Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.
You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.
End of support for Duo products on Windows Server 2008, Windows Server 2008 R2, and Windows 7
- In alignment with Microsoft’s January 14, 2020 end of support milestone for Windows Server 2008, Windows Server 20082 R2, and Windows 7, Duo has ended support for our products and integrations on those operating systems.
- This affects the following products and integrations:
- This end of support milestone does not mean that these Duo products or integrations will cease to function on the affected operating systems. However, our support team will only provide limited troubleshooting assistance for Duo software installed on these operating systems.
- Learn more in this Community post.
New features, enhancements, and other improvements
Support for WebAuthn Security Keys on Safari 13+ desktop browser
- WebAuthn Security Keys can now be enrolled by end-users via the Duo Prompt and used to complete two-factor authentication on Safari 13 and newer on desktops.
- Note that Security Keys (WebAuthn) must be allowed via an Authentication Methods policy in order for them to be enrolled by end-users.
Directory Sync improvements
- On Azure Active Directory Sync pages, the Directory Name field has been replaced with an editable header at the top of the page. Users can click “Rename” to change the directory name, and that change is saved independently of other directory settings edits.
- A sub-navigation bar has been added to the left side of Azure Active Directory Sync pages to allow easier navigation to certain settings.
- The currently-viewed section of an Azure Active Directory sync page is bolded and marked in the sub-navigation bar to aid in navigating the page.
- The “New Directory” button at the top of the Directory Sync page in the Duo Admin Panel has been removed. It has been replaced by an individual “Add New Active Directory Sync,” “Add New OpenLDAP Sync,” and “Add New Azure Active Directory Sync” on the respective sync type tabs on the Directory Sync page.
- The Active Directory sync UI now allows syncing when zero groups are selected. This will allow administrators to “clear out” their synced users, if desired.
- Pressing “Enter” when the single user sync field is selected now runs the single user sync instead of saving the directory.
- The Users page in the Duo Admin Panel is now paginated via a “Load more” button at the bottom of the screen. The maximum number of users than be loaded per “page” is 25.
- Administrators can now add one or more users to a Group from an individual Group page in the Duo Admin Panel.
- A “Try Again” button has been added to the Duo Administrator activation workflow. Once an SMS code or phone call has been selected to verify phone number ownership, a timer for 10 seconds is started. After 10 seconds have passed, the new admin can click “Try again” to attempt to verify via SMS or phone call again if they entered their phone number incorrectly the first time.
- Phone input fields in the Duo Admin Panel have been changed. Administrators will no longer see placeholder phone numbers in the input field if there is not a phone number currently inputted. Also, help text has been added beneath the field.
- Administrator Actions log entries created as a result of an Admin API action will now list the Admin API integration in Administrator column.
- The User Import via CSV page now gives more descriptive errors when there is an error detected with the source CSV headers.
- Some Administrator Actions log entries that incorrectly named the responsible admin as “API” have now been updated to name the admin if applicable, or name “Duo Sales or Support” if they are initiated by someone from Duo (such as account provisioning, account downgrading, or telephony credit transfers).
- The Retrieve Integrations Admin API endpoint now returns the policy key, as it does for the Retrieve Integration by Integration Key endpoint.
New and updated applications
Duo Mobile for iOS version 3.32.0 with push troubleshooting released
- This new version of Duo Mobile for iOS includes a helpful push troubleshooting feature. Learn more about it in this post.
- New versions of the Duo Device Health Application and the DuoConnect client were released in early December. Learn more about both of these new versions in this post.
Duo Network Gateway version 1.5.4 released
- Addressed a potential security risk due to the recent NGINX bug fix on incorrect handling of redirection with “error_page” directive.
Admin Panel fixes
- The Username, Alias, Full Name, First Name, and Last Name input fields on an individual User page are now extended and are the same length as the Email field to avoid inputted text from “disappearing” past the text box.
- On an individual user page, synced alias fields are now visible on page load, even if they are blank.
- When adding a Duo Administrator, clarified the “Missing number” error to state “Missing phone number” when a phone number is not entered.
- On the Settings page, in the Bypass codes section, changed the wording “Help Desk admins” to “admins with the Help Desk role” to add certainty about the scope of this setting.
- Authorizing an Azure CA application on a child account will no longer cause an error to appear.
- The self-service portal toggle on an application’s properties page now displays the correct value to Duo Administrators who have read-only permissions for applications (User Manager, Help Desk, Billing, Read-only). Previously, it would always display Enabled in its read-only view despite the actual value.
- The tables on each tab (Azure Active Directory, Active Directory, and OpenLDAP) on the Directory Sync page are now sorted alphabetically without case sensitivity (e.g. dasd, nd-test, OpenLDAP) as opposed to being sorted case-sensitively. This now matches other tables throughout the Admin Panel.
- On Azure Directory Sync pages, Duo Administrators who are restricted by administrative units now have a read-only view of the group select box. They previously could update groups but didn’t have the ability to save them.