Advanced Server Access release notes archive 2023 and earlier
The binaries for device tools are compatible with both Okta Privileged Access and Advanced Server Access.
To view the latest release notes, see Advanced Server Access release notes.
Advanced Server Access client
Release: 1.76.3
Deployment date: December 20, 2023
Fixes
Sometimes, when attempting to authenticate a client using the Connect button, the authentication token would expire, requiring re-enrollment. This issue was observed with regularly used clients.
Release: 1.76.2
Deployment date: December 06, 2023
The ScaleFT.exe file displayed an incorrect product version.
Release: 1.76.0
Deployment date: November 29, 2023
When the macOS client updates the state.json file, it encrypts tokens with a key stored in the user's Keychain.
Release: 1.74.4
Deployment date: September 20, 2023
Enhancements
The mechanism used to sign macOS packages has been updated.
Release: 1.74.0
Deployment date: September 07, 2023
Enhancements
This release has updates for the Okta Privileged Access client. See Okta Privileged Access release notes.
Release: 1.73.2
Deployment date: August 16, 2023
Fixes
A warning message was displayed when users tried to sign in to Advanced Server Access client version 1.72.1.
Release: 1.72.1
Deployment date: June 28, 2023
Enhancements
- MacFreeRDP client version 2.10.0 is now available. See RDP setup.
- sft list-teams command is now available as an alias for sft list-accounts command. See Use the Advanced Server Access client.
- A warning message is displayed when users try to sign in to an Advanced Server Access client that uses a deprecated ssh-rsa algorithm in its configuration.
Fixes
- sft enroll --force command didn't work as expected and displayed an error message if the same team, user, and URL entry existed.
Release: 1.71.0
Deployment date: June 07, 2023
Enhancement
- The Advanced Server Access client now sends additional metadata when sending requests to the Advanced Server Access platform.
Fixes
-
Sharing content with Windows server using MacFreeRDP on MacOS failed with the sft rdp --share option.
Release: 1.70.1
Deployment date: May 31, 2023
Fixes
-
Removed product name references from Mac and Windows GUIs.
Release: 1.69.2
Deployment date: May 24, 2023
No changes.
Release: 1.69.1
Deployment date: May 17, 2023
Enhancements
-
New MacFreeRDP package.
-
Windows client contains a new version of OpenSSH.
-
Updated RPM digests to improve FIPS compliance.
Fixes
-
When a user tried to sign in and approve a client enrollment that was silently enrolled, an error page appeared.
Release: 1.68.10
Deployment date: May 03, 2023
Fixes
-
Fixed registration of URL handler when using the system-wide installation option.
Release: 1.68.9
Deployment date: April 13, 2023
Fixes
-
Restored ssh access to unmanaged servers.
Release: 1.68.6
Deployment date: March 29, 2023
Enhancements
- The Advanced Server Access client now supports the following operating systems:
- SuSE 12 and 15
Red Hat Enterprise Linux 9
Release: 1.68.4
Deployment date: March 22, 2023
Fixes
sft enroll didn't print the URL in non-graphical Linux situations.
Release: 1.68.3
Deployment date: March 15, 2023
Fixes
Restored ssh access to unmanaged servers.
Release: 1.68.2
Deployment date: March 02, 2023
Fixes
- Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the 3rd party library web browser. For more information, see the Okta security advisory for CVE-2023-0093.
Release: 1.68.1
Deployment date: February 22, 2023
Enhancements
-
Linux, FreeBSD: 1.67.4 is the final release available for Linux and FreeBSD users without updating their apt/yum configuration. Once updated, 1.68.1 will be available which is the same, but signed by fresh GPG keys. All future Linux and FreeBSD releases will be at the new location.
-
Windows + macOS: Windows and macOS users will be prompted to install 1.67.4. Once installed it will request to be updated again to 1.68.1 which uses new signing keys and a new repository location.
Release: 1.67.4
Deployment date: February 22, 2023
Enhancements
- Improved error handling in sft.
- Duplicate <team-user-url> entries are now disallowed in state.json file.
- Better error handing for enrollment.
- state.json file auto-migrates to encrypted when switching keyring mode during login.
