The localFallback key only works with AD, not Cloud IdP + AD

[dstranathan]

When testing only AD (no cloud), the localFallback key worked as expected. Example:

If the Mac was offline (or not on the AD domain), XCreds would allow local accounts to auth + log in without the "Offline Authentication" checkbox needing to be displayed in the UI (This is the shouldShowLocalOnlyCheckbox key).

But when testing Entra and AD together, the behavior of localFallback key has changed. Example:

If the Mac is offline, (i.e.; the Azure IdP webview cant appear), XCreds defaults to showing the local/AD name + password boxes. This is expected, however, the localFallback key does not work as expected - I have to manually check the "Offline Authentication" checkbox each time to use a local account. XCreds wont fall back to a local account automatically when offline (it attempts to try the AD domain, but doesn't fall back when its not located).

I'm asking about because my IT security guys do not want users to see the "Offline Authentication" checkbox, as it 1 adds complexity to the login routine and 2 it provides a way for users to circumvent the Azure authentication each time - regardless if they are really "offline" or not. My InfoSec manager says this is a no-go.

Ill try to ssh into a test Mac and reproduce this as best as I can and post logs