cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1134
Views
1
Helpful
4
Comments
kyleleighavery
Cisco Employee
Cisco Employee

Hello everyone! Here are the release notes for our most recent updates to Duo.

Public release notes are published on the Cisco Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

Check out a new resource: Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products. 


What’s in this release? 


New features, enhancements and other improvements


New and updated applications

 

New features, enhancements and other improvements

 

New warning message for NTLMv1 end of support in the Duo Admin Panel

  • Owner admins will see the following message on Users > Directory Sync if they select NTLMv1 as the authentication type for Active Directory and LDAP directory sync connections or Active Directory authentication sources for SSO: 

NTLMv1 support ending

Effective October 2, 2023, Duo Security will no longer support the NTLMv1 authentication type for [Directory Sync/Single Sign-On]. Using NTLMv2 is recommended.

Learn more about the end of support of the NTLMv1 authentication type

 

New and updated applications

 

Duo Splunk Connector version 2.0.0 rolled back

 

Duo Device Health Application Public Beta version 5.2.1.0 released

  • Added improvements to support script.
  • Added collection of information related to whether the device is managed.

 

Six new named SAML applications with Duo SSO

 

Duo Mobile for Android version 4.45.0 released

  • Miscellaneous bug fixes and behind-the-scenes improvements.

 

Duo Mobile for iOS version 4.45.0 released

  • Miscellaneous bug fixes and behind-the-scenes improvements.
Comments
hawley35
Level 1
Level 1

Did D270 include deprecation of the 'password' parameter on 'POST /admin/v1/admins/[admin_id]'?

This parameter stopped working for us in the week prior to these release notes being published.

kyleleighavery
Cisco Employee
Cisco Employee

Hi @hawley35 ! That parameter has been deprecated since October 2020, as noted in the October 30 2020 Duo Release Notesthe Admin API documentation, and the Duo KB article Guide to Duo Administrator Provisioning and Self-Service Changes. Are you now receiving an error response or does it just not change the password?

hawley35
Level 1
Level 1

Thanks @kyleleighavery, but I don't specifically see that endpoint or and end-of-life date in any of that documentation. The API documentation lists it as 'Deprecated', but not with any end-of-life date.

The documentation implies that 'POST /admin/v1/admins/[admin_id]/password_mgmt' is the new supported method for use with a PAM tool. What method does Duo suggest for the PAM heartbeat(password validation) after the password change?

DuoKristina
Cisco Employee
Cisco Employee

I think the relevant info would be...

From the 10/30/2020 release note (bolding mine):

  • As part of this change, Owners will no longer be able to set a new password for an administrator who has forgotten their password. Instead, Owners will be able to copy-paste a link from the administrator’s details page where the administrator can reset their password. The action of viewing the reset password link for another administrator will be recorded in the Administrator Actions log.
  • The Admin API has also been updated to support the new administrator provisioning workflow.

From the linked KB article (bolding mine):

Existing add admin endpoint now has optional params to specify a number of days the admin’s activation link should be valid and whether to send an activation email. The phone parameter is now an optional parameter, rather than required. The password parameter was deprecated, and any value provided there will be ignored.

 

To your question: are you asking if Duo has a method for polling the external PAM for a password change there, then pulling in the changed password via API? No, we do not support this today, just a post to Duo from external to change the password, triggered by the external system.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links