Changes to Duo Authentication

Lee David Painter

With the release of LogonBox 2.3.8 there are some important changes to Duo authentication that you need to check and verify after the upgrade. 

  1. Duo now supports Universal Prompt. See Duo's documentation at https://help.duo.com/s/article/6340
  2. Configuration of Duo has moved from the authentication scheme, to a global realm configuration under Authentication Flows->Authentication Options.
  3. The default configuration of Duo SHOULD NOT support user enrolment. The default configuration will be used in password reset and other self service flows. 
  4. If you want to support user enrolment through My Account or Windows Login you should obtain a second API key from Duo that enables enrolment
  5. Configure LogonBox with the second set of API keys by enabling enrolment in the Authentication Options.
  6. The upgrade will attempt to move any self-service Duo configuration to the default configuration. If you have a separate API key already for user login that supports enrolment the upgrade will attempt to configure it accordingly.

It is important that you verify Duo behaviour after upgrade.