Duo Release Notes for October 16, 2020

Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.
You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New features, enhancements, and other improvements

New and updated applications

Bug fixes

See all bug fixes

New features, enhancements, and other improvements

New features for Duo Central, now in public preview

  • Duo Central, the new login portal page that works in conjunction with Duo-hosted Single Sign-On, is now optimized to be viewed on mobile devices.
  • End-users can now toggle between a tile view and a list view when viewing the application list.
  • End-users can also now find a logout option in the user menu.
  • Removing an application in the Duo Admin Panel will now remove its corresponding Duo Central tile.
  • Duo Single Sign-On and Duo Central are both currently in a public preview phase. You can enable and configure them in the Admin Panel under Single Sign-On. The public preview of Duo Central is available for all non-Federal customers on MFA, Access, or Beyond editions.
  • Learn more about Duo Central on the Duo blog.

Increased Admin API rate limit for single-user syncs from an external directory

  • The rate limit for synchronizing individual users from a directory via the Admin API has been increased from not more than once per minute to not more than 20 times per minute.

Duo Client Python updated to support new method of specifying user aliases

  • The Duo Client Python now supports an additional attribute for users called aliases. The aliases attribute is a map of alias position to alias value for all specified aliases.
  • See the Duo Admin API documentation on modifying users for more information.

Azure Active Directory synchronization is now enabled for Federal customers

  • Azure Active Directory synchronization has been enabled for all Federal customers.
    Updated permissions for the Universal Prompt Update Progress report in the Admin Panel
  • Duo administrators with the role of Application Manager may now view the Universal Prompt Update Progress report.
  • Other roles with access to this report are: Owner, Administrator, Read-Only; only the Owner and Administrator roles may make changes on the report page.
  • The Update Progress report is currently visible only to customers with a Microsoft Azure Active Directory Conditional Access or Duo Single Sign-On application because these were the first two applications to receive back-end updates in support of the new prompt, which is currently under development.

Enhanced Trusted Endpoints support for Edge browser

  • The Trusted Endpoints management integrations for AD DS, Intune, LANDesk, Generic Integrations, and manual certificate import have improved support for the Chromium-based Edge browser.
  • AD DS, Intune, Generic, and LANDesk management integrations have updated script or registry file downloads to extend Edge support.

AWS Quick Start option added for Duo Network Gateway

  • An AWS Quick Start option is now available to support a faster setup of the Duo Network Gateway.
  • The Quick Start automates usually manual steps, such as creating subnets and security groups, portal and admin servers, ElastiCache and Redis replication, load balancers, and more.

Added 2-month option for grace periods associated with OS, browser, plugin policy

  • There is now a 2-month grace period option for the operating systems, browsers, and plugins policy.
  • The grace period is configured in the field labeled “When a version becomes out of date or end of life, encourage to update.”

Updated UI labels for Admin Panel login page

  • A title of “Admin Login” has been added to the Admin Panel login screen for Duo administrators. This title appears below the Duo logo at the top of the page.
  • The text label that appears above the email address field has been changed to “Enter your admin credentials” instead of “Log in” to more clearly distinguish this page as the login for administrators and not end-users.
  • To assist end-users who land on this page by mistake, there is also now a “Looking for help” statement with links to end-user resources.

New and updated applications

Duo Authentication for Windows Logon and RDP version 4.1.2 released

  • Addresses an elevation of privilege vulnerability in the Windows Logon installer which could allow an authenticated local attacker to overwrite files in privileged directories (CVE-2020-3427). This issue only impacts a fresh install of Windows Logon; existing installations are not affected.
  • Refer to this Duo Knowledge Base article for more information.

Duo Device Health application version released for macOS and version 2.8.0 released for Windows 10

Duo Mobile for iOS version 3.40.0 released

  • Minor bug fixes and behind-the-scenes improvements.

Duo Mobile for Android version 3.40.0 released

  • Minor bug fixes and behind-the-scenes improvements.

Updates to Webex ControlHub, DocuSign for Duo Access Gateway

  • The Webex ControlHub and DocuSign applications for Duo Access Gateway have been updated to support uploading an XML metadata file.

Bug fixes

  • Updated a label on the Admin Panel Settings page to “Country/region” instead of “Region” to better reflect its purpose.
  • Fixed an issue that caused an administrator to lose their data input when editing a user in the Admin Panel if the input triggered an error message, such as a username alias conflict. Now the input will be preserved and the error will appear below the field to provide additional context.
  • Fixed a bug where a user failed to sync via directory synchronization when their LDAP distinguished name (DN) was longer than 256 characters. The character limit has been increased.
  • Fixed an issue where the UI displayed a success message for a single-user sync via directory synchronization that actually failed due to a collision in usernames.
  • Fixed a bug where creating an invalid administrator password and then saving the page did not automatically scroll to the top of the page to show the error.
  • The Authentication Log now correctly returns WebAuthn as an authentication factor via the Admin API. Previously, logs for WebAuthn events were returned with factors listed as null. Note: This issue did not impact the Authentication Log in the Admin Panel.