By default, any time an update is available, users get notified and they can check for and install the latest updates at any time to have the newest functionality.

Downloading and the use of the Beyond Identity software is controlled and managed by each company using the software. Therefore, a company may want to manage installations and updates to verify a release to ensure:

• There are no issues with the software.
• It doesn't cause issues with other applications within their environment.
• Everyone within the organization is using the same software release.

Manage updates and notifications

Turn off update notifications

Depending on the company's policy regarding software downloads, automatic notifications, and checking for updates, companies can turn these off, restricting users from downloading and installing updates.

The left image shows the Check for Updates item included in the drop-down menu when enabled. The right image shows the menu item removed after notifications have been disabled. The method to disable update notifications and to check for updates depends on the platform.

Windows

By default, update notifications are enabled. If you want to disable update notifications, you must change it in the Registry Editor in Windows, which will remove the Check for Updates menu option.

1. Open the Registry Editor and go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies.
2. If it doesn't already exist, add the following sub keys:

   BeyondIdentity\Authenticator

3. Add the following value to the Authenticator key:

   DisableUpdates (DWORD)

4. Set the DisableUpdates value to 1 to disable the updates. Then close the Registry and restart the Authenticator application for the change to take effect.

   Once restarted, users will not receive notification updates, and the Check for Updates menu item is no longer displayed.

   NOTE. If another instance of the Authenticator is running in the application tray located in the screen's bottom-right, restart that application.

   

   TIP

   To re-enable notification updates and add the Check for Updates menu item back to the drop-down menu, remove the DisableUpdates key.

macOS

Use the BIConfigure command line utility and run it through MDM to disable update notifications, which removes the Check for Updates menu option.

Keep the following points in mind when using the utility:

• After installing the macOS Authenticator, you can find the utility at:

  /Applications/Beyond Identity.app/Contents/Resources/BIConfigure

• You must run the utility as the root user; otherwise, the Must be run as root message displays.
• When running the command to disable the update notification, the /Library/Preferences/com.beyondidentity.preferences.plist file gets created, which contains the default updateEnabled = 0 value. 
• Running the utility with any argument not listed in the following table or running the utility without any argument displays the Invalid Arguments message.

Commands

The following arguments are available to use with BIConfigure.

./BIConfigure --disable-updates

./BIConfigure --show-updates

./BIConfigure --enable-updates

./BIConfigure --get-version-control-id

Examples

The following examples provide the output that is displayed when the command/argument combination is a root user and as a non-root user.

./BIConfigure --disable-updates

Must be run as root

sudo ./BIConfigure --disable-updates

Updates disabled

./BIConfigure --show-updates

Updates enabled

defaults read /Library/Preferences/com.beyondidentity.preferences.plist

2021-05-27 21:03:51.851 defaults[58215:4039346]
Domain /Library/Preferences/com.beyondidentity
.preferences.plist does not exist
        

./BIConfigure --show-updates

Updates disabled

defaults read /Library/Preferences/com.beyondidentity.preferences.plist

{

updatesEnabled = 0;

}

sudo ./BIConfigure --enable-updates

Updates enabled

defaults read /Library/Preferences/com.beyondidentity.preferences.plist

{

updatesEnabled = 1;

}

./BIConfigure

Invalid arguments

./BIConfigure --invalid

Invalid arguments

./BIConfigure --get-version-control-id

Version Control ID: 12345-qwerty

Control which update notifications are displayed on devices

In addition to enabling and disabling update notifications, you can create policies to:

• Set a specific version or a range of allowable versions.
• Require users to always update to the latest version.

Restrict users to a specific version

You can create a policy restricting users to a specific Authenticator version on devices. Once configured, whenever the Authenticator performs an authentication, a request gets sent to validate the version on the device.

1. From the Admin Console, select Settings and click the Authenticator Version Control tab. If existing version control policies have already been created, they will be listed here.

   

2. Click Add version control to display the Add version control dialog.
3. Provide a name for the policy, and for the Update Preference, select the Manual option.
4. Under the appropriate device type section, select Custom from the drop-down list.
5. Select the version you want from the Set custom range drop-down lists. In this example, we're specifying the 2.70.0 version only.

   

6. Click Add version control.

   Any time a user attempts to authenticate, a request is sent to verify if the specified version is installed on the device.

   • If the device is installed with the version specified, for example 2.70.0, authentication is successful.
   • If the device is installed with any other version, a message displays prompting the user to update to the specified version.

Restrict users to a specific range of versions

You can create a policy restricting users to a range of Authenticator versions on devices. The policy specifies the minimum and maximum versions allowed on devices. Once configured, whenever the Authenticator performs an authentication, a request gets sent to validate the version on the device.

1. From the Admin Console, select Settings and click the Authenticator Version Control tab. If existing version control policies have already been created, they will be listed here.

   

2. Click Add version control to display the Add version control dialog.
3. Provide a name for the policy, and for the Update Preference, select the Manual option.
4. Under the appropriate device type section, select Custom from the drop-down list.
5. Select the versions you want from the Set custom range drop-down lists. In this example, we're specifying the 2.70.0 to 2.73.1 versions.

   

6. Click Add version control.

   Any time a user attempts to authenticate, a request is sent to verify if an allowable version is installed on the device.

   • If the device is installed with the range of versions specified, for example 2.70.0 to 2.73.1, authentication is successful.
   • If the device is installed with versions outside of the range set, a message displays prompting the user to update to the specified version.

Configure automatic updates

You can push updates to the managed endpoints silently.

1. From the Admin Console, select Settings and click the Authenticator Version Control tab. If existing version control policies have already been created, they will be listed here.

   

2. Click Add version control to display the Add version control dialog.

   

3. Provide a name for the policy, and for the Update Preference select the Automatic option for your policy.
4. Under the appropriate device type section, select Latest version from the drop-down list.
5. Click Add version control to save the policy.

Edit a version control policy

You can edit an existing policy at any time.

1. From the Authentication Version Control page, for the version control policy you want to edit, click the Edit icon.

   

2. Make the desired edits and click Save changes.

Delete a version control policy

1. From the Authentication Version Control page, for the version control policy you want to edit, click the Edit icon.

   

2. Click Delete version control. The policy setting is immediately removed, and you are returned to the Authenticator Version Control tab.

   

Apply the Version Control ID to Devices

After creating the version control policy, configure the device with the Version Control ID created above. The method to apply the Version Control ID depends on the device platform.

Configure a macOS device with the Version Control ID

Use the command line utility, BIConfigure, to set the version control ID on a Mac device.

Set the Version Control ID

After creating the version control ID, run the BIConfigure command line utility (run via MDM) using the following syntax:

sudo ./BIConfigure --set-version-control-id “<version_control_id>“

For example, BIConfigure --set-version-control-id “sdafdfd“

The app will use the version control ID to check for updates.

Get the Version Control ID

sudo ./BIConfigure --get-version-control-id

When run it will return the following:

Version Control ID: 12345-qwerty

Clear version control restrictions for the device

sudo ./BIConfigure --get-version-control-id

Which returns the following:

No Version Control ID set

Configure a Windows device with the Version Control ID

1. Open the Registry Editor and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies.
2. Add the following subkeys if they do not already exist:
   BeyondIdentity\Authenticator
3. Add the following value to the Authenticator key: VERSION_CONTROL_ID = string value

   The value of this string must be the Version Control ID from the Version Control policy you created in the Admin Console.