D229: Duo Release Notes for November 29, 2021

Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New features, enhancements, and other improvements

New and updated applications

Bug fixes

See all bug fixes

New features, enhancements, and other improvements

Upcoming end of support for U2F security keys used with Duo’s browser-based prompt

  • Google has announced it will no longer support U2F in Chrome beginning in February 2022. To accommodate this change, Duo will also end support for the U2F authentication standard for security keys used with our browser-based authentication prompt. Note: U2F security keys will continue to be supported for Windows Offline Access, which does not use the browser-based authentication prompt.
  • WebAuthn will become the sole supported standard for security keys used with Duo’s browser-based prompt as part of a scheduled rolling release January 13 through January 20, 2022.
  • With the D229 release, Duo will also treat any newly enrolled U2F security keys as dual-enrolled to work with WebAuthn, in preparation for the upcoming end of support.
  • For more information about the end of support milestone, see this Duo Knowledge Base article.

Remote Desktop Protocol for Duo Network Gateway now available for public preview as part of version 1.6.0

  • Duo Network Gateway allows you to remotely access your RDP servers by tunneling the connection through it using HTTPS.
  • RDP for Duo Network Gateway is available for public preview as of version 1.6.0. This feature requires a new additional DNS container, created with network-gateway-1.6.0-subzero.yml.
  • Version 1.6.0 of Duo Network Gateway also includes:
    • New configuration checker check-config command line tool too assist with troubleshooting. See the Duo Knowledge Base for more details about using this tool.
    • Updated terminology from “SSH Servers” to “SSH Relay” in the admin UI.

Duo Admin API now returns additional data on administrative units

  • Administrator data returned by the Admin API will now include administrative unit keys, if applicable.

New and updated applications

Duo Mobile version 4.3.0 for Android

  • Miscellaneous bug fixes and behind-the-scenes improvements.

Bug fixes

  • Fixed an issue in which it appeared possible via the Admin API to assign the role of Owner to an administrator restricted by an administrative unit. Owners are prevented from being part of administrative units. Attempting to assign the role of Owner to an admin who is part of an administrative unit will now return an error. To complete the role change, first remove the administrator from all administrative units and then set restricted_by_admin_units to false.
  • Fixed a bug in which SMS requested when logging in via the Duo Universal Prompt contained more than one passcode if the Admin Panel was configured to send a batch of passcodes (a feature supported in the traditional Duo Prompt). The new prompt does not allow the use of an already-sent code.