From 6e7050eccaa26f4f332661caae560a6348578525 Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Tue, 9 Jun 2026 20:47:02 -0700
Subject: [PATCH 1/2] Add a notice about 'multi-user limitations

---
 platform/smallstep-agent.mdx | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/platform/smallstep-agent.mdx b/platform/smallstep-agent.mdx
index 6fd24745..33adb47e 100644
--- a/platform/smallstep-agent.mdx
+++ b/platform/smallstep-agent.mdx
@@ -38,7 +38,7 @@ Running into trouble? See the [Smallstep Agent troubleshooting guide](./troubles
 
 - macOS 13 (Ventura) or later
 - Secure Enclave
-- The agent must be installed for a single user (multi-user deployments are not yet supported)
+- The agent must be installed for a single user
 
 ## Linux
 
@@ -56,6 +56,12 @@ Running into trouble? See the [Smallstep Agent troubleshooting guide](./troubles
 
 All platforms require an internet connection for normal operation.
 
+On Windows and Linux, the agent supports multi-user environments, with a couple caveats: 
+There's currently a 1:1 mapping in our backend between users and devices.
+This only becomes a problem if user-based properties need to be included
+in credentials issued by the agent.
+Also, on Linux, a TPM access broker (eg. `tpm2-abrmd`) is needed when multiple processes are using the TPM.
+
 ## Windows
 
 - *Administrator privileges* — the Smallstep Agent requires privilege escalation to be able to communicate with the TPM.

From 5261cdb801d8b27c92aa118d526715486d2957af Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Tue, 9 Jun 2026 20:48:31 -0700
Subject: [PATCH 2/2] Add a notice about 'multi-user limitations

---
 platform/smallstep-agent.mdx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/platform/smallstep-agent.mdx b/platform/smallstep-agent.mdx
index 33adb47e..ddccacea 100644
--- a/platform/smallstep-agent.mdx
+++ b/platform/smallstep-agent.mdx
@@ -58,7 +58,8 @@ All platforms require an internet connection for normal operation.
 
 On Windows and Linux, the agent supports multi-user environments, with a couple caveats: 
 There's currently a 1:1 mapping in our backend between users and devices.
-This only becomes a problem if user-based properties need to be included
+This works well on shared systems.
+It only becomes a problem if user-based properties need to be included
 in credentials issued by the agent.
 Also, on Linux, a TPM access broker (eg. `tpm2-abrmd`) is needed when multiple processes are using the TPM.