What’s New in XCreds 5.9
Build 9148
This version is available to download from XCreds Version History.
XCreds supercharges your Mac login window. Use your Azure, Google Cloud, Okta or any OpenID Connect password to log in to your Mac. XCreds verifies the password with your identity provider and saves the tokens to the user keychain for validation that the cloud password is in sync with the local password.
Update Overview
XCreds 5.9 adds additional features around secure token needed for unlocking FileVault, a revised logging system, a new option for prepopulating a Google domain in the login window, and fixes for a few minor issues.
Secure Token
When MDM creates a local admin user, the user does not get a secure token unless the user logs in interactively and there is an MDM provided bootstrap token. This causes issues when a standard user needs local administrator credentials entered for software updates and other operations that require an admin with a secure token. XCreds has been updated to do a silent interactive login if an admin user is specified with the XCreds command-line tools, the admin user does not have a secure token, and a bootstrap token is available. XCreds will proceed with the login using the credentials provided in XCreds command-line utility. The login is not allowed to complete to the desktop, but proceeds until a secure token is obtained, and then XCreds shows the standard XCreds login window page.
As of XCreds 5.9, this is now standard behavior, but only relevant if admin credentials have been entered using XCreds command-line utility. To skip this new feature, set shouldSkipSettingSecureTokenForAdmin to true.
New Preference Keys
- shouldSkipSettingSecureTokenForAdmin
- shouldHideSecureTokenStatus
- shouldAllowEmptyLocalPassword
- googleHostDomain
All Changes
Logging
Added additional logging. Logging is no longer sent to a file and should be viewed using the commands outlined in the guide for Capturing XCreds Logs. Information on the new logging commands is also shown in the file previously used for logging at /tmp/xcreds/xcreds.log.
Clear Secrets
Added a new option to XCreds CLI called clear-secrets that can be used in special situations that require resetting some stored values such as the private key in the system keychain.
Load Page
Updated the cloud login screen load page. Options remain to customize the text shown on this page using loadPageTitle and loadPageInfo. This page is only shown while a network connection is being established.
Secure Token Status on Login Screen
The login screen status popover now shows status of secure token unless disabled by setting shouldHideSecureTokenStatus.
Google Host Domain
Added an option when using Google as the identity provider to populate the domain in the login screen username box. For example, setting googleHostDomain to twocanoes.com would prepopulate the cloud login username box with @twocanoes.com so the user would only need to enter the username portion before the @ symbol.
Fixed Issues
- Fixed missing control bar (issue 375)
- Issue with reading smart card values (issue 369)
- Menubar sign-in window can sometime display multiple overlapping UI elements (issue 339)
- PasswordOverwriteSilent not working using set-admin-username/password (issue 337)
- shareMenuItemName does not change text (issue 338)
- Add feature to verify credentials for set-admin-user (issue 372)
- Add “Allow Empty Local Password” Key
Connect With Us
Sign Up for XCreds Security and Product Updates
Enter your information below to receive email updates when there is new information specifically regarding this product and how to use it. Alternatively, to receive email updates for general information from Twocanoes Software, please see the Subscribe page.