D223: Duo Release Notes for September 3, 2021

Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New and updated applications

New features, enhancements, and other improvements

Bug fixes

See all bug fixes

New and updated applications

Timeline announced for release of Duo Mobile version 4.0.0

  • The redesigned version of Duo Mobile will launch in mid-October.
  • Old versions of the app will continue to work, however, after the release of version 4.0.0, Duo will no longer provide troubleshooting support or bug fixes for any 3.x.x version. In addition, once version 4.0.0 is released, the minimum supported OS versions will be iOS 13 and Android 8.
  • Duo administrators do not need to take any action to roll out the new app; it will be released through our normal process of pushing an update to the Apple App Store and Google Play Store. Users with automatic updates enabled will receive the update when it is released. They can also manually update the app.
  • Refer to this Duo Knowledge Base article for more information. This information was also emailed to Owner and Administrator role admins on paid edition accounts on August 30, 2021.

Duo Network Gateway version 1.5.13 released

  • Updates NGINX to address CVE-2021-23017.
  • Improves performance and robustness when updating configuration.
  • Renames “URI Whitelisting” to “URI Allowlist” in the DNG admin UI with corresponding changes in the scripted config sample and template to use allowlist_* instead of whitelist_*.
  • Additional bug fixes.

Duo for Oracle Access Manager (OAM) now capable of supporting Duo Universal Prompt

  • Duo for Oracle Access Manager has been updated to be capable of supporting the Duo Universal Prompt and related redirect-based authentication flow.
  • The Duo Universal Prompt is currently in public preview and can be enabled for eligible applications via the Universal Prompt section of an application details page or via the Admin API. Refer to our documentation for more information.

New features, enhancements, and other improvements

Changes to Trusted Endpoints configuration options

  • Trusted Endpoints configuration pages in the Duo Admin Panel will now list integrations that support multiple operating systems as separate entries, rather than in a tabbed interface as before. When setting up a new Trusted Endpoints integration, you will also now select which OS it applies to. This change provides more granular control to create test groups per OS.
  • Additionally, controls to enable, disable, or test an integration with a group have moved from a link at the top of the configuration page to the bottom of the page and now appears as the final step in setting up a configuration.
  • You can now also configure the allow/deny list for endpoints managed through integrations that use the Duo Device Health application to establish trust. Find the setting on the endpoint details page. The UI is the same as for endpoints that use device certificates.
  • For more information and a recommendation on how to remove unneeded integrations, refer to this Duo Knowledge Base article. Trusted Endpoints is available in Duo Beyond.

Improvements to Duo Trust Monitor algorithm

  • Updated the Trust Monitor algorithm to use more device history insights in order to reduce the number of Security Events flagged for unrealistic geovelocity. This change should result in far fewer false positives.

Scheduled directory syncs with no synced groups will be automatically paused

  • Directory syncs with no selected synced groups will now be automatically paused from running scheduled syncs, and a one-time email will be sent to notify administrators. Note that removing groups from a sync marks any members of that group for deletion if they are not members of another synchronized group. After that, a sync with no selected groups effectively serves no purpose.
  • See this Duo Knowledge Base article for more information.

Additional details about manual user imports are now logged in Administrator Actions report

  • Modifications, additions, and deletions of individual user records via CSV will now be logged in the Administrator Actions report. Previously, the report showed only how many users were modified, added, or deleted.

UI improvements to Admin Panel Settings page

  • Made minor UI improvements to the Settings page in the Admin Panel, including moving the “Inactive admins” configuration option under the Admin Access heading and moving the Save button to the top of the page, where it will float for easier access.

Bug fixes

  • Fixed a bug where selected groups for a directory sync disappeared from the Admin Panel directory sync page if the sync was already running when the page loaded.
  • Fixed a UI bug where the secret key could not be reset for certain applications. In these cases, the confirmation dialogue would not appear, and the Reset Secret Key button caused a Javascript error without resetting the secret key.