Hello everyone! Here are the release notes for our most recent updates to Duo.

Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New features, enhancements, and other improvements

• Now in General Availability: Duo Single Sign-On (SSO) Support for OIDC Apps Relying Parties
• Available in Public Preview: Updated Duo Admin Panel Login
• Duo Admin Panel Updates
• Duo Passwordless in the Duo Admin Panel
• Update to Duo Admin API Endpoints

New and updated applications

• Epic Mobile Apps, DocuSign, Expensify, BeyondTrust, Cyberark Privileged Access and Cyberark Workforce Identity with Duo SSO
• Duo Access Gateway 2.0.0 for Windows
• Duo Access Gateway 2.0.0 for Linux
• Duo Device Health Application Beta 4.3.4.0 for macOS and Windows
• Duo Device Health Application Production 4.4.0.0 for macOS and Windows
• Duo Mobile 4.39.0 for Android
• Duo Mobile 4.39.0 for iOS

Bug fixes

See all bug fixes

New features, enhancements, and other improvements

Now in General Availability: Duo Single Sign-On (SSO) support for generic OpenID Connect (OIDC) apps relying parties

• Add two-factor authentication and flexible security policies to any OIDC application with Duo Single-Sign On, our cloud-hosted OpenID provider, complete with inline self-service enrollment and Duo Prompt.
• Read the Duo Blog for more details about the benefits of adopting modern authentication standards like OIDC.

Available in public preview: Updated Duo Admin Panel login

• On April 17, 2023, we began rolling out a new login flow for the Duo Admin panel. All administrators should see this flow within the next few weeks.

• In the new flow, users have the option to select Save my email address and login options. If the option is selected, the login will default to the user’s last used authentication method. If that authentication method is a passkey or Duo push, the user will automatically receive a prompt after they enter their password.
• If the user doesn’t want to use the automatically selected default method, then they can use the drop down to select a different login option.
• If an admin wants to update their authentication methods, they can use the Manage authentication methods link, which will redirect them to the admin profile page after they authenticate.

• During public preview administrators can opt in or out of the new flow via a banner at the top of the page. Users opting out will have an opportunity to provide feedback.

Duo Admin Panel updates

• Customers with a Duo billing payment method that has expired or will expire within one month will see a pop-up notification on the Dashboard and Billing pages, and administrators with Billing and Owner roles will receive an email reminder on the first of the month.

• Updated time zones to reflect recent regulatory changes (for example, Mexico’s time zones, which no longer use Daylight Saving Time).

Duo Passwordless in the Duo Admin Panel

• Customers who have applied a Duo Passwordless policy will see three new charts under Single Sign-On > Passwordless that provide insights into passwordless adoption.
• A new banner on the Passwordless page invites administrator feedback on the experience of configuring and using Duo Passwordless.

Update to Duo Admin API endpoints

• When an administrator creates, renames, or deletes a WebAuthn credential (also known as a passkey), Admin API Activity Log entries for these operations will now include:
  • Owner Type (Administrator or User)
  • Owner Name (Administrator email or User username)
  • Owner ID

New and updated applications

Epic Mobile Apps, DocuSign, Expensify, BeyondTrust, Cyberark Privileged Access and Cyberark Workforce Identity with Duo SSO, our cloud identity provider

• There is now a named OIDC application to protect Epic mobile apps Haiku and Canto using Duo SSO.
• There are now named SAML applications to protect DocuSign, Expensify, BeyondTrust, Cyberark Privileged Access and Cyberark Workforce Identity using Duo SSO.
• Reminder: Duo Access Gateway will reach end of life in October 2023. Please see the Guide to Duo Access Gateway end of life for more details.

Duo Access Gateway for Windows version 2.0.0 released

• Addresses multiple vulnerabilities in third-party libraries; including CVE-2021-30130 (affecting phpseclib).
• Bug fixes and security enhancements.
• Reminder: Duo Access Gateway will reach end of life in October 2023. Please see the Guide to Duo Access Gateway end of life for more details.

Duo Access Gateway for Linux version 2.0.0 released

• Addresses multiple vulnerabilities in third-party libraries; including CVE-2021-30130 (affecting phpseclib).
• Bug fixes and security enhancements.
• Reminder: Duo Access Gateway will reach end of life in October 2023. Please see the Guide to Duo Access Gateway end of life for more details.

Duo Device Health application public beta version 4.3.4.0 released

• macOS version 4.3.4.0
  • Fixed an issue that prevented the app from checking for updates.
• Windows version 4.3.4.0
  • Fixed an issue that prevented the app from checking for updates.

Duo Device Health application production version 4.4.0.0 released

• macOS version 4.4.0.0
  • Fixed an issue that prevented the app from checking for updates.
• Windows version 4.4.0.0
  • Fixed an issue that prevented the app from checking for updates.

Duo Mobile for Android version 4.39.0 released

• The Third-Party Accounts menu will now display an error message if the Google Drive account used by Duo Restore for Android is out of storage space. .

Duo Mobile for iOS version 4.39.0 released

• Miscellaneous bug fixes and behind-the-scenes improvements.

Bug fixes

• The Duo Admin Panel’s Phones page will no longer duplicate or omit phones when sorted by the Platform column.