sign in. If XCreds does not currently have valid sign-in tokens, it will remain signed out unless the user clicks on the menubar app and chooses to sign in.

New Preference Keys

1. ccidSlotName
2. shouldAllowLoginCardSetup
3. shouldSuppressLocalPasswordPrompt
4. AdditionalADDomains
5. upnSuffixToDomainMappings

Other Fixes and Changes

XCreds 5.2 fixes an issue that was causing a laptop built-in screen to remain black after waking from sleep on the XCreds login screen while connected to an external monitor as the primary display.