- Changed ScaleFT to Okta certs to build the ScaleFT client app for macOS.
- Introduced new release packaging system, new GPG key, and support for new DULL key.
- Updated the macOS software update framework.
Fixes
- Fixed bug in sft auto-complete command on macOS.
Release: 1.65.0
Deployment date: December 06, 2022
Enhancements
- Updated ASA Client default RDP screen size to 1024x768
- Updated Windows .NET framework
- Updated MacOS dependencies
- Updated various third-party dependencies
Fixes
- Ignore ext-info-s to handle buggy sshd
- Return the only User Access Method directly without interactive operation
Notice
Beginning in December 2022, Advanced Server Access Client will remove support for the following end-of-life operating systems:
- Debian 9
- Fedora 33
- Fedora 34
- macOS 10.12
- macOS 10.13
- macOS 10.14
- Windows 8
Teams using these operating systems should upgrade before this time. See Supported operating systems.
Release: 1.64.3
Deployment date: November 10, 2022
Due to ssh-rsa issues in release 1.64.1, we are re-releasing release 1.62.3 as release 1.64.3.
Advanced Server Access Client now supports Ubuntu 22.04.
For a list of supported options, see Supported operating systems.
Fixes
Advanced Server Access Team enrollment through macOS client GUI returned an error.
Notice
Beginning in December 2022, Advanced Server Access Client will remove support for the following end-of-life operating systems:
- Debian 9
- Fedora 33
- Fedora 34
- macOS 10.12
- macOS 10.13
- macOS 10.14
- Windows 8
Teams using these operating systems should upgrade before this time. See Supported operating systems.
Release: 1.64.1
This release has been replaced by release 1.62.3.
Release: 1.62.3
Deployment date: August 24, 2022
Advanced Server Access Client now supports Ubuntu 22.04.
For a list of supported options, see Supported operating systems.
Fixes
Advanced Server Access Team enrollment through macOS client GUI returned an error.
Notice
Beginning in December 2022, Advanced Server Access Client will remove support for the following end-of-life operating systems:
- Debian 9
- Fedora 33
- Fedora 34
- macOS 10.12
- macOS 10.13
- macOS 10.14
- Windows 8
Teams using these operating systems should upgrade before this time. See Supported operating systems.
Release: 1.61.0
Deployment date: June 15, 2022
Advanced Server Access no longer supports the following operating systems:
- Ubuntu 12.04
- Red Hat Enterprise Linux 6
For a list of supported options, see Supported operating systems.
Enhancements
- The Advanced Server Access client can autocomplete commands in bash and zsh.
Release: 1.60.0
Deployment date: May 04, 2022
Beginning June 2022, Advanced Server Access will remove support for the following operating systems:
- Ubuntu 12.04
- Red Hat Enterprise Linux 6
If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.
Enhancements
- The sft ssh command can include the SFT_ALLOW_INSECURE_USERNAMES=1 enviroment variable to temporarily allow ssh connections with usernames that include non-standard characters. See Use the Advanced Server Access client.
- The client now supports the Diffie Hellman Group Exchange SHA256 Kex Algorithm.
- Several changes were made to AD-Joined. See AD-Joined.
- When a user with multiple AD accounts connects to an discovered AD device, they can choose which account to use.
- Users can connect to AD devices without entering a password. See Passwordless certificates.
- Users can connect to AD devices from the GUI on both macOS and Windows.
- Users can configure the client.timeout_seconds option to define a maximum time to wait for a response from servers. See Configure the client.
- Unenrolled clients now return more detailed error messages.
Fixes
- Specifying a username with SSH connections returned an error.
- The link to the Advanced Server Access documentation was incorrect on the macOS client.
- Clients didn't retry connections for certain operations if the team had already exceeded the Advanced Server Access API rate or concurrency limits.
- The SFT_Hook_Events environment variable for lifecycle hooks was unavailable for scripts.
Release: 1.58.0
Deployment date: March 21, 2022
Beginning June 2022, Advanced Server Access will remove support for the following operating systems:
- Ubuntu 12.04
- Red Hat Enterprise Linux 6
If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.
