Guide

Known issues, caveats, and limitations

  • You may encounter issues when running SentinelOne together with Guardicore Platform Agent on macOS.

  • Users enrolling or resetting the Access service in the Guardicore Platform Agent using Safari 18 as their default browser on macOS may experience enrollment failures. Additionally, if Device Posture is enabled in the IDP, enrolled users may face Device Posture related failures and quick test failures, resulting in Access timeout errors. The agent may remain stuck in the enrolling state, and the IDP page in Safari may fail to detect the agent with a grayed-out Configure option.

    • Workarounds:
      Use alternative browsers. Users may use other browsers such as Chrome or Firefox, or revert to a Safari version earlier than 18.
      Disable Upgrade upgradable mixed content feature flag. To keep Safari 18 as their default browser, users can disable the Upgrade upgradable mixed content feature flag in Safari settings:
      1. Go to Safari > Settings….
      2. Navigate to the Advanced tab.
      3. Check Show features for web developers.
      4. Navigate to the Feature Flags tab.
      5. Within the Networking section, uncheck Upgrade upgradable mixed content.
        ​Akamai​ is actively investigating a permanent solution for this issue and will provide updates as they become available.

  • After upgrading to Chrome 142 or later, when attempting to authenticate or establish device posture, users may see a one-time permission prompt in Chrome asking whether to allow the IdP page to "Look for and connect to any device on your local network". Users must click Allow to allow Access to continue. Otherwise, Access may fail to authenticate or establish device posture. Note that if a user clicks Block, they will have to navigate to site permissions in Chrome and allow Local network access for the IdP URL to unblock Access.

    • To suppress the prompt on end user devices and grant Local Network Access (LNA) permissions for your IdP URL, you can pre-configure managed devices:

      • Google Workspace administrators may set a LocalNetworkAccessAllowedForUrls Chrome policy for the IdP URL using the Custom Configurations page in Google Workspace.

      • For Windows devices, MDM administrators may create a configuration profile with an OMA-URI property for the./Device/Vendor/MSFT/Registry/HKLM/SOFTWARE/Policies/Google/Chrome/LocalNetworkAccessAllowedForUrls URI and add the IdP URL to the allowlist. To learn more about setting up Chrome policies on Windows, refer to Chrome Enterprise documentation.

      • For macOS devices, MDM administrators may use Profile Manager to create and deploy a configuration profile with a payload that gives your IdP URL LNA permissions. Add these keys and values to your com.google.Chrome.plist file and convert it to a configuration profile using your preferred conversion tool:

        <key>LocalNetworkAccessAllowedForUrls</key>
<array>
    <string>youridp.com</string>
</array>
<key>LocalNetworkAccessRestrictionsEnabled</key>
<true/>

        To learn more about setting up Chrome policies on macOS, refer to Chrome Enterprise documentation.

Updated 11 days ago