Hello everyone! Here are the release notes for our most recent updates to Duo.

Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

Check out the Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products.

New features, enhancements, and other improvements

Updates to Reports in Duo Admin Panel

• An updated Universal Prompt Progress report is now generally available. 
  • All applications now show on the report page, categorized by: 
    • Using Traditional Prompt — can be filtered by statuses Migration or reconfiguration required, Update required, Activation required and No action required yet. Out-of-scope applications will show documentation for remediation.
    • Using Universal Prompt
    • Unaffected
  • Instead of eternal scrolling, the report now has pages.
  • Application statuses have been updated.
  • Admins will see a new banner at the top of the report with the total number of impacted applications and the Traditional Prompt end-of-support date; this banner can be dismissed.

An example of the dismissable banner on the Universal Prompt Progress report page.

• The Telephony Log report received an update to improve reliability and speed; no visible changes were made.
• The Single Sign-On Log report offers additional, expandable information on scopes used in the Application column when the application is “Generic OIDC Relying Party.”

This expanded example shows "profile, email, openid" as the scopes.

Now generally available: Custom Branding for SSO Login Label

• Admins can now customize the text above where a username is entered in single sign-on (SSO) login under Settings > Custom Branding in the Duo Admin Panel.

Updates to Duo Auth API enrollment endpoints

• The enroll and enroll status endpoints in Auth API integrations will now respect New User policy settings, which administrators can change in the Settings section of the Admin Panel.
• If the Auth API application’s New User policy is set to Deny access, these enrollment endpoints will be unusable. Attempts to use them will result in a response in this format: {"response": {"result": "deny", "status": "Access is not allowed because you are not enrolled in Duo. Please contact your organization's IT help desk."}, "stat": "OK"}.

New Log out button in Universal Prompt Self-Service Portal

• The Log out button allows users to manually end their self-service session when they have finished making changes. This will appear when the user enters the portal via the direct link configured in Duo SSO.

Updates to Duo SSO Attribute Transformations (generic SAML providers) and Claim Transformations (generic OIDC providers)

• format_ad_groups rule has the new option ignorecase.
• filter and startswith options can be repeated in format_ad_groups rule to allow logically inclusive filtering of multiple terms.
• The delimiter option can be repeated in rules keep_before, keep_after, insert_before and insert_after to allow logically inclusive filtering of multiple terms.
• Now in public preview: Temporary attributes support allows performing more complex transformations, such as using the same attribute several times inside another transformation.
• The preview section is now generally available.
• OIDC Claim Transformations are now generally available.

New and updated applications

Upcoming end-of-support dates

• Effective March 30, 2024, Duo will no longer support the traditional Duo Prompt; March 30 was formerly the end-of-life date. Please see the Guide to Traditional Prompt End of Support for information.
• Effective February 14, 2024, Atlassian will end support for its Server products. As a result, February 14 will be the last date of support for Duo applications that protect on-premises installations of Confluence and Jira. See the Guide to Duo end-of-life and end-of-support plans for more information.

Three new named SAML applications with Duo SSO

• There are now named SAML applications to protect ManageEngine Password Manager Pro, ManageEngine ADAudit Plus and Manage Engine PAM360 with Duo SSO, our cloud identity provider.
• There are now two additional use cases for Amazon Web Services and CLI, Amazon Managed Prometheus and AWS Management Console.
• Reminder: Duo Access Gateway reached the last date of support on October 26, 2023. The new DAG end-of-life date will be March 30, 2024. Please see the Guide to Duo Access Gateway end of life for more details.

Duo Authentication for Microsoft RD Web 3.0.0 released

• Duo Universal Prompt support with OIDC standards-based redirects. The Duo Prompt no longer loads in an iframe. Learn more about the move to frameless authentication in preparation for Duo Universal Prompt.
• The installer now defaults to "fail closed" for new installations and upgrades to v3.0.0. Upgrades from v3.0.0 to future releases will preserve the installed fail mode selection.
• TLS 1.2 is now the minimum supported version. Drops support for TLS 1.1, 1.0, and SSLv3.
• Fixes an issue with IIS proxy bypass parsing.
• Corrects an issue with usernames using an alternative UPN suffix.
• We now use enhanced strong naming for Duo generated .NET Assemblies.
• Changes the registry values IKey and SKey to Client_Id and Client_Secret.

Duo Desktop macOS public beta version 6.3.1.0 released

• Minor improvements and enhancements.

Duo Desktop Windows public beta version 6.3.1 released

• Minor improvements and enhancements.

duo_unix-2.0.3 released

• Fixed AIX compilation bug.
• Support script now fetches correct log and PAM files for Solaris and AIX.
• Fedora 34 and 37 are no longer supported.

Duo Mobile for Android version 4.57 released

• Miscellaneous bug fixes and behind-the-scenes improvements.

Duo Mobile for iOS version 4.57 released

• Miscellaneous bug fixes and behind-the-scenes improvements.