Fixes
-
The Advanced Server Access client on macOS and Linux platforms was found to be vulnerable to command injection via specially crafted URLs.
This is a High severity issue and Okta strongly recommends updating the Advanced Server Access client to version 1.58.0. For more information, see the Okta security advisory for CVE-2022-1030.
Release: 1.57.0
Deployment date: February 17, 2022
Beginning June 2022, Advanced Server Access will remove support for the following operating systems:
- Ubuntu 12.04
- Red Hat Enterprise Linux 6
If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.
Fixes
-
The Advanced Server Access client on Windows was found to be vulnerable to command injection via specially crafted URLs.
This is a High severity issue and Okta strongly recommends updating the Advanced Server Access client to version 1.57.0. For more information, see the Okta security advisory for CVE-2022-24295. - The sft config edit command was unable to modify the ssh.allow_rsa_sha1_keys option.
Release: 1.56.1
Deployment date: January 10, 2022
Enhancements
- The Advanced Server Access client now supports Windows 11.
Fixes
- Using a single client instance for multiple ASA user accounts on the same team sometimes caused an error.
Release: 1.55.1
Deployment date: November 10, 2021
Enhancements
- Clients can use legacy RSA/SHA1 host key algorithms with the
ssh.allow_rsa_sha1_keys
option.
Release: 1.54.1
Deployment date: August 4, 2021
Advanced Server Access now has its own dedicated help site: Advanced Server Access.
This enhancement offers direct access to independent online help for Advanced Server Access from help.okta.com.
The new site provides several benefits:
-
Compactly designed, product-centric content
-
Streamlined navigation
-
More efficient content updates and responsiveness to customer feedback
Release: 1.54.0
Deployment date: June 30, 2021
Starting September 2021, Advanced Server Access will no longer support the following operating systems:
-
CentOS 6
-
FreeBSD 10
If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before September 2021. See Supported operating systems.
Fixes
-
RoyalTSX server lists were incorrectly formatted.
-
The Advanced Server Access client installer incorrectly required Rosetta to be installed on Apple M1 Macs.
Release: 1.53.2
Deployment date: June 1, 2021
Enhancements
-
The sft list-servers command now supports outputting server labels for teams that have PolicySync enabled.
Release: 1.52.2
Deployment date: April 29, 2021
Enhancements
-
The Advanced Server Access client is now natively supported on the M1 platform.
Release: 1.51.3
Deployment date: March 23, 2021
Fixes
- Clients ignored the LogLevel option when printing server banners.
Release: 1.51.1
Deployment date: February 16, 2021
Features and enhancements
- Use sft config edit to edit the Advanced Server Access client configuration file with your system's default editor.
- The client now retries rate limited SSH authentication requests for up to five minutes before failing.
Release: 1.50.1
Deployment date: November 16, 2020
Features and enhancements
- Reducing the frequency that the host key cache is cleared improved parallel client performance.
Early Access Features
- Shared primary user group identifiers (GIDs) are now supported.
Fixes
- Enabling Client Trust Forwarding broke agent forwarding during non-interactive sessions.
Release: 1.45.4
Deployment date: July 10, 2020
Fixes
- When using client trust forwarding, a panic could occur, causing the client to crash. (OKTA-312023)
Release: 1.45.3
Deployment date: June 16, 2020
Fixes
- When used on a client not enrolled in any teams, the output from the 'sft resolve -q' command wasn't quiet.
- When running numerous 'sft' commands in parallel, it was possible to corrupt the internal 'known_hosts' file, which led to subsequent connection errors. (OKTA-292731)
- The SecureCRT ssh client couldn't connect to servers when using the 'ProxyCommand' option. (OKTA-259170)
Release: 1.44.2
Deployment date: March 24, 2020
Features and enhancements
- The macOS client now supports Royal TSX for RDP.
- The title bar of the Windows RDP client now displays the destination hostname.
- ssh_config now supports true and false for Boolean SSH configurations, in addition to yes and no.
Fixes
- The macOS client had a pathing issue in sft list-servers-rjson
- When multiple login attempts were made concurrently from the command line, the system didn't wait for the first to complete.
