Advanced Server Access release notes archive 2023 and earlier

The binaries for device tools are compatible with both Okta Privileged Access and Advanced Server Access.

To view the latest release notes, see Advanced Server Access release notes.

Advanced Server Access client

Release: 1.76.3

Deployment date: December 20, 2023

Fixes

Sometimes, when attempting to authenticate a client using the Connect button, the authentication token would expire, requiring re-enrollment. This issue was observed with regularly used clients.

Release: 1.76.2

Deployment date: December 06, 2023

The ScaleFT.exe file displayed an incorrect product version.

Release: 1.76.0

Deployment date: November 29, 2023

When the macOS client updates the state.json file, it encrypts tokens with a key stored in the user's Keychain.

Release: 1.74.4

Deployment date: September 20, 2023

Enhancements

The mechanism used to sign macOS packages has been updated.

Release: 1.74.0

Deployment date: September 07, 2023

Enhancements

This release has updates for the Okta Privileged Access client. See Okta Privileged Access release notes.

Release: 1.73.2

Deployment date: August 16, 2023

Fixes

A warning message was displayed when users tried to sign in to Advanced Server Access client version 1.72.1.

Release: 1.72.1

Deployment date: June 28, 2023

Enhancements

  • MacFreeRDP client version 2.10.0 is now available. See RDP setup.
  • sft list-teams command is now available as an alias for sft list-accounts command. See Use the Advanced Server Access client.
  • A warning message is displayed when users try to sign in to an Advanced Server Access client that uses a deprecated ssh-rsa algorithm in its configuration.

Fixes

  • sft enroll --force command didn't work as expected and displayed an error message if the same team, user, and URL entry existed.

Release: 1.71.0

Deployment date: June 07, 2023

Enhancement

  • The Advanced Server Access client now sends additional metadata when sending requests to the Advanced Server Access platform.

Fixes

  • Sharing content with Windows server using MacFreeRDP on MacOS failed with the sft rdp --share option.

Release: 1.70.1

Deployment date: May 31, 2023

Fixes

  • Removed product name references from Mac and Windows GUIs.

Release: 1.69.2

Deployment date: May 24, 2023

No changes.

Release: 1.69.1

Deployment date: May 17, 2023

Enhancements

  • New MacFreeRDP package.

  • Windows client contains a new version of OpenSSH.

  • Updated RPM digests to improve FIPS compliance.

Fixes

  • When a user tried to sign in and approve a client enrollment that was silently enrolled, an error page appeared.

Release: 1.68.10

Deployment date: May 03, 2023

Fixes

  • Fixed registration of URL handler when using the system-wide installation option.

Release: 1.68.9

Deployment date: April 13, 2023

Fixes

  • Restored ssh access to unmanaged servers.

Release: 1.68.6

Deployment date: March 29, 2023

Enhancements

  • The Advanced Server Access client now supports the following operating systems:
    • SuSE 12 and 15
    • Red Hat Enterprise Linux 9

Release: 1.68.4

Deployment date: March 22, 2023

Fixes

sft enroll didn't print the URL in non-graphical Linux situations.

Release: 1.68.3

Deployment date: March 15, 2023

Fixes

Restored ssh access to unmanaged servers.

Release: 1.68.2

Deployment date: March 02, 2023

Fixes

  • Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the 3rd party library web browser. For more information, see the Okta security advisory for CVE-2023-0093.

Release: 1.68.1

Deployment date: February 22, 2023

Enhancements

  • Linux, FreeBSD: 1.67.4 is the final release available for Linux and FreeBSD users without updating their apt/yum configuration. Once updated, 1.68.1 will be available which is the same, but signed by fresh GPG keys. All future Linux and FreeBSD releases will be at the new location.

  • Windows + macOS: Windows and macOS users will be prompted to install 1.67.4. Once installed it will request to be updated again to 1.68.1 which uses new signing keys and a new repository location.

