Duo Release Notes for August 28, 2020

Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New and updated applications

New features, enhancements, and other improvements

Bug fixes

See all bug fixes

New and updated applications

Duo Authentication Proxy version 5.0.0 released

  • The Authentication Proxy binaries for Windows have been migrated from 32-bit to 64-bit. The installation file path has changed accordingly, from C:\Program Files (x86)\Duo Security Authentication Proxy to C:\Program Files\Duo Security Authentication Proxy. If your authproxy.cfg file contains any references to the 32-bit installation path, for example, if you specified the absolute path to your SSL certificate file, the v5.0.0 installer updates those references to the new installation destination.
  • Primary LDAP authentication with [ad_client] now supports integrated Windows authentication via SSPI using both NTLMv2 and Kerberos with the auth_type=sspi option.
  • Primary LDAP authentication with [ad_client] now supports LDAP Signing plus LDAP Encryption (also known as “Sign and Seal”) for the ntlm2 and sspi authentication types when using CLEAR transport.
  • Learn more about additional updates to the Authentication Proxy in this related Duo Community post.

Duo Mobile for iOS version 3.36.0 released

  • Minor bug fixes.

Duo Mobile for Android version 3.35.1 released

  • Various behind-the-scenes improvements and minor bug fixes.

Duo Device Health Application for Windows version 2.7.3 released

  • Versions 2.7.3 and 2.7.2 restored detection of several security agents.
  • Version 2.7.1 also fixed various stability issues.
  • See additional enhancements to the Admin API related to Device Health below.

New features, enhancements, and other improvements

Additions to Admin Panel UI in support of the Duo Universal Prompt Project for Azure CA, public beta of Duo Single Sign-On

  • Administrators with a Microsoft Azure Active Directory Conditional Access application will see a new page in the Reports section of the Duo Admin Panel called “Universal Prompt Update Progress.” They will also see a new “Universal Prompt” section on the application details page for their Azure CA integration and a banner message at the top of the Applications list page that links to the Update Progress report.
  • The Universal Prompt Update Progress page displays which applications are ready to upgrade to a version that will eventually support the Duo Universal Prompt, Duo’s redesigned web-based prompt that is currently under development. The “Universal Prompt” section will also display this status information for the specific application’s details page.
  • Customers participating in the public beta of Duo Single Sign-On will also see the new Universal Prompt Update Progress page, the “Universal Prompt” page section on the application details page for their Duo Single Sign-On integration, and the Applications page banner message.
  • Note that Azure CA and Duo Single Sign-On have already received a back-end update and will display the status “Application supports new prompt,” with no further action required at this time.

Response type added to Admin API for Azure CA integrations

  • A GET request for an Azure CA integration using /admin/v1/integrations/<ikey> via the Admin API will now return a new response called frameless_auth_prompt_enabled to indicate that the Duo Prompt is being served in a redirect flow as part of a recent update to Azure CA.
  • This update is part of the Duo Universal Prompt Project. See previous item for other Universal Prompt Project-related changes to the Admin Panel for Azure CA.

Updated UI for username aliases on User pages and Directory Sync pages in the Admin Panel

  • The UI for adding username aliases in the Username Alias section of a User details page has been updated to a dropdown select field to make it easier to add or edit aliases in any order.
  • In addition, Duo administrators can now more easily change the position of a username alias (e.g. Username 1 -> Username 3) by using the dropdown select field, rather than needing to copy and paste the value into a different alias field. This improvement applies to both User pages and Directory Sync pages.

Updated UI for the Security Event Dashboard in Duo Trust Monitor, now in public beta

  • The UI for the Security Event Dashboard has been updated to a card-style layout instead of a table to make it easier to read.

SMS prefix added to support Malaysian telephony requirements; SMS prefix character limit reduced to 59 for all customers

  • SMS messages sent from Duo to Malaysian phone numbers will now include a prefix “Duo:” as required by Malaysian telephony regulations.
  • To accommodate this change, the character limit for SMS message prefixes for all customers has been lowered from 64 to 59 characters. The SMS message prefix setting is configured in the Admin Panel in the SMS Passcodes section of the Settings page.

Admin API v2 Authentication Logs response now contains Device Health information

  • Security posture information for access devices as detected by the Duo Device Health Application is now included in the authentication event response.

Bug fixes

  • Fixed an issue in which two log entries in the Administrator Actions Log would be created each time a Directory Sync configuration was updated, no matter what the change was: An entry recording a change to groups, and an entry indicating the directory itself had been updated. Now, the Administrator Actions Log will record an entry for a group change only if a group was actually changed. Changes to other directory settings will still be recorded as a directory update.
  • Fixed an error that would occur if a Duo administrator using single sign-on to access the Admin Panel hit the back button while performing Duo authentication. Now clicking the back button will start the login process over.
  • Fixed an issue where non-Owner role Duo administrators could see but not filter actions taken by other administrators in the Administrator Actions Log in the Admin Panel.