Advanced Server Access server agent
Release: 1.76.3
Deployment date: December 20, 2023
No updates.
Release: 1.76.2
Deployment date: December 06, 2023
No updates.
Release: 1.76.0
Deployment date: November 29, 2023
This release has updates for Okta Privileged Access. See Okta Privileged Access release notes.
Release: 1.74.4
Deployment date: September 20, 2023
No changes.
Release: 1.74.0
Deployment date: September 07, 2023
No changes.
Release: 1.73.2
Deployment date: August 16, 2023
No changes.
Release: 1.73.1
Deployment date: July 19, 2023
No changes.
Release: 1.72.1
Deployment date: June 28, 2023
No changes.
Release: 1.71.0
Deployment date: June 07, 2023
No changes
Release: 1.70.1
Deployment date: May 31, 2023
Fixes
-
Removed product name references from Mac and Windows GUIs.
Release: 1.69.2
Deployment date: May 24, 2023
No changes.
Release: 1.69.1
Deployment date: May 17, 2023
Enhancements
- Updated RPM digests to improve FIPS compliance.
Release: 1.68.10
Deployment date: May 03, 2023
No changes.
Release: 1.68.9
Deployment date: April 13, 2023
No changes.
Release: 1.68.6
Deployment date: March 29, 2023
Enhancements
- The Advanced Server Access server agent now supports the following operating systems:
- SuSE 12 and 15
Red Hat Enterprise Linux 9
Release: 1.68.4
Deployment date: March 22, 2023
No changes
Release: 1.68.3
Deployment date: March 15, 2023
No changes
Release: 1.68.2
Deployment date: March 02, 2023
No changes
Release: 1.68.1
Deployment date: February 22, 2023
Enhancements
-
Linux, FreeBSD: 1.67.4 is the final release available for Linux and FreeBSD users without updating their apt/yum configuration. Once updated, 1.68.1 will be available which is the same, but signed by fresh GPG keys. All future Linux and FreeBSD releases will be at the new location.
-
Windows + macOS: Windows and macOS users will be prompted to install 1.67.4. Once installed it will request to be updated again to 1.68.1 which uses new signing keys and a new repository location.
Release: 1.67.4
Deployment date: February 22, 2023
Enhancements
Introduced new release packaging system, new GPG key, and support for new DULL key.
Fixes
Fixed a bug that could prevent on-demand users from signing in.
Release: 1.65.0
Deployment date: December 06, 2022
Enhancements
Added support for FreeBSD 13
Fixes
Group membership reassignment
Notice
Beginning in December 2022, Advanced Server Access Agent will remove support for the following end-of-life operating systems:
- Amazon Linux
- CentOS 7 and 8
- Debian 9
- FreeBSD 11
Teams using these operating systems should upgrade before this time. See Supported operating systems.
Release: 1.64.3
Deployment date: November 10, 2022
Due to ssh-rsa issues in release 1.64.1, we are re-releasing release 1.62.3 as release 1.64.3.
Advanced Server Access Agent now supports Ubuntu 22.04.
For a list of supported options, see Supported operating systems.
Notice
Beginning in December 2022, Advanced Server Access Agent will remove support for the following end-of-life operating systems:
- Amazon Linux
- CentOS 7 and 8
- Debian 9
- FreeBSD 11
Teams using these operating systems should upgrade before this time. See Supported operating systems.
Release: 1.64.1
This release has been replaced by release 1.62.3.
Release: 1.62.3
Deployment date: August 24, 2022
Advanced Server Access Agent now supports Ubuntu 22.04.
For a list of supported options, see Supported operating systems.
Notice
Beginning in December 2022, Advanced Server Access Agent will remove support for the following end-of-life operating systems:
- Amazon Linux
- CentOS 7 and 8
- Debian 9
- FreeBSD 11
Teams using these operating systems should upgrade before this time. See Supported operating systems.
Release: 1.61.0
Deployment date: June 15, 2022
Advanced Server Access no longer supports the following operating systems:
- Ubuntu 12.04
- Red Hat Enterprise Linux 6
For a list of supported options, see Supported operating systems.
