Endpoint Privilege Management for Mac 21.3 Release Notes

May 27, 2021

We now support multi-factor authentication (MFA) using an identity provider via OpenID Connect (OIDC). This can be configured using the Microsoft Management Console (MMC) Policy Editor.
Privilege Management for Mac does not support OIDC for Sudo messaging, and Sudo commands which are configured to show an OIDC message are blocked.
As part of the identity provider feature above, we added support to configure the type of logic used for authentication and authorization message components. For example, Designated user or challenge response. Existing policies continue to behave the same: the logic between message components defaults to and logic.
The status menu now has a context menu to show users the client version, computer name, policy source, and policy version. If the policy source is BeyondInsight, we also allow the user to attempt to force a policy update rather than having to wait for the configured poll time.

Resolved an issue in which EndpointSecurity occasionally sent a repeat package open request to defendpointd at the moment the request was denied.

The new identity provider authentication feature's audit events for authorization requests do not contain the email address used to authenticate. This will be resolved in 21.4.

If you have a business requirement to downgrade the Mac client, please first uninstall the currently installed version.