Beyond Identity Version Control may not Work as Expected on MacOS in Certain Situations

  • Updated on Feb 9, 2026
  • Published on Nov 4, 2025
  • 1 minute(s) read
  • e
  • EA
 Prev Next

This article explains a macOS MDM issue where Beyond Identity automatic upgrades fail due to ownership mismatches and provides a script-based workaround while a long-term fix is in development.

Problem

Beyond Identity Version Control is not working as expected when the macOS Platform Authenticator is pushed through MDM providers and the BI version control policy is used for client upgrades.

Root Cause

Currently, MDM providers install the BI application in the root context and as part of the auto-upgrade process through the Beyond Identity version control policy, which assumes the users have permission to upgrade the application. Due to the ownership mismatch between the initial install and the upgrade process through BI version control policy, users are prompted to input the credentials for the upgrade or in some cases fail to upgrade. This results in the automatic upgrade not working as expected.

Who is not impacted

  • Admins not utilizing version control policy through Beyond Identity

  • Windows devices utilizing version control policy through Beyond Identity are not impacted

  • Admins using MDM to push the Beyond Identity platform authenticator updates directly  

Who is impacted

  • Admins using macOS MDM solutions to push the Platform authenticator and simultaneously use BI version control policy to perform client upgrades.

Current Solution

  • Combine the Platform Authenticator install with MDM along with the provided script as a post-install so that the updates can be installed on the endpoint without an ownership mismatch

Link to the script:

https://drive.google.com/file/d/1aDfPkji8ltMy_hypN-8q5nidQ5b83BB2/view?usp=sharing

Modifications needed in the script:

  • Add the Version control ID obtained from the BI Admin Console

    Link to generate Version Control GUID - Manage Authenticator updates – Beyond Identity

  • Add the respective alternate admin account usernames if there is more than 1 user on the device

Activities on the MDM provider:

  • Add/Replace any existing post-install script with the modified script based on the organizational requirement.

Long-term Solution

Beyond Identity is working towards a long-term solution to overcome the current shortcomings and find a solution that would rely only on the version control GUID reference

Tracking Reference: BIT-1699

Related articles