Fixes
- The server agent sometimes encountered a crash loop due to improper data structures resulting from group goal generation.
- The server agent didn't correctly remove the associated user profile or home directory after on-demand user accounts expired.
Important: Home directories and their contents are now completely removed when the user account expires. See On-demand users. -
AWS IMDSv2 is now used by default. IMDSv1 is no longer used.
Release: 1.60.0
Deployment date: May 04, 2022
Beginning June 2022, Advanced Server Access will remove support for the following operating systems:
- Ubuntu 12.04
- Red Hat Enterprise Linux 6
If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.
Release: 1.58.0
Deployment date: March 21, 2022
Beginning June 2022, Advanced Server Access will remove support for the following operating systems:
- Ubuntu 12.04
- Red Hat Enterprise Linux 6
If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.
Release: 1.57.0
Deployment date: February 17, 2022
Beginning June 2022, Advanced Server Access will remove support for the following operating systems:
- Ubuntu 12.04
- Red Hat Enterprise Linux 6
If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.
Release: 1.56.1
Deployment date: January 10, 2022
Enhancements
- The Advanced Server Access server agent now supports Alma Linux and ARM-based Ubuntu servers.
Fixes
- Some sshd configurations encountered issues related to Match statements.
Release: 1.55.1
Deployment date: November 10, 2021
This release is part of our scheduled release cycle and includes no user-facing changes.
Release: 1.54.0
Deployment date: June 30, 2021
Starting September 2021, Advanced Server Access will no longer support the following operating systems:
-
CentOS 6
-
FreeBSD 10
If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before September 2021. See Supported operating systems.
Fixes
-
Whitespace and comments were not ignored when searching for host keys in sshd configuration files.
Release: 1.53.2
Deployment date: June 1, 2021
Enhancements
-
The Advanced Server Access server agent now supports using a custom broker access port and a custom listen host and listen port through configuration options: BrokerAccessPort, BrokerListenPort, and BrokerListenHost. See Configure the Advanced Server Access server agent.
Fixes
-
On Windows, logs were not being stored properly.
Release: 1.52.2
Deployment date: April 29, 2021
Enhancements
-
The Advanced Server Access server agent is now available for ARM64 architectures.
Early Access Features
-
PolicySync Attribute-Based Access Controls (ABAC) is now supported. This allows server access to be determined by labels assigned to individual servers.
Release: 1.51.3
Deployment date: March 23, 2021
Enhancements
- The server agent now validates changes to the sshd_config file. This prevents a malformed configuration file from disrupting connectivity.
- The server agent now creates a backup of the sshd_config file before making changes to it. This ensures that a working configuration can be restored in the event of an invalid configuration file.
- The default thread count for machines with a large number of processors has been reduced. This improves individual processor performance.
Fixes
- When on-demand users attempted to connect to a Windows server using RDP, their initial attempt would sometimes fail.
Release: 1.51.1
Deployment date: February 16, 2021
Features and enhancements
Client tools:
- Use sft config edit to edit the Advanced Server Access client configuration file with your system's default editor.
- The client now retries rate limited SSH authentication requests for up to five minutes before failing.
Gateways:
- Gateways now include a sample config file.
- Gateways now support agent forwarding.
Fixes
Server tools:
- When servers running Red Hat Enterprise Linux were upgraded, sometimes their server entries in Advanced Server Access were duplicated.
- When admins enabled or disabled Forward Client Trust for a project, it sometimes resulted in an invalid sshd configuration. (Early Access)
Release: 1.50.4
Deployment date: December 17, 2020
Fixes
- Attempting to apply a Unix user ID (UID) change and a user deletion operation to the same user simultaneously sometimes caused the agent to crash.
Release: 1.50.3
Deployment date: November 17, 2020
Fixes
- Users who were members of non-existent local Unix groups sometimes caused the agent to crash.
- When the agent was freshly installed on Windows, the Remote Desktop Protocol (RDP) broker failed to start.
Release: 1.45.3
Deployment date: June 16, 2020
Fixes
- Remote desktop protocol sessions weren't closed when a user was deactivated or deleted. (OKTA-294736)
Release: 1.44.6
Deployment date: April 20, 2020
Fixes
- The Linux agent had an issue where some user group memberships were not correctly added.
