Advanced Server Access release notes

Device Tools

Platform

Device Tools

The binaries for device tools are compatible with both Okta Privileged Access and Advanced Server Access.

See the Okta Support website for the list of supported operating systems with End of Life (EOL) dates.

Current release

Release: 1.99.7

Deployment date: January 21, 2026

Release summary

Client

  • When a user initiated a Remote Desktop Protocol (RDP) session from the web interface, the session sometimes failed to use the correct team context if the client was already authenticated to a different team.

  • RSA keys created for proxy commands now use a larger key size to improve security.

  • After upgrading the Advanced Server Access client to version 1.95.0 or higher on Windows, the scp command failed to work as expected.

Previous releases

Release: 1.99.5

Deployment date: December 16, 2025

Release summary

Client

  • Advanced Server Access now supports Linux systems with shared home directories. Admins can now configure the Advanced Server Access server agent to bypass provisioning the authorized principals file to a user's home directory, which eliminates log pollution issues on systems using Network File System (NFS).

Release: 1.99.3

Deployment date: December 03, 2025

Release summary

Client

  • When enrolling a Microsoft Windows 11 client, the enrollment approval page incorrectly displayed the operating system as Microsoft Windows 10.

  • Advanced Server Access client versions 1.93.0 and 1.94.0 failed to fall back to locally supported authentication methods when an admin attempted to connect to an unmanaged server using the --via flag.

  • You can now use the --account flag to connect to your server account for SSH or RDP access.

Release: 1.98.1

Deployment date: October 08, 2025

Release summary

This release has updates for only Okta Privileged Access access. See Okta Privileged Access release notes.

Release: 1.97.1

Deployment date: September 18, 2025

Release summary

Client

  • The sft list-accounts command, which was previously deprecated, has now been officially removed. Use the sft list-teams command instead.

  • The SFT client now adds the server name to the username when connecting through RDP using the Windows and FreeRDP clients.
Gateway

  • A bug in Windows 10 and Windows 11 was sending the wrong channel ID to Windows Server 2025. This prevented RDP through the gateway from working.

  • When you connect from a Windows 11 version 24H2 client to a Windows Server 2016, the connection may fail if a gateway is used. If a gateway isn't used, the RDP session may disconnect and reconnect several times before stabilizing.

Client

Server Agent

  • Digital signature verification has been added for all DLLs loaded from outside the trusted system paths.

Release: 1.95.0

Deployment date: August 27, 2025

Release summary

Client

  • When connecting from a Windows 11, version 24H2 to a Windows Server 2016, the RDP session may be immediately terminated or return an error. This is a known issue affecting RDP sessions.

  • Connection from a Windows 11, version 24H2 to a Windows Server 2025 server through Advanced Server Access gateway is terminated immediately after being established. This is a known issue affecting RDP sessions.
Gateway

  • Local account discovery, synchronization, and group membership management are now disabled for hosts that are Windows Domain Controllers.

Release: 1.94.1

Deployment date: August 21, 2025

Release summary

Client

Server agent

  • A backwards compatibility issue existed between the Advanced Server Access client and server agent with version 1.94.0, which exclusively impacted client trust forwarding.

Release: 1.94.0

Deployment date: August 13, 2025

Release summary

Client

  • The --account flag has been deprecated and is now replaced by the --team flag.

  • The Advanced Server Access client now supports RDP connections to Active Directory (AD) accounts on Windows AD servers managed by the Advanced Server Access server agent.

  • All versions of the Advanced Server Access client older than version 1.66.4 are no longer available for download.

  • The sft winscp command now supports selecting user access methods (UAMs) for Advanced Server Access servers. This command disconnects and automatically reconnects every 30 seconds.

Release: 1.93.0

Deployment date: August 07, 2025

Release summary

Client

  • macOS 15 is now supported in Advanced Server Access client and MacFreeRDP client.

  • Windows 10 (22H2) and Windows 11 (22H2, 23H2, and 24H2) are now supported in Advanced Server Access client.

  • The ssh config command didn't work correctly on Windows when paths contained spaces.

  • A vulnerability was resolved where it was possible for an external actor to inject false successful login events into the System Log without actually authenticating to a server.

  • The sft putty command now supports selecting user access methods (UAMs) for Advanced Server Access servers.

  • Enhanced security for transferring RDP credentials from the Advanced Server Access client to MacFreeRDP

  • The sft command no longer adds the server name to the username when connecting through RDP with Windows and FreeRDP clients.
Gateway

  • The SSH logs are now included in the Linux gateway server support bundle.

Release: 1.92.0

Deployment date: July 09, 2025

Release summary

Client

  • The ScaleFT CLI now only accepts HTTPS URLs.

Server Agent

  • The timeout setting for SSH connections has been updated to address stale logins.

Clients

Server Agent

  • Windows Server 2025 is now supported in Okta Privileged Access.
Okta Privileged Access

  • Okta Privileged Access package versions on dist.scaleft.com/repos are now sorted by name and file version, with directories grouped.

Release: 1.91.0

Deployment date: June 25, 2025

Release summary

Client

  • When enrolling a client, the hostnames in the URLs now match the hostnames in the enrollment request.

Gateway

Server Agent

  • The support command didn't capture the sshd_config.d and ssh_config.d file logs.

Release: 1.90.0

Deployment date: May 29, 2025

Release summary

Client

  • Support for using ssh.save_privatekey_passwords with the compat keyring on the Mac client is no longer supported.

  • Default keyring used to protect SFT state.json has been changed from compat to the system keyring.

Release: 1.89.1

Deployment date: April 23, 2025

Release summary

Client

  • Updated MacFreeRDP to upstream FreeRDP version 3.14.1.

  • When the command sft fleet enroll --token-file <tokenfile> was run multiple times on the same client for the same team, the first attempt succeeded, but subsequent attempts resulted in an error.

Release: 1.88.0

Deployment date: February 19, 2025

Release summary

Client

  • Users can now set a timeout for how long the system waits for confirmation of a failed connection before terminating the process. This timeout activates when an SSH connection is initiated.
Gateway

  • Removed the unsupported Advanced Server Access gateway for Windows OS.

Server agent

Gateway

  • The SFT support bundles now include /etc/sudoers and /etc/sudoers.d/* files.

Client

Server Agent

  • Wscapi.dll files now load from the system directory with a valid signature.

Platform

Current release

Release: 2024.02.0

Deployment date: February 07, 2024

Release summary

Platform

You can now enable IP-session binding for web and client sessions within a team. If an IP change is detected, the client or web session is revoked.

Previous releases

Release: 2023.06.2

Deployment date: June 28, 2023

Release summary

Enhancements

The following features are now in GA:

Release notes retention policy

Okta maintains release notes online for a period of 12 months following a release.

Contact Okta Support to request archived documentation for releases outside this window.