Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

Please note that, due to the upcoming holidays, this will be the final regularly-scheduled update to Duo’s services in 2018. We will resume our every-two-weeks schedule in 2019.

New features, enhancements, and other improvements

Hostname whitelisting for applications that show the inline Duo Prompt

• This new control ensures that the Duo Prompt is only shown when it is requested from an “approved application hostname.” This prevents attackers from tricking end users into using the Duo Prompt with malicious copycat websites.
• This feature is available to Duo MFA, Duo Access, and Duo Beyond customers.

Added ability to synchronize a single user from the user detail page

• Duo Administrators may now synchronize a single user directly from the user’s detail page in the Duo Admin Panel. The link appears in the upper-right section of the page.
  
  

Expanded Admin API pagination functionality

• Pagination is now enabled (and optional) for the following endpoints. Click the link for the appropriate endpoint to see the maximum set size for each.
  • /admin/v1/users/[user_id]/bypass_codes
  • /admin/v1/users/[user_id]/phones
  • /admin/v1/users/[user_id]/groups
  • /admin/v1/users/[user_id]/u2ftokens
  • /admin/v1/users/[user_id]/tokens
  • /admin/v1/groups
  • /admin/v1/tokens
  • /admin/v1/admins
• Note also that pagination will be enforced on these endpoints beginning March 15, 2019. Read this Knowledge Base article to learn more.

New Admin API functionality: Sync a single user

• You may now use the Admin API to synchronize a single user from a directory with the Duo service.

New and updated applications

Duo Mobile 3.24.0 for Android and iOS released

• For both Android and iOS:
  • This update adds pseudonymous usage analytics that will help us understand how you use Duo Mobile. We utilize this analytics data to improve app reliability and to develop new features. You can opt out of this on the settings page at any time. Learn more about Duo Mobile and privacy.
• For 3.24.0 for Android:
  • Logos for Duo accounts sometimes didn’t update, they will now stay updated.
  • Behind-the-scenes changes to increase security and stability.

Duo Unix 1.11.1 released

• Fixed bug causing console login to fail on certain systems.

Renamed “SAML - GoToMeeting” to “SAML - GoTo Apps” in the Duo Admin Panel

• This renamed application can protect:
  • GoToMeeting
  • GoToWebinar
  • OpenVoice
  • GoToAssist
  • GoToAssist (Service Desk)

Bug fixes

• Resolved an issue with Azure Directory Sync. Due to a recent change made by Microsoft to begin requiring multi-factor authentication for some Azure administrator accounts, Duo’s Azure Active Directory sync feature could fail when configured as previously documented. Now, an "Azure AD Sync Failed" event will be logged with the reason "Invalid Access Token," and account owners will receive an email instructing them to reauthorize the affected directory. Learn more in this Knowledge Base article.
• The "Not Enrolled" User Count on the Dashboard page no longer includes deleted users.
• Fixed a bug on the Azure AD directory page whereby the groups being synced could be incorrectly removed (from the directory’s synced groups) if the user saved other changes before the groups were fully loaded. This affected only customers with a very large number of groups in Azure AD.
• Admin Panel SAML login was always directing the admin to the dashboard after successful login, even if they had tried to load a specific non-dashboard page. This is now fixed so that they are redirected to their intended destination page.