You can configure Trusona MFA for MacOS using a hidden menu in the Trusona Mac Setup Application.
How to access test/debug window in Trusona Mac Setup
- Open Trusona Mac Setup Application
- Hold down the option key and click on the window tab near the top right of the screen.
- In the Window tab, select Test and Debug (If you do not see Test and Debug, make sure to hold down the option key while you click on the window tab.
- After clicking Test and Debug, click on the advanced tab in the window that opens.
- The advanced tab shows the different scenarios that would trigger a Trusonafication. The default configuration is shown in the photo below:
If Login is checked, the Mac will prompt for password and a Trusonafication anytime the device is logged in. If Lock Screen is checked, the Mac will prompt for MFA when waking up from sleep. If Escalation is checked, the Mac will prompt for MFA when making changes to System Preferences. If FUS is checked, the Mac will prompt for MFA when fast-switching between users. If Disable FDE Auto Login is checked, when Mac is initially powered on, a user will not be prompted for their File Disk Encryption Password. If Disable FDE Auto Login is unchecked, a user will be prompted for their File Disk Encryption Password before completing Trusona MFA to log in.
- Once the desired modes have been checked, click on Install Trusona to apply the requested changes. The indicators to the right of each checkbox show the currently active setting.
- The Lock Screen setting won't take effect until the next time you login to macOS.
Endpoint Update Daemon
The endpointUpdate daemon "phones home" approximately every 12 hours to indicate a Mac endpoint is online with Trusona enabled. From the Trusona Dashboard an administrator can see the last time each active Mac checked in. By default the daemon is installed anytime Trusona authentication is enabled.
Under the Advanced tab you can test the EndpointUpdate Daemon.
You can install or uninstall the daemon, run the daemon code once to send a report, or run it on a schedule. The test schedule checks if an update is needed every 2 minutes and sends an update after 10 minutes.
Privilege Helper window
Our macOS solution uses a Privilege Helper daemon to perform operations that require elevated permissions. The first time Trusona Mac Setup is run, it prompts the user to authenticate in order to install this Privilege Helper. The Privilege Helper is protected by only accepting requests from our signed application.