Release: 1.67.4

Deployment date: February 22, 2023

Enhancements

  • Improved error handling in sft.
  • Duplicate <team-user-url> entries are now disallowed in state.json file.
  • Better error handing for enrollment.
  • state.json file auto-migrates to encrypted when switching keyring mode during login.
  • Changed ScaleFT to Okta certs to build the ScaleFT client app for macOS.
  • Introduced new release packaging system, new GPG key, and support for new DULL key.
  • Updated the macOS software update framework.

Fixes

  • Fixed bug in sft auto-complete command on macOS.

Release: 1.65.0

Deployment date: December 06, 2022

Enhancements

  • Updated ASA Client default RDP screen size to 1024x768
  • Updated Windows .NET framework
  • Updated MacOS dependencies
  • Updated various third-party dependencies

Fixes

  • Ignore ext-info-s to handle buggy sshd
  • Return the only User Access Method directly without interactive operation

Notice

Beginning in December 2022, Advanced Server Access Client will remove support for the following end-of-life operating systems:

  • Debian 9
  • Fedora 33
  • Fedora 34
  • macOS 10.12
  • macOS 10.13
  • macOS 10.14
  • Windows 8

Teams using these operating systems should upgrade before this time. See Supported operating systems.

Release: 1.64.3

Deployment date: November 10, 2022

Due to ssh-rsa issues in release 1.64.1, we are re-releasing release 1.62.3 as release 1.64.3.

Advanced Server Access Client now supports Ubuntu 22.04.

For a list of supported options, see Supported operating systems.

Fixes

Advanced Server Access Team enrollment through macOS client GUI returned an error.

Notice

Beginning in December 2022, Advanced Server Access Client will remove support for the following end-of-life operating systems:

  • Debian 9
  • Fedora 33
  • Fedora 34
  • macOS 10.12
  • macOS 10.13
  • macOS 10.14
  • Windows 8

Teams using these operating systems should upgrade before this time. See Supported operating systems.

Release: 1.64.1

This release has been replaced by release 1.62.3.

Release: 1.62.3

Deployment date: August 24, 2022

Advanced Server Access Client now supports Ubuntu 22.04.

For a list of supported options, see Supported operating systems.

Fixes

Advanced Server Access Team enrollment through macOS client GUI returned an error.

Notice

Beginning in December 2022, Advanced Server Access Client will remove support for the following end-of-life operating systems:

  • Debian 9
  • Fedora 33
  • Fedora 34
  • macOS 10.12
  • macOS 10.13
  • macOS 10.14
  • Windows 8

Teams using these operating systems should upgrade before this time. See Supported operating systems.

Release: 1.61.0

Deployment date: June 15, 2022

Advanced Server Access no longer supports the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

For a list of supported options, see Supported operating systems.

Enhancements

  • The Advanced Server Access client can autocomplete commands in bash and zsh.

Release: 1.60.0

Deployment date: May 04, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.

Enhancements

  • The sft ssh command can include the SFT_ALLOW_INSECURE_USERNAMES=1 enviroment variable to temporarily allow ssh connections with usernames that include non-standard characters. See Use the Advanced Server Access client.
  • The client now supports the Diffie Hellman Group Exchange SHA256 Kex Algorithm.
  • Several changes were made to AD-Joined. See AD-Joined.
    • When a user with multiple AD accounts connects to an discovered AD device, they can choose which account to use.
    • Users can connect to AD devices without entering a password. See Passwordless certificates.
    • Users can connect to AD devices from the GUI on both macOS and Windows.
  • Users can configure the client.timeout_seconds option to define a maximum time to wait for a response from servers. See Configure the client.
  • Unenrolled clients now return more detailed error messages.

Fixes

  • Specifying a username with SSH connections returned an error.
  • The link to the Advanced Server Access documentation was incorrect on the macOS client.
  • Clients didn't retry connections for certain operations if the team had already exceeded the Advanced Server Access API rate or concurrency limits.
  • The SFT_Hook_Events environment variable for lifecycle hooks was unavailable for scripts.

