Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.
We have recently added the public version number to the title of release notes posts. This number can be found in the Duo Admin Panel and describes the version assigned to core components of the Duo service. Learn more here.
You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.
What’s in this release?
New and updated applications
New features, enhancements, and other improvements
Bug fixes
See all bug fixes
New and updated applications
Duo Authentication Proxy version 5.2.2 released
- Corrects logging message when SSL certificate and key did not match.
- RADIUS timeouts logging now reports correct information about what servers have been contacted.
- The connectivity tool warning about RADIUS server availability is now displayed in yellow text.
- Adds a default timeout for ping calls during proxy connection issues to Duo.
- Suppresses error messages about quickly-terminated LDAP connections.
Workplace by Facebook and ShareFile now available as Duo Single Sign-On integrations
- You can now configure Workplace by Facebook and ShareFile to use Duo Single Sign-On as the SAML identity provider.
New Duo Trusted Endpoints integration for Jamf is now generally available
- Jamf with Device Health no longer relies on certificates to check for device trust and provides a more accurate and up-to-date picture of the trusted status of Jamf-managed macOS devices.
- Instead of certificates, the new Jamf integration option uses read-only API access to your Jamf cloud or on-premises tenant, combined with deployment of the Duo Device Health application to Jamf-managed devices, to build a list of managed devices in your environment.
Duo Device Health application version 2.12.0.0 for macOS and version 2.12.0 for Windows released
- For macOS:
- Improved the detection of Cisco AMP for Endpoints.
- Added infrastructure to allow for long-running health checks.
- For Windows:
- Fixed issue with certain Windows updates having a stuck “requires reboot” flag that would cause the home screen to be incorrectly marked as out of date.
- Fixed an issue with device identifier formatting.
- Added infrastructure to allow for long-running health checks.
Duo Mobile for iOS version 3.53.0 released
- Various behind-the-scenes improvements and minor bug fixes to enhance your authentication experience.
Duo Mobile for Android version 3.53.0 released
- Various behind-the-scenes improvements and minor bug fixes to enhance your authentication experience.
New features, enhancements, and other improvements
Simpler authentication experience for mobile devices managed via Duo Trusted Endpoints
- End-users will see a simpler mobile trust check and authentication flow when accessing a Duo-protected application from their iOS or Android device that uses Duo Trusted Endpoints to manage mobile device trust. The updated flow, called Duo Mobile Inline Auth, removes an extra step when interacting with Duo Mobile as part of the device health check.
- To learn more and see which integrations will use Duo Mobile Inline Auth, refer to this Duo Knowledge Base article.
Trusted Endpoints Configuration page now displays sync status of MDMs
- The Trusted Endpoints Configuration page in the Duo Admin Panel will now display the status of whether a Trusted Endpoints deployment has synced with an MDM, and will record any errors that resulted in a failed sync.
Duo Admin API endpoints for hardware tokens now return basic information about assigned administrators
- Information returned on hardware tokens via the Admin API will now display the assigned administrator. This information was already available via the Admin Panel Hardware Tokens page.
Duo Admin API endpoints no longer return changed legacy parameters on POST
- Legacy parameters can still be sent to the Admin API without error and will continue to have no effect, as stated in Duo’s documentation. However, these values are no longer stored and a response to
POST may not reflect what was sent; responses will contain whatever was previously stored in the database. If you have scripts that rely on these legacy parameters, we recommend you update them. In a future update, GET and POST will both return hardcoded values for these legacy parameters.
- Affected endpoints and parameters are:
- Create Group (
/admin/v1/groups) and Update Group (/admin/v1/groups/[group_id])
push_enabledsms_enabledvoice_enabledmobile_otp_enabled
- Create Integration (
/admin/v1/integrations) and Modify Integration (/admin/v1/integrations/[integration_key])
enroll_policyip_whitelistip_whitelist_enroll_policytrusted_device_days
- Modify Settings (
/admin/v1/settings)
push_enabledsms_enabledvoice_enabledmobile_otp_enabledu2f_enabled
Additional safeguard added when Managed Service Provider administrators delete sub-accounts
- When Managed Service Provider administrators or other administrators with access to sub-accounts delete a sub-account, they will now need to type
delete me when prompted to confirm deletion. This step has been added to guard against accidental deletion of sub-accounts.
Bug fixes
- Fixed a bug that caused log entries for username aliases to be added to authentications for users who have no aliases. The invalid aliases appeared as a non-normalized form of the username, such as a different capitalization style. This bug affected the Authentication Log in both the Admin Panel and via the Admin API.
- Fixed an issue where attempting to download a SAML encryption or signing certificate associated with Duo administrator SAML single sign-on would sometimes result in being redirected to the Admin Panel login page when switching between a parent account and a sub-account such as those used by Managed Service Providers.
