Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

New and updated applications

Native Duo for Workday integration released

• This integration supports first-time MFA enrollment and Duo two-factor authentication when logging into Workday from a browser or from the Workday mobile app.
  
  
• The configuration requires access to Duo’s Admin API. Contact Duo Support to have Admin API enabled for your account.
• You may still opt to protect Workday via SAML with the Duo Access Gateway.

Duo Mobile 3.23 for Android and iOS released

• Added support for landscape orientation and iPad Multitasking for iOS.
• Improved usability for countdown timers on iOS.
• Added support for Android adaptive icons and icon notification badges.
• Added a new third-party service icon for Instagram to Duo Mobile for Android and iOS.
• Miscellaneous small bug fixes and improvements for both platforms.

Features, enhancements, and other improvements

github duo client python API additions

• Added “Password Change Required” to the admin update endpoint of the duo client python API.
• Added “Admin Factor Restrictions” to the admin update endpoint of the duo client python API.

Admin API endpoint improvements

• The v2 Admin API endpoint for getting an authentication log (/admin/v2/logs/authentication) now includes the TXID of the authentication event inside each authlog entry returned.
• The v1 Admin API endpoint for getting an integration now (/admin/v1/integrations/) logs an skey view to the Activity Log. Previously skey views were only logged if done through the UI.

Duo Admin Panel SAML SSO enhancements

• On the Admin SSO settings page, an admin is now warned if they try to enable encryption/signature verification for IDPs that do not support that feature.
• A signing certificate is now automatically generated if a user saves the Admin SSO Settings page with “Request Signing” turned on.

Other improvements

• When an unenrolled user attempts to log in to an application that has a deny unenrolled users policy in place, that username is now explicitly logged.
  
  

Bug fixes

• Fixed a bug with Duo Admin Panel SAML whereby an extra Signing Certificate element would be added to the SAML XML Metadata when encryption was turned on.
• Fixed an issue whereby Duo Admins created through an activation link would not be able to successfully log in for the first time until they reset their passwords.
• Fixed a display issue in the Admin Panel that caused the Add and Remove row buttons on the User Location Policies table to overlap with a dropdown in some browsers.
• Fixed a bug where we would not display any users with out of date devices in the Admin Panel.
• Fixed a bug that caused the filter summary on the Deployment Progress Report to appear blank.
• Fixed a bug in the Admin Panel whereby linking to the Endpoints page from Device Insight page did not correctly filter by Mac OS
• The password change field will no longer show up for non-owner Duo Admins that are required to use SSO.
• Fixed a bug with the Admin Panel whereby successful SSO primary authentication followed by too many 2FA failures would cause an admin lockout with no way to reset the lockout counter. The administrator details page has been updated to display a message whenever the admin is locked out due to too many primary or 2FA attempts.