LogonBox 2.3.8 Released


LogonBox version 2.3.8-1501 has now been released

Changes since previous release:



  • Support for Duo’s Universal Prompt. Please check your Duo configuration is ported correctly and test password reset flows to ensure they do not allow user enrolment. https://docs.logonbox.com/app/manpage/en/article/6937734
  • Passwords are now automatically validated against over 11 billion breached account passwords at every change via https://haveibeenpwned.com/ API service.
  • Extended the option to write a mobile number back to AD when validating a mobile to anytime the user does not have a mobile attribute set.
  • LogonBox Authenticator dark mode support.
  • New enabled/disable users filters


  • Password compliance errors during password reset do not allow the user to retry a different password.
  • User logos not appearing in LogonBox Authenticator
  • Mobile view does not scroll to full length of page.
  • Principal suspension events not being fired.
  • Secure node authorised Its fields are not used.
  • Windows installer cannot change bind ports when updating an existing installation
  • Thread can lock in IP restriction service causing process to hang
  • Multiple i18n fixes.
  • Account creation now defaults email attribute to supplied email.
  • Multiple fixes in JWT single sign-on.
  • Professional license will no longer upload if you are using multiple realms.
  • Variables are now available in HTTP tasks.


The LogonBox team.