Duo Release Notes for April 27, 2018


#1

Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

Features, enhancements, and other improvements

Single Sign-On support for Duo Admin login released

  • Single sign-on (SSO) support for the Duo Admin Panel is now available for Duo MFA, Duo Access, and Duo Beyond customers. This feature allows customers to delegate primary credentials to an identity provider (IdP) utilizing Security Assertion Markup Language (SAML) as the communication protocol.
    • This setting is configured by logging into the Duo Admin Panel and navigating to Administrators > Admin Login Settings. Only administrators with the Owner admin role can configure the SAML Identity Provider.
    • Supported IdPs are:
      • Duo Access Gateway
      • AD FS
      • Azure
      • PingFederate
      • PingOne
      • OneLogin
      • Okta
      • Google
      • Shibboleth
      • Manually-configured generic SAML IdPs
    • This feature was previously tested in a limited public beta. Special thanks to those customers who participated in the beta and helped us proof this feature!
    • The SSO functionality for the Duo Admin Panel supports SAML encryption. To enable SAML encryption, in the Administrators > Admin Login Settings section of the Duo Admin Panel, check the “Require SAML assertions to be encrypted.” box. You must then save your settings and the certificate will appear in a text box and is included with the Duo metadata. You may also download the certificate via a provided link.
      • This feature generates x509 certificates to support encrypted SAML assertions from IdPs.
      • Currently, Google, Duo Access Gateway (DAG), PingOne, and Azure do not support encryption.

Other changes

  • The Admin API now includes a new action in the administrator logs, admin_login_error, to categorize and describe unsuccessful administrator login attempts. “Error” in the description field can be “Invalid password attempt” or one of many SAML errors.
  • Added Duo Mobile app information to Endpoint export data.
  • In the Admin Login Settings > Admin Authentication Methods section of the Duo Admin Panel, “Yubikeys” has been renamed “Yubikey AES” to avoid confusion with U2F tokens.