Release: 1.44.4
Deployment date: April 15, 2020
Features and enhancements
- Enhanced user and group attributes are now available. For more information, see Advanced Server Access user and group attributes.
Release: 1.44.2
Deployment date: March 24, 2020
Features and enhancements
- The unix client can update customer user attributes, including shell, home directory, and account comment.
- The RSA certificate ID part of SSH logs is now parsed.
Fixes
- When sudo entitlements were renamed on unix, there was an issue.
- Improved error handling when loading TLS certificates.
- File permissions on sshd_config were sometimes altered when changing the file.
Release: 1.41.0
Deployment date: November 13, 2019
Features and enhancements
- Reduced event hook logging.
Fixes
- When migrating a server to a different project, there were sometimes user sync issues.
Advanced Server Access gateways
Release: 1.76.3
Deployment date: December 20, 2023
No updates.
Release: 1.76.2
Deployment date: December 06, 2023
No updates.
Release: 1.76.0
Deployment date: November 29, 2023
This release has updates for Okta Privileged Access. See Okta Privileged Access release notes.
Release: 1.74.4
Deployment date: September 20, 2023
Enhancements
No changes.
Release: 1.74.0
Deployment date: September 07, 2023
Enhancements
No changes.
Release: 1.73.2
Deployment date: August 16, 2023
Enhancements
- sft session-logs export --h command now displays information about .mkv videos for RDP session recordings.
Fixes
- The user sync job failed if an Active Directory (AD) connection was created with a non-existing AD domain.
- During Advanced Server Access gateway startup, missing state directory led to incorrect ownership of properties.
Release: 1.73.1
Deployment date: July 19, 2023
No changes.
Release: 1.72.1
Deployment date: June 28, 2023
No changes.
Release: 1.71.0
Deployment date: June 07, 2023
Fixes
- RDP session recording videos were unplayable due to low frame rates.
Release: 1.70.1
Deployment date: May 31, 2023
Fixes
-
Removed product name references from Mac and Windows GUIs.
Release: 1.69.2
Deployment date: May 24, 2023
No changes.
Release: 1.69.1
Deployment date: May 17, 2023
Enhancements
- Added an SELinux policy for gateway packages.
- Updated RPM digests to improve FIPS compliance.
Release: 1.68.10
Deployment date: May 03, 2023
No changes.
Release: 1.68.9
Deployment date: April 13, 2023
No changes.
Release: 1.68.6
Deployment date: March 29, 2023
Enhancements
- The Advanced Server Access gateway now supports Red Hat Enterprise Linux 9.
Release: 1.68.4
Deployment date: March 22, 2023
No changes
Release: 1.68.3
Deployment date: March 15, 2023
No changes
Release: 1.68.2
Deployment date: March 02, 2023
No changes
Release: 1.68.1
Deployment date: February 22, 2023
Enhancements
-
Linux, FreeBSD: 1.67.4 is the final release available for Linux and FreeBSD users without updating their apt/yum configuration. Once updated, 1.68.1 will be available which is the same, but signed by fresh GPG keys. All future Linux and FreeBSD releases will be at the new location.
-
Windows + macOS: Windows and macOS users will be prompted to install 1.67.4. Once installed it will request to be updated again to 1.68.1 which uses new signing keys and a new repository location.
Release: 1.67.4
Deployment date: February 22, 2023
Enhancements
- Introduced RDP session recording and RDP Session Transcoder.
- Added support for configuring session recording file names.
- Updates AWS S3 log destination block instructions to use Amazon EC2 instance IAM Roles.
-
Introduced new release packaging system, new GPG key, and support for new DULL key.
Release: 1.65.0
Deployment date: December 06, 2022
Enhancements
Added support for LDAPS AD Discovery Job
Notice
Beginning in December 2022, Advanced Server Access Gateway will remove support for the following end-of-life operating systems:
- Amazon Linux
- CentOS 7 and 8
- Debian 9
- FreeBSD 11
Teams using these operating systems should upgrade before this time. See Supported operating systems.
