Hello everyone! Here are the release notes for our most recent updates to Duo.
Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.
Check out the Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products.
New features, enhancements, and other improvements
- Some administrators will be prompted to fill out a new in-app survey in the Duo Admin Panel to collect user feedback. Not all admins will be prompted to fill out the survey and participation is optional for those for whom it does appear.
- Federal customers are omitted from the survey.
Updates to the WebAuthn page in the Duo Admin Panel
- 2FA Devices > WebAuthn has been revamped to omit obsolete references to U2F and add columns to the credentials table for additional information.
The 2FA Devices > WebAuthn page has been updated for clarity.
Change to Duo Admin Panel fonts
- The Duo Admin panel has new fonts! This will not affect functionality.
Improvement to single subaccount reparenting
- Reparenting of a single subaccount now automatically completes after relevant admin approval without intervention from Duo Support.
Updates to the Authentication Log in the Duo Admin Panel
- If an account has selected to “Block Duo Push attempts that occur within 15 seconds of an unanswered attempt” in Settings > Lockout and Fraud, the Authentication Log will show “Frequent attempts” under “Denied” in the Result column when an attempt related to that setting occurs.
- Result previously showed “Anomalous Push.”
Lockout & Fraud settings with “Block Duo Push attempts that occur within 15 seconds of an unanswered attempt” selected.
- Akamai EAA and Aeries SIS apps are now displayed as Update required in the Universal Prompt Progress report.
- The Add one more device step now includes the guidance “With a second option to log in, you’ll be less likely to get locked out.”
- The text for the link to skip adding another device is updated from “Skip for now” to “I don’t want to add another option.”
The Add one more device step has updated language.
New and updated applications
Thirteen new named applications with Duo Single Sign-On (SSO)
- There are now named SAML applications to protect SolarWinds, Globalscape EFT, HPE Greenlake, Checkmk, ManageEngine Vulnerability Manager Plus, ManageEngine Applications Manager, ManageEngine Patch Manager Plus On Premises, ManageEngine Patch Manager Plus Cloud, Quest Foglight, and Zabbix and named OIDC applications to protect ConnectWise Home, Sensu Go, and Graylog with Duo Single Sign-On (SSO), our cloud identity provider.
- Reminder: Duo Access Gateway reached the last date of support on October 26, 2023. The DAG end-of-life milestone scheduled for March 30, 2024, has been canceled. At this time, existing DAG applications will continue to work after March 30, 2024. Please see the Guide to Duo Access Gateway end of life for more details.
Name changes for Thycotic Secret Server and Citrix NetScaler
- The Thycotic Secret Server partner-developed Auth API–based two-factor authentication (2FA) application is now renamed to Delinea Secret Server.
- There is no change to the SSO application for the same vendor product.
- The Citrix NetScaler RADIUS 2FA application and the Citrix NetScaler SAML SSO application are now both renamed to NetScaler.
- Fixes an issue where single page apps (SPAs) cache portions of the DNG authentication path. DNG auth path now sends no-cache headers.
- Updated Dependencies: Supervisord to 4.2.5, cffi to 1.16.0, Setuptools-rust to 1.9.0, and Hatchling to 1.22.5.
- Fixed an issue in the app.manifest file that did not comply with Splunk's standards.
- Minor improvements and bug fixes.
- Updated Intune device identifier detection to support new identifier location.
- Minor performance improvements.
- Miscellaneous bug fixes and behind-the-scenes improvements.
- Updated user interface to allow Bluetooth for Proximity Push private preview. Please reach out to your customer success team or leihung@cisco.com if you are interested in participating.
- A proximity push spinner was added to the Verified Push screen.
Bug fixes
- Passwordless
- Fixed a bug where the the browser did not prompt the user to complete the WebAuthn process unless they changed tabs.
- Passport
- Fixed a bug where a user’s username would get set in Duo Desktop when doing a passwordless authentication even if Passport was disabled.
- When a user’s username autofills via Duo Desktop for SSO authentications and they are then redirected to passwordless, they will now be able to change their username before being prompted to authenticate.