Duo Release Notes for August 31, 2017


Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here.

Features, enhancements, and other improvements

  • All editions now have access to the Username Aliases feature via the Duo Admin Panel.
    • All Duo users can now be configured with up to four (4) aliases in addition to the user’s primary username. Users can complete Duo authentication using any of the configured usernames. Only the user’s primary username will be logged in the Authentication Log, even if an alias was used for the login. This is in order to make it easier for administrators lookup a single user that authenticates.
    • For non-Active Directory (AD)-synced users, additional aliases can be configured on the user’s detail page in the Duo Admin Panel.
    • For AD-synced users, additional attributes can be configured to automatically sync as an alias. Note that any attributes, including aliases, synced via AD cannot be manually edited in the GUI because the field is locked via sync.
    • Aliases can also be configured via CSV import and Admin API using the alias1, alias2, alias3, and alias4 attributes.
    • You can learn more about this feature and how it works in the Duo Knowledge Base.
  • The Duo Restore feature will be available starting with Duo Mobile version 3.17. This feature will be available on all editions and allows users to securely backup and restore accounts in the Duo Mobile app and is enabled and configured in the Duo Admin Panel.
    • Duo Administrators can configure Duo Restore by navigating to the Settings tab of the Duo Admin Panel. The options for Duo Restore are located in the Duo Mobile App section.
    • Duo Restore only backs up nonsensitive information (no secrets). If an admin configures the feature, users will be able to restore their Duo accounts in the app via a web-based integration. Admin accounts and third-party accounts (or Duo accounts when an admin doesn’t configure the feature) will still have to be reactivated manually, but they will be shown in the app account list and steps for reactivation are provided in the app.
    • You can learn more about this feature and how it works in the Duo Knowledge Base.
  • The search bar in the Duo Admin Panel now shows application logos.
  • Updated the message displayed in the Duo Admin Panel when deleting a Trusted Mobile Endpoints (TME) Mobile Device Management (MDM) integration to accurately describe when certificates will and will not be affected. These messages are seen on the configuration page for an MDM integration when the Delete button is clicked.

New and updated applications

  • Version 2.5.4 of the Duo Authentication Proxy was released.
    • Added SIEM-consumable authentication event logging with new configuration option log_auth_events.
    • Corrected ad_client host failover behavior when using ldap_server_auto.
    • Additional bug fixes.
  • Duo Unix 1.10.1 was released.
    • Fixed bug causing automated tests to fail on macOS.
    • Addressed an issue which kept configuration secrets in memory for longer than necessary
  • NetDocuments was added as a Duo Access Gateway (DAG) Service Provider.
  • HackerRank was added as a DAG Service Provider.

Bug fixes

  • Fixed two bugs related to sorting in the Administrator Actions Report UI in the Duo Admin Panel.
  • Updated the script that is downloaded when setting up JAMF as a Management System for Trusted Endpoints so that certificate pop-ups no longer appear when using Box and Palo Alto desktop applications.