Release: 1.58.0

Deployment date: March 21, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.

Fixes

  • The Advanced Server Access client on macOS and Linux platforms was found to be vulnerable to command injection via specially crafted URLs.
    This is a High severity issue and Okta strongly recommends updating the Advanced Server Access client to version 1.58.0. For more information, see the Okta security advisory for CVE-2022-1030.

Release: 1.57.0

Deployment date: February 17, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.

Fixes

  • The Advanced Server Access client on Windows was found to be vulnerable to command injection via specially crafted URLs.
    This is a High severity issue and Okta strongly recommends updating the Advanced Server Access client to version 1.57.0. For more information, see the Okta security advisory for CVE-2022-24295.

  • The sft config edit command was unable to modify the ssh.allow_rsa_sha1_keys option.

Release: 1.56.1

Deployment date: January 10, 2022

Enhancements

  • The Advanced Server Access client now supports Windows 11.

Fixes

  • Using a single client instance for multiple ASA user accounts on the same team sometimes caused an error.

Release: 1.55.1

Deployment date: November 10, 2021

Enhancements

  • Clients can use legacy RSA/SHA1 host key algorithms with the ssh.allow_rsa_sha1_keys option.

Release: 1.54.1

Deployment date: August 4, 2021

Advanced Server Access now has its own dedicated help site: Advanced Server Access.

This enhancement offers direct access to independent online help for Advanced Server Access from help.okta.com.

The new site provides several benefits:

  • Compactly designed, product-centric content

  • Streamlined navigation

  • More efficient content updates and responsiveness to customer feedback

Release: 1.54.0

Deployment date: June 30, 2021

Starting September 2021, Advanced Server Access will no longer support the following operating systems:

  • CentOS 6

  • FreeBSD 10

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before September 2021. See Supported operating systems.

Fixes

  • RoyalTSX server lists were incorrectly formatted.

  • The Advanced Server Access client installer incorrectly required Rosetta to be installed on Apple M1 Macs.


Release: 1.53.2

Deployment date: June 1, 2021

Enhancements

  • The sft list-servers command now supports outputting server labels for teams that have PolicySync enabled.


Release: 1.52.2

Deployment date: April 29, 2021

Enhancements

  • The Advanced Server Access client is now natively supported on the M1 platform.


Release: 1.51.3

Deployment date: March 23, 2021

Fixes

  • Clients ignored the LogLevel option when printing server banners.

Release: 1.51.1

Deployment date: February 16, 2021

Features and enhancements

  • Use sft config edit to edit the Advanced Server Access client configuration file with your system's default editor.
  • The client now retries rate limited SSH authentication requests for up to five minutes before failing.

Release: 1.50.1

Deployment date: November 16, 2020

Features and enhancements

  • Reducing the frequency that the host key cache is cleared improved parallel client performance.

Early Access Features

  • Shared primary user group identifiers (GIDs) are now supported.

Fixes

  • Enabling Client Trust Forwarding broke agent forwarding during non-interactive sessions.

Release: 1.45.4

Deployment date: July 10, 2020

Fixes

  • When using client trust forwarding, a panic could occur, causing the client to crash. (OKTA-312023)

Release: 1.45.3

Deployment date: June 16, 2020

Fixes

  • When used on a client not enrolled in any teams, the output from the 'sft resolve -q' command wasn't quiet.
  • When running numerous 'sft' commands in parallel, it was possible to corrupt the internal 'known_hosts' file, which led to subsequent connection errors. (OKTA-292731)
  • The SecureCRT ssh client couldn't connect to servers when using the 'ProxyCommand' option. (OKTA-259170)

Release: 1.44.2

Deployment date: March 24, 2020

Features and enhancements

  • The macOS client now supports Royal TSX for RDP.
  • The title bar of the Windows RDP client now displays the destination hostname.
  • ssh_config now supports true and false for Boolean SSH configurations, in addition to yes and no.