Release: 1.64.3
Deployment date: November 10, 2022
Due to ssh-rsa issues in release 1.64.1, we are re-releasing release 1.62.3 as release 1.64.3.
Enhancements
-
Advanced Server Access Gateway now supports Red Hat Enterprise Linux 8 for AD-joined and RDP connections routed through a Gateway.
-
Advanced Server Access Gateway now supports Ubuntu 22.04.
Notice
Beginning in December 2022, Advanced Server Access Gateway will remove support for the following end-of-life operating systems:
- Amazon Linux
- CentOS 7 and 8
- Debian 9
- FreeBSD 11
Teams using these operating systems should upgrade before this time. See Supported operating systems.
Release: 1.64.1
This release has been replaced by release 1.62.3.
Release: 1.62.3
Deployment date: August 24, 2022
Enhancements
-
Advanced Server Access Gateway now supports Red Hat Enterprise Linux 8 for AD-joined and RDP connections routed through a Gateway.
-
Advanced Server Access Gateway now supports Ubuntu 22.04.
Notice
Beginning in December 2022, Advanced Server Access Gateway will remove support for the following end-of-life operating systems:
- Amazon Linux
- CentOS 7 and 8
- Debian 9
- FreeBSD 11
Teams using these operating systems should upgrade before this time. See Supported operating systems.
Release: 1.61.0
Deployment date: June 15, 2022
Advanced Server Access no longer supports the following operating systems:
- Ubuntu 12.04
- Red Hat Enterprise Linux 6
For a list of supported options, see Supported operating systems.
Release: 1.60.0
Deployment date: May 04, 2022
Beginning June 2022, Advanced Server Access will remove support for the following operating systems:
- Ubuntu 12.04
- Red Hat Enterprise Linux 6
If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.
Release: 1.58.0
Deployment date: March 21, 2022
Beginning June 2022, Advanced Server Access will remove support for the following operating systems:
- Ubuntu 12.04
- Red Hat Enterprise Linux 6
If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.
Release: 1.57.0
Deployment date: February 17, 2022
Beginning June 2022, Advanced Server Access will remove support for the following operating systems:
- Ubuntu 12.04
- Red Hat Enterprise Linux 6
If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.
Fixes
- Closing a client connection sometimes caused a gateway error
Release: 1.56.1
Deployment date: January 10, 2022
Enhancements
- The Advanced Server Access gateway now supports Alma Linux and ARM-based Ubuntu servers.
Fixes
- Bastions couldn't use an FQDN or load balancer as an AccessAddress.
Release: 1.55.1
Deployment date: November 10, 2021
Early Access Features
- AD-Joined can automatically discover Active Directory (AD) servers.
- AD-Joined allow Remote Desktop Protocol (RDP) proxy connections with AD credentials.
For details, see AD-Joined.
Enhancements
- Restricted access to some Linux system capabilities using sft-gatewayd.service.
- Gateways can refuse Secure Shell (SSH) and RDP connections with the
RefuseConnections
option.
Fixes
- Sensitive data was being included in diagnostic support bundles.
Release: 1.54.1
Deployment date: August 4, 2021
Advanced Server Access now has its own dedicated help site: Advanced Server Access.
This enhancement offers direct access to independent online help for Advanced Server Access from help.okta.com.
The new site provides several benefits:
-
Compactly designed, product-centric content
-
Streamlined navigation
-
More efficient content updates and responsiveness to customer feedback
Fixes
-
Gateways didn't forward SSH login banners to clients.
Release: 1.54.0
Deployment date: June 30, 2021
Starting September 2021, Advanced Server Access will no longer support the following operating systems:
-
CentOS 6
-
FreeBSD 10
If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before September 2021. See Supported operating systems.
Enhancements
-
SSH session log file entries no longer include duplicate connection IDs.
Release: 1.52.2
Deployment date: April 29, 2021
Enhancements
- Gateways now report the number of active connections. This allows admins to view a gateway's current connection load.
-
The log integrity validation algorithm for SSH session logs has been improved. This helps to ensure the authenticity of SSH session logs.
