Two changes are planned for the UH Login service:

1. UH Login will be patched to the latest version of the Apereo CAS software, from 6.6.6 to 6.6.12. 

2. The MFA prompts will change to the new Duo Universal Prompt format. Duo requires we make this change before March 30, 2024.

When:

• CAS Test environment: Monday, October 16, 8:00 AM, 2023

• CAS Production environment: Saturday, December 30, 8:00-9:00 AM, 2023

The current MFA experience (left column) vs the new MFA experience (right column):

	Current User MFA Experience (traditional)	New User MFA Experience (Universal Prompt)

	Current User MFA Experience (traditional)	New User MFA Experience (Universal Prompt)
MFA Prompt	Open	Open
Additional MFA Options	not applicable	Open

1. Duo will present only the most recent MFA option used, but provides access to the full set of options.

2. Universal prompt does not rely on iFrame HTML. iFrames are considered to be a security risk.

3. The Universal Prompt is a browser-based OIDC application that uses a series of redirects to interact with your application workflow.

• https://duo.com/docs/universal-prompt-update-guide

• https://help.duo.com/s/article/7839?language=en_US

• Applications using Duo Web v2 SDK that depend on the iframe-based traditional prompt for authentication will no longer be supported. Refer to Duo Web v4 SDK and supporting Universal Prompt documentation to plan your upgrade to frameless integrations.