Fixes

  • The macOS client had a pathing issue in sft list-servers-rjson
  • When multiple login attempts were made concurrently from the command line, the system didn't wait for the first to complete.

Advanced Server Access server agent

Release: 1.76.3

Deployment date: December 20, 2023

No updates.

Release: 1.76.2

Deployment date: December 06, 2023

No updates.

Release: 1.76.0

Deployment date: November 29, 2023

This release has updates for Okta Privileged Access. See Okta Privileged Access release notes.


Release: 1.74.4

Deployment date: September 20, 2023

No changes.

Release: 1.74.0

Deployment date: September 07, 2023

No changes.

Release: 1.73.2

Deployment date: August 16, 2023

No changes.


Release: 1.73.1

Deployment date: July 19, 2023

No changes.

Release: 1.72.1

Deployment date: June 28, 2023

No changes.

Release: 1.71.0

Deployment date: June 07, 2023

No changes

Release: 1.70.1

Deployment date: May 31, 2023

Fixes

  • Removed product name references from Mac and Windows GUIs.

Release: 1.69.2

Deployment date: May 24, 2023

No changes.

Release: 1.69.1

Deployment date: May 17, 2023

Enhancements

  • Updated RPM digests to improve FIPS compliance.

Release: 1.68.10

Deployment date: May 03, 2023

No changes.

Release: 1.68.9

Deployment date: April 13, 2023

No changes.

Release: 1.68.6

Deployment date: March 29, 2023

Enhancements

  • The Advanced Server Access server agent now supports the following operating systems:
    • SuSE 12 and 15
    • Red Hat Enterprise Linux 9

Release: 1.68.4

Deployment date: March 22, 2023

No changes

Release: 1.68.3

Deployment date: March 15, 2023

No changes

Release: 1.68.2

Deployment date: March 02, 2023

No changes

Release: 1.68.1

Deployment date: February 22, 2023

Enhancements

  • Linux, FreeBSD: 1.67.4 is the final release available for Linux and FreeBSD users without updating their apt/yum configuration. Once updated, 1.68.1 will be available which is the same, but signed by fresh GPG keys. All future Linux and FreeBSD releases will be at the new location.

  • Windows + macOS: Windows and macOS users will be prompted to install 1.67.4. Once installed it will request to be updated again to 1.68.1 which uses new signing keys and a new repository location.

Release: 1.67.4

Deployment date: February 22, 2023

Enhancements

Introduced new release packaging system, new GPG key, and support for new DULL key.

Fixes

Fixed a bug that could prevent on-demand users from signing in.

Release: 1.65.0

Deployment date: December 06, 2022

Enhancements

Added support for FreeBSD 13

Fixes

Group membership reassignment

Notice

Beginning in December 2022, Advanced Server Access Agent will remove support for the following end-of-life operating systems:

  • Amazon Linux
  • CentOS 7 and 8
  • Debian 9
  • FreeBSD 11

Teams using these operating systems should upgrade before this time. See Supported operating systems.

Release: 1.64.3

Deployment date: November 10, 2022

Due to ssh-rsa issues in release 1.64.1, we are re-releasing release 1.62.3 as release 1.64.3.

Advanced Server Access Agent now supports Ubuntu 22.04.

For a list of supported options, see Supported operating systems.

Notice

Beginning in December 2022, Advanced Server Access Agent will remove support for the following end-of-life operating systems:

  • Amazon Linux
  • CentOS 7 and 8
  • Debian 9
  • FreeBSD 11

Teams using these operating systems should upgrade before this time. See Supported operating systems.

Release: 1.64.1

This release has been replaced by release 1.62.3.

Release: 1.62.3

Deployment date: August 24, 2022

Advanced Server Access Agent now supports Ubuntu 22.04.