-
A gateway will no longer start if the temporary directory for its log storage is not on a valid device. This allows an invalid log directory to be detected at start up rather than during runtime.
-
The temporary directory for gateway log storage can now be specified by the SessionLogTempStorageDirectory configuration option. This allows the temporary directory to be configured and for the temporary directory and storage directory to be on different volumes.
Fixes
-
SSH session metadata was incorrectly logged.
Release: 1.51.3
Deployment date: March 23, 2021
Enhancements
- Gateways now report the local disk storage in use or zero when using external storage. This change allows admins to determine whether gateway files are stored locally or externally, and how much storage is in use.
Release: 1.51.1
Deployment date: February 16, 2021
Features and enhancements
- Gateways now include a sample config file.
- Gateways now support agent forwarding.
Release: 1.49.2
Deployment date: November 9, 2020
Early Access Features
Gateways
You can now install and use Advanced Server Access gateways. See Install the Advanced Server Access gateway.
Session capture
You can now enable session capture on a project to log all session data on a gateway. See Enable session capture on a project.
Advanced Server Access platform
Release: 2023.11.1
Deployment date: November 29, 2023
This release has updates for Okta Privileged Access. See Okta Privileged Access release notes.
Release: 2023.06.2
Deployment date: June 28, 2023
Enhancements
The following features are now in GA:
Past releases
Release: 2023.04.1
Deployment date: April 12, 2023
Enhancements
The ASA API documentation has a new look and feel. You can access the documentation through the Okta API reference portal.
Release: 2023.02.2
Deployment date: February 22, 2023
Fixes
Fixed an issue preventing the ssh_login event from being populated in the Okta System Log.
Release: 2023.02.0
Deployment date: February 08, 2023
Feature
Advanced Server Access audit events integration with Okta System Log feature is available as an Early Access feature to Advanced Server Access customers. To enable it, contact Okta Support.
Release: 2023.01.0
Deployment date: January 11, 2023
Feature
The PolicySync feature is now generally available to all Advanced Server Access customers. The feature is being gradually enabled on all Advanced Server Access teams starting in January 2023.
Release: 2022.09.00
Deployment date: August 31, 2022
Enhancement
-
Teams can no longer assign the Billing role to groups. See Team roles.
Release: 2022.08.03
Deployment date: August 24, 2022
Feature
-
Teams can review and export details for individual AWS server discovery jobs. See Review server discovery jobs.
This is an Early Access feature. To enable it for your team, contact Okta Support.
Release: 2022.06.01
Deployment date: June 15, 2022
Feature
-
Teams can assign the ECDSA-521, ECDSA-384, and ECDSA-256 certificate signing algorithms to new and existing projects. Users must upgrade the ASA client to version 1.61.0 or later to connect to these projects. See Create a project.
Release: 2022.05.01
Deployment date: May 11, 2022
Feature
-
The AD-Joined feature provides Remote Desktop Protocol (RDP) access to Active Directory (AD) resources using existing AD accounts. This feature allows teams to better integrate their AD domain with Advanced Server Access. See AD-Joined.
Release: 2022.04.02
Deployment date: April 13, 2022
Feature
- The Certificate Signing Algorithm setting allows projects to use the more secure ssh-ed25519 algorithm in server authentication certificates. New projects use the ssh-ed25519 algorithm by default, but teams can still use the legacy ssh-rsa algorithm to provide support for older operating systems. See Create a project.
Release: 2022.03.2
Deployment date: March 16, 2022
Enhancements
- This release removes the legacy Billing Contact tab from the Advanced Server Access settings page.
Release: 2022.03.1
Deployment date: March 9, 2022
Fixes
- When a user account was deleted from Advanced Server Access, the account was not promptly removed from local servers.
Release: 2022.03.0
Deployment date: March 2, 2022
Fixes
- Delays occurred when a local Linux or Windows user was deleted after they were deleted in Advanced Server Access.
Release: 2021.11.12
Deployment date: November 12, 2021
Enhancements
- Rate limits are applied using an updated measurement method.
- API responses send an
X-RateLimit-Retry-At
header after exceeding the rate limit.
See Rate Limting.