Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.
You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.
New and updated applications
- When protecting an ASA with DAG and using AnyConnect, users will now see the Duo Prompt. The Duo Prompt supports self-enrollment, self-service, and allows the end user to select which device they want to use to authenticate. Device Insight and Trusted Endpoints will not work with this application at this time.
- Now supports active / active high availability when deployed in Amazon Web Services (AWS).
- Includes miscellaneous bug fixes.
- Updated install script to support silent or unattended installs and uninstalls.
Features, enhancements, and other improvements
Duo Admin Panel password blacklisting
- New passwords for the Duo Admin Panel will be checked against blacklisted elements like common passwords, usernames, and portions of usernames if you set your minimum password length to greater than or equal to 12 characters. If a password contains these items, it may not be used.
Admin API enhancements
- You can now utilize paging with “limit” and “offset” parameters with many API resources. Our Admin API documentation describes which resources support the parameters.
- Added ability to view a single bypass code’s metadata using the associated bypass code id through the Admin API through endpoint “GET /admin/v1/bypass_codes/[bypass_code_id]”.
- Added the functionality to get users by email address from the Admin API in a paged, streamed response, through endpoint “GET /admin/v1/users”.
- Added ability to obtain unenrolled denied and allowed authentications using the endpoint “GET /admin/v2/logs/authentication”.
- Certain Duo APIs previously accepted requests with Content-Type headers other than the values specified in our documentation. Duo changed this as part of internationalization efforts and security improvements. If an API request fails with the error 40106 (Invalid content type in request) please consult the API documentation for the correct Content-Type header. For example, POST requests to the Auth API must use “Content-Type: application/x-www-form-urlencoded” and APIs that do not expect JSON bodies cannot be used with an application/json Content-Type.
- Trusted Endpoints Management Systems in the Duo Admin Panel may now be renamed.
- Endpoints in the Duo Admin Panel can be filtered by new software statuses: Latest, Up-to-date, Out-of-Date, and End-of-Life.
- All timestamps and time columns in the Duo Admin Panel now respect the timezone preference setting.
- Fixed a bug that caused Basic Auth requests for Office 365 to not use username aliases.
- SAML AuthnRequests sent to IdPs for Admin SSO will no longer include a RequestedAuthnContext, which was causing failures for some setups.
- Fixed a minor UI issue where the Add U2F Token button in the Duo Admin Panel was misaligned when viewing a user’s details.
- Fixed an issue whereby a user’s status (Active, Bypass, Disabled) wasn’t properly displayed in the Duo Admin Panel for users controlled by directory sync.
- Viewing a single user’s details in the Duo Admin Panel will now show Bypass and Disabled in red, which matches the bulk user edit behavior.