For a list of supported options, see Supported operating systems.

Notice

Beginning in December 2022, Advanced Server Access Agent will remove support for the following end-of-life operating systems:

  • Amazon Linux
  • CentOS 7 and 8
  • Debian 9
  • FreeBSD 11

Teams using these operating systems should upgrade before this time. See Supported operating systems.

Release: 1.61.0

Deployment date: June 15, 2022

Advanced Server Access no longer supports the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

For a list of supported options, see Supported operating systems.

Fixes

  • The server agent sometimes encountered a crash loop due to improper data structures resulting from group goal generation.
  • The server agent didn't correctly remove the associated user profile or home directory after on-demand user accounts expired.
    Important: Home directories and their contents are now completely removed when the user account expires. See On-demand users.
  • AWS IMDSv2 is now used by default. IMDSv1 is no longer used.

Release: 1.60.0

Deployment date: May 04, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.

Release: 1.58.0

Deployment date: March 21, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.

Release: 1.57.0

Deployment date: February 17, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.

Release: 1.56.1

Deployment date: January 10, 2022

Enhancements

  • The Advanced Server Access server agent now supports Alma Linux and ARM-based Ubuntu servers.

Fixes

  • Some sshd configurations encountered issues related to Match statements.

Release: 1.55.1

Deployment date: November 10, 2021

This release is part of our scheduled release cycle and includes no user-facing changes.

Release: 1.54.0

Deployment date: June 30, 2021

Starting September 2021, Advanced Server Access will no longer support the following operating systems:

  • CentOS 6

  • FreeBSD 10

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before September 2021. See Supported operating systems.

Fixes

  • Whitespace and comments were not ignored when searching for host keys in sshd configuration files.


Release: 1.53.2

Deployment date: June 1, 2021

Enhancements

Fixes

  • On Windows, logs were not being stored properly.


Release: 1.52.2

Deployment date: April 29, 2021

Enhancements

  • The Advanced Server Access server agent is now available for ARM64 architectures.

Early Access Features

  • PolicySync Attribute-Based Access Controls (ABAC) is now supported. This allows server access to be determined by labels assigned to individual servers.


Release: 1.51.3

Deployment date: March 23, 2021

Enhancements

  • The server agent now validates changes to the sshd_config file. This prevents a malformed configuration file from disrupting connectivity.
  • The server agent now creates a backup of the sshd_config file before making changes to it. This ensures that a working configuration can be restored in the event of an invalid configuration file.
  • The default thread count for machines with a large number of processors has been reduced. This improves individual processor performance.

Fixes

  • When on-demand users attempted to connect to a Windows server using RDP, their initial attempt would sometimes fail.

Release: 1.51.1

Deployment date: February 16, 2021

Features and enhancements

Client tools:

  • Use sft config edit to edit the Advanced Server Access client configuration file with your system's default editor.
  • The client now retries rate limited SSH authentication requests for up to five minutes before failing.

Gateways:

  • Gateways now include a sample config file.
  • Gateways now support agent forwarding.

Fixes

Server tools:

  • When servers running Red Hat Enterprise Linux were upgraded, sometimes their server entries in Advanced Server Access were duplicated.
  • When admins enabled or disabled Forward Client Trust for a project, it sometimes resulted in an invalid sshd configuration. (Early Access)

Release: 1.50.4

Deployment date: December 17, 2020

Fixes

  • Attempting to apply a Unix user ID (UID) change and a user deletion operation to the same user simultaneously sometimes caused the agent to crash.

Release: 1.50.3

Deployment date: November 17, 2020

Fixes

  • Users who were members of non-existent local Unix groups sometimes caused the agent to crash.
  • When the agent was freshly installed on Windows, the Remote Desktop Protocol (RDP) broker failed to start.

