Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New and updated applications

• Duo Access Gateway Version 1.5.12
• Duo Mobile for Android Version 3.47.0
• Duo Mobile for iOS Version 3.47.0

New features, enhancements, and other improvements

• Duo Single Sign-On for Duo Admin Panel
• New Admin API Endpoints for External Password Management
• Timestamp Added for Endpoints Reporting
• Updated Term for Trusted Endpoints Feature

Bug fixes

See all bug fixes

New and updated applications

Duo Access Gateway version 1.5.12 released

• Fixed an issue introduced by DAG version 1.5.11 where upgrading from a previous version of the Duo Access Gateway would not force the user’s browser to reload changed JavaScript files.

Duo Mobile for Android version 3.47.0 released

• Various behind-the-scenes improvements and minor bug fixes to enhance your authentication experience.

Duo Mobile for iOS version 3.47.0 released

• Duo Mobile will now open links such as the User Guide and Privacy Policy in the device’s default browser, rather than within the app.
• As part of an Apple initiative to help users understand how apps use data, you will now see an “App Privacy” section on the App Store page for Duo Mobile. Review the Duo Mobile Privacy Information page for more information. Note: There have been no changes to Duo Mobile’s privacy statement. Rather, the App Store now surfaces this information for easier reference.
• Additional miscellaneous bug fixes and improvements.

New features, enhancements, and other improvements

Duo Single Sign-On can now be used as SAML identity provider for the Duo Admin Panel

• You can now configure SSO for the Duo Admin Panel to use Duo Single Sign-On as its SAML identity provider.

New Admin API endpoints allow administrator passwords to be managed by an external system

• You can now use the Admin API to specify if a Duo administrator has their password managed by an external system, such as a privileged access management system (PAM), using the new endpoint /admin/v1/admins/password_mgmt.
• Administrators with externally managed passwords will be prevented from changing or resetting their passwords using the usual “Forgot password?” workflow on the Admin Panel login page.
• In the Admin Panel, the Administrator details page and Administrator profile pages will note when an administrator’s password is managed externally. The password setting controls will also be removed from these pages.

Endpoint reporting now displays a timestamp for when endpoints were last updated

• Endpoint information retrieved via the Admin API or downloaded from the Admin Panel will now show a Unix timestamp for when the endpoints themselves were last updated (e.g. new OS version, new browser, etc.).

Updated name for Trusted Endpoints feature that blocks access from untrusted devices

• The feature in Trusted Endpoints that allows administrators to block access to applications that have a Trusted Endpoints policy has been renamed from Blacklist to Deny Endpoint Access.
• Trusted Endpoints is available on Duo Beyond edition.

Bug fixes

• Fixed a bug related to SAML authentication in the Duo Admin Panel that sometimes caused logins to fail if authentication was initiated from a different URL than what the identity provider expected.
• Fixed an issue where operating systems policy was blocking authentications for Zendesk on Android due to the OS version being incorrectly detected.
• Grace period timeframes in the operating systems policy now display the exact number of days rather than a more general unit of measurement (e.g. 2 weeks, 1 month, etc.).