Okta Classic Engine release notes (2017)

2017 Production Releases

2017.51 and 2017.52 began deployment on January 8.

Okta Verify for Android 3.6.0 is now available as an APK file

Okta Verify for Android 3.6.0 is now available as an APK file on the Downloads page (Settings > Downloads). This release is also available in the Google Play Store. In addition to the availability as an APK file, it contains support for TLS 1.1 and bug fixes. For more information on APK files, see Distributing Okta Android Apps in China.

System Log CSV file limit increased

The size limit on the CSV download of the System Log is increased from 100K to 200K.

Token preview for OpenID Connect ID tokens

Configuring an application or integration to use OpenID Connect ID tokens or Oauth 2.0 access tokens with the Early Access API Management feature can take a lot of trial-and-error. Okta has made it easier to choose configuration settings and see the resulting tokens in the Token Preview tab of the Authorization Server page.

Add values on the left side to see how they would affect the token on the right. All the fields are selection boxes except User. For User, type in the first few letters to see a choice of user names.

You can try out different combinations of values, and see the resulting tokens (or error messages). Once you've got the right combination, it's easy to configure your authorization server and other components. For more information see Test Your Authorization Server Configuration.

Legacy events available in the System Log

The following legacy events are now available in the System Log:

  • app.auth.slo.with_reason
  • app.auth.slo.saml.malformed_request.invalid_type
  • app.keys.clone_legacy
  • app.keys.generate_legacy
  • app.keys.rotate_legacy

New button to copy credentials

When creating or editing an OpenID Connect app, there is a now button to copy the client credentials to the clipboard. For more information, see The OpenID Connect Wizard.

2017.50 began deployment on December 18.

Update: Profile Master and User Life Cycle Management enhancements

Profile Master and User Life Cycle Management enhancements are Generally Available for all EMEA Cell 1 and US Cell 5 organizations and all new production organizations. This feature is available as Early Access for all remaining organizations and will be Generally Available for all organizations in February 2018. For details see Profile Master and User Lifecycle Management.

Additional Integration types in the Okta Integration Network

The Okta Application Network (OAN) includes more than 5,000 pre-integrated business and consumer apps. As Okta expands our integrations beyond Single Sign-on and Provisioning we are adding new integration types to the catalog, now named the Okta Integration Network (OIN). While the new OIN still provides apps, it now includes advanced application integrations.

Authorization Server Claims options improved

When adding or editing a claim to an authorization server, the Include in Token Type options are updated. The new values are Always and Userinfo / id_token request. The default is Always for id tokens. For more information on these options, see Create Claims.

New Edge browser plugin, version 5.16.2

Version 5.16.2 is available from the Edge store. This version fixes the following issues:

  • After navigating to the login page and entering a username, the security image was not displayed
  • Per-app MFA did not work through the plugin. The system kept prompting for MFA.

For history, see Browser Plugin Version History.

New SharePoint People Picker agent, version 2.3.0.0

This update supports TLS version 1.2 encryption protocol to align with industry best practices and standards for security and data integrity.

For more information about the SharePoint People Picker, including requirements, see the Microsoft SharePoint On-Premises Deployment Guide. For history, see Sharepoint People Picker Agent Version History.

Password Sync Agent, new version 1.3.5

This Generally Available version of the Password Sync agent includes the following:

  • Updates the minimum supported TLS version to 1.2
  • Updates the minimum Windows Server version to Window Server 2008
  • Changes to the default settings

For history, see Password Sync Version History.

2017.49 began deployment on December 11.

Attribute mapping enhancements

Attribute mapping enhances the existing profile editor, by allowing you to manage individual attributes. You can use the attribute mapping screens exclusively or combined with the existing profile, as desired. This feature is now GA.

Attribute mapping contains the following enhancements:

  • Individual mapping
  • Support for enumerations
  • A sample value appears automatically
  • Warnings
  • The fields are sorted
  • A link to profile editor
  • A Force Sync button that applies the mappings
  • Delete and edit buttons for each attribute mapping

For detailed information, see Attribute Mapping.

Automatic email to locked accounts

You can automatically send your users an email if their account becomes locked due to too many failed sign-in attempts. You can insert a link in the email to let users unlock their account. This feature is now GA.

For details, see Configure lockout settings.

Updated provisioning endpoint for GoToMeeting

We have switched the provisioning endpoints for GoToMeeting in anticipation of their API changes scheduled for December 5, 2017.

Application pages UI changes

There are three new sub-menus on the Provisioning page for an application. After enabling provisioning, there are groupings for To App, To Okta, and API Integration, as shown below. Previously, these pages were combined on one page. For details, see Provisioning and Deprovisioning.

JIRA and Confluence SAML toolkits updated to version 3.0.6

This version supports the following:

  • Support for adding Remember me cookie during JIRA logins.
  • Fix for new sessions not being created for Jira and Confluence apps when an already logged in user re-authenticates with a new SAML assertion.
  • SP-initiated flows are disabled for Confluence users that are not present in Okta.

For version history, see Confluence Authenticator Toolkit Version History and JIRA Authenticator Toolkit Version History.

Del Auth enablement moved to the instance level for all orgs

Instance Level Del Auth moves Del Auth enablement from the org level (Security > Delegated Authentication) to the instance level (Directory > Directory Integrations). While preserving current Del Auth functionality, instance-level Del Auth is optimized for use in environments with multiple AD instances. It allows admins to delegate authentication on a per AD-instance level to support more granular authentication scenarios.

SuccessFactors as a Profile Master

SuccessFactors can now be used as a Profile Master. Additionally, there are multiple fixes including improved incremental import support and pulling value names instead of ids for attribute values.

Admin notification enhancement

Admins now only receive notifications about locked-out users who are in the group, or groups that the Admin manages.

LDAP agent, new version 5.4.2

LDAP agent version 5.4.2 is now available. This version provides:

  • Support for customers using Oracle Internet Directory
  • Bug fixes
  • Optimizations to:
    • Incremental imports
    • Agent installation
  • Updated LDAP Agent default settings.

For agent upgrades, your current state of enablement is preserved.

For the version history, see Okta Java LDAP Agent Version History.

Network Zone events tracked in the System Log

The System Log now tracks the following information for network zones:

  • IP addresses
  • IP ranges
  • Blacklist status

2017.46 and 2017.47 began deployment on November 27.

Email validation requirements changes

Primary and secondary email addresses can be the same email id for a user.

Email language support

Support for the Hungarian, Indonesian, Malaysian, Polish, Romanian, and Turkish languages for the email customization is now available to all customers in Beta format. For more information, see Configure the Display Language.

Okta Verify for Android 3.2.1 is now available as an APK file

Okta Verify for Android 3.2.1 is now available as an APK file on the Downloads page. For more information, see Distributing Okta Android Apps in China.

Active Directory, new agent version 3.4.9

  • Active Directory Agent, version 3.4.9 provides the following:
  • All the fixes and enhancements provided by Early Access (EA) versions from 3.4.4 to 3.4.8.
  • Updating the minimum Windows Server version to 2008.
  • Providing a fix for AD-mastered users that had issues signing in with passwords containing unicode characters.
  • Updated AD Agent default settings. For agent upgrades, your current state of enablement is preserved.

For details see, Okta Active Directory Agent