Release: 1.45.3

Deployment date: June 16, 2020

Fixes

  • Remote desktop protocol sessions weren't closed when a user was deactivated or deleted. (OKTA-294736)

Release: 1.44.6

Deployment date: April 20, 2020

Fixes

  • The Linux agent had an issue where some user group memberships were not correctly added.

Release: 1.44.4

Deployment date: April 15, 2020

Features and enhancements


Release: 1.44.2

Deployment date: March 24, 2020

Features and enhancements

  • The unix client can update customer user attributes, including shell, home directory, and account comment.
  • The RSA certificate ID part of SSH logs is now parsed.

Fixes

  • When sudo entitlements were renamed on unix, there was an issue.
  • Improved error handling when loading TLS certificates.
  • File permissions on sshd_config were sometimes altered when changing the file.

Release: 1.41.0

Deployment date: November 13, 2019

Features and enhancements

  • Reduced event hook logging.

Fixes

  • When migrating a server to a different project, there were sometimes user sync issues.


Advanced Server Access gateways

Release: 1.76.3

Deployment date: December 20, 2023

No updates.

Release: 1.76.2

Deployment date: December 06, 2023

No updates.

Release: 1.76.0

Deployment date: November 29, 2023

This release has updates for Okta Privileged Access. See Okta Privileged Access release notes.

Release: 1.74.4

Deployment date: September 20, 2023

Enhancements

No changes.

Release: 1.74.0

Deployment date: September 07, 2023

Enhancements

No changes.

Release: 1.73.2

Deployment date: August 16, 2023

Enhancements

  • sft session-logs export --h command now displays information about .mkv videos for RDP session recordings.

Fixes

  • The user sync job failed if an Active Directory (AD) connection was created with a non-existing AD domain.
  • During Advanced Server Access gateway startup, missing state directory led to incorrect ownership of properties.

Release: 1.73.1

Deployment date: July 19, 2023

No changes.

Release: 1.72.1

Deployment date: June 28, 2023

No changes.

Release: 1.71.0

Deployment date: June 07, 2023

Fixes

  • RDP session recording videos were unplayable due to low frame rates.

Release: 1.70.1

Deployment date: May 31, 2023

Fixes

  • Removed product name references from Mac and Windows GUIs.

Release: 1.69.2

Deployment date: May 24, 2023

No changes.

Release: 1.69.1

Deployment date: May 17, 2023

Enhancements

  • Added an SELinux policy for gateway packages.
  • Updated RPM digests to improve FIPS compliance.

Release: 1.68.10

Deployment date: May 03, 2023

No changes.

Release: 1.68.9

Deployment date: April 13, 2023

No changes.

Release: 1.68.6

Deployment date: March 29, 2023

Enhancements

  • The Advanced Server Access gateway now supports Red Hat Enterprise Linux 9.

Release: 1.68.4

Deployment date: March 22, 2023

No changes

Release: 1.68.3

Deployment date: March 15, 2023

No changes

Release: 1.68.2

Deployment date: March 02, 2023

No changes

Release: 1.68.1

Deployment date: February 22, 2023

Enhancements

  • Linux, FreeBSD: 1.67.4 is the final release available for Linux and FreeBSD users without updating their apt/yum configuration. Once updated, 1.68.1 will be available which is the same, but signed by fresh GPG keys. All future Linux and FreeBSD releases will be at the new location.

  • Windows + macOS: Windows and macOS users will be prompted to install 1.67.4. Once installed it will request to be updated again to 1.68.1 which uses new signing keys and a new repository location.

Release: 1.67.4

Deployment date: February 22, 2023

Enhancements

  • Introduced RDP session recording and RDP Session Transcoder.
  • Added support for configuring session recording file names.
  • Updates AWS S3 log destination block instructions to use Amazon EC2 instance IAM Roles.
  • Introduced new release packaging system, new GPG key, and support for new DULL key.

Release: 1.65.0

Deployment date: December 06, 2022

Enhancements

Added support for LDAPS AD Discovery Job

Notice

Beginning in December 2022, Advanced Server Access Gateway will remove support for the following end-of-life operating systems:

  • Amazon Linux
  • CentOS 7 and 8
  • Debian 9
  • FreeBSD 11

Teams using these operating systems should upgrade before this time. See Supported operating systems.

Release: 1.64.3

Deployment date: November 10, 2022

Due to ssh-rsa issues in release 1.64.1, we are re-releasing release 1.62.3 as release 1.64.3.

Enhancements

  • Advanced Server Access Gateway now supports Red Hat Enterprise Linux 8 for AD-joined and RDP connections routed through a Gateway.

  • Advanced Server Access Gateway now supports Ubuntu 22.04.

Notice

Beginning in December 2022, Advanced Server Access Gateway will remove support for the following end-of-life operating systems:

  • Amazon Linux
  • CentOS 7 and 8
  • Debian 9
  • FreeBSD 11

Teams using these operating systems should upgrade before this time. See Supported operating systems.

Release: 1.64.1

This release has been replaced by release 1.62.3.

Release: 1.62.3

Deployment date: August 24, 2022

Enhancements

  • Advanced Server Access Gateway now supports Red Hat Enterprise Linux 8 for AD-joined and RDP connections routed through a Gateway.

  • Advanced Server Access Gateway now supports Ubuntu 22.04.

Notice

Beginning in December 2022, Advanced Server Access Gateway will remove support for the following end-of-life operating systems:

  • Amazon Linux
  • CentOS 7 and 8
  • Debian 9
  • FreeBSD 11

Teams using these operating systems should upgrade before this time. See Supported operating systems.

Release: 1.61.0

Deployment date: June 15, 2022

Advanced Server Access no longer supports the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

For a list of supported options, see Supported operating systems.

Release: 1.60.0

Deployment date: May 04, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.

Release: 1.58.0

Deployment date: March 21, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.

Release: 1.57.0

Deployment date: February 17, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See Supported operating systems.

Fixes

  • Closing a client connection sometimes caused a gateway error

Release: 1.56.1

Deployment date: January 10, 2022

Enhancements

  • The Advanced Server Access gateway now supports Alma Linux and ARM-based Ubuntu servers.

Fixes

  • Bastions couldn't use an FQDN or load balancer as an AccessAddress.

Release: 1.55.1

Deployment date: November 10, 2021

Early Access Features

  • AD-Joined can automatically discover Active Directory (AD) servers.
  • AD-Joined allow Remote Desktop Protocol (RDP) proxy connections with AD credentials.

For details, see AD-Joined.

Enhancements

  • Restricted access to some Linux system capabilities using sft-gatewayd.service.
  • Gateways can refuse Secure Shell (SSH) and RDP connections with the RefuseConnections option.

Fixes

  • Sensitive data was being included in diagnostic support bundles.

Release: 1.54.1

Deployment date: August 4, 2021

Advanced Server Access now has its own dedicated help site: Advanced Server Access.

This enhancement offers direct access to independent online help for Advanced Server Access from help.okta.com.

The new site provides several benefits:

  • Compactly designed, product-centric content

  • Streamlined navigation

  • More efficient content updates and responsiveness to customer feedback

Fixes

  • Gateways didn't forward SSH login banners to clients.

Release: 1.54.0

Deployment date: June 30, 2021

Starting September 2021, Advanced Server Access will no longer support the following operating systems:

  • CentOS 6

  • FreeBSD 10

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before September 2021. See Supported operating systems.

Enhancements

  • SSH session log file entries no longer include duplicate connection IDs.


Release: 1.52.2

Deployment date: April 29, 2021

Enhancements

  • Gateways now report the number of active connections. This allows admins to view a gateway's current connection load.
  • The log integrity validation algorithm for SSH session logs has been improved. This helps to ensure the authenticity of SSH session logs.

  • A gateway will no longer start if the temporary directory for its log storage is not on a valid device. This allows an invalid log directory to be detected at start up rather than during runtime.

  • The temporary directory for gateway log storage can now be specified by the SessionLogTempStorageDirectory configuration option. This allows the temporary directory to be configured and for the temporary directory and storage directory to be on different volumes.

Fixes

  • SSH session metadata was incorrectly logged.


Release: 1.51.3

Deployment date: March 23, 2021

Enhancements

  • Gateways now report the local disk storage in use or zero when using external storage. This change allows admins to determine whether gateway files are stored locally or externally, and how much storage is in use.

Release: 1.51.1

Deployment date: February 16, 2021

Features and enhancements

  • Gateways now include a sample config file.
  • Gateways now support agent forwarding.

Release: 1.49.2

Deployment date: November 9, 2020

Early Access Features

Gateways

You can now install and use Advanced Server Access gateways. See Install the Advanced Server Access gateway.

Session capture

You can now enable session capture on a project to log all session data on a gateway. See Enable session capture on a project.


Advanced Server Access platform

Release: 2023.11.1

Deployment date: November 29, 2023

This release has updates for Okta Privileged Access. See Okta Privileged Access release notes.

Release: 2023.06.2

Deployment date: June 28, 2023

Enhancements

The following features are now in GA:

Past releases

Release: 2023.04.1

Deployment date: April 12, 2023

Enhancements

The ASA API documentation has a new look and feel. You can access the documentation through the Okta API reference portal.

Release: 2023.02.2

Deployment date: February 22, 2023

Fixes

Fixed an issue preventing the ssh_login event from being populated in the Okta System Log.

Release: 2023.02.0

Deployment date: February 08, 2023

Feature

Advanced Server Access audit events integration with Okta System Log feature is available as an Early Access feature to Advanced Server Access customers. To enable it, contact Okta Support.

Release: 2023.01.0

Deployment date: January 11, 2023

Feature

The PolicySync feature is now generally available to all Advanced Server Access customers. The feature is being gradually enabled on all Advanced Server Access teams starting in January 2023.

Release: 2022.09.00

Deployment date: August 31, 2022

Enhancement

  • Teams can no longer assign the Billing role to groups. See Team roles.

Release: 2022.08.03

Deployment date: August 24, 2022

Feature

Release: 2022.06.01

Deployment date: June 15, 2022

Feature

  • Teams can assign the ECDSA-521, ECDSA-384, and ECDSA-256 certificate signing algorithms to new and existing projects. Users must upgrade the ASA client to version 1.61.0 or later to connect to these projects. See Create a project.

Release: 2022.05.01

Deployment date: May 11, 2022

Feature

  • The AD-Joined feature provides Remote Desktop Protocol (RDP) access to Active Directory (AD) resources using existing AD accounts. This feature allows teams to better integrate their AD domain with Advanced Server Access. See AD-Joined.

Release: 2022.04.02

Deployment date: April 13, 2022

Feature

  • The Certificate Signing Algorithm setting allows projects to use the more secure ssh-ed25519 algorithm in server authentication certificates. New projects use the ssh-ed25519 algorithm by default, but teams can still use the legacy ssh-rsa algorithm to provide support for older operating systems. See Create a project.

Release: 2022.03.2

Deployment date: March 16, 2022

Enhancements

  • This release removes the legacy Billing Contact tab from the Advanced Server Access settings page.

Release: 2022.03.1

Deployment date: March 9, 2022

Fixes

  • When a user account was deleted from Advanced Server Access, the account was not promptly removed from local servers.

Release: 2022.03.0

Deployment date: March 2, 2022

Fixes

  • Delays occurred when a local Linux or Windows user was deleted after they were deleted in Advanced Server Access.

Release: 2021.11.12

Deployment date: November 12, 2021

Enhancements

  • Rate limits are applied using an updated measurement method.
  • API responses send an X-RateLimit-Retry-At header after exceeding the rate limit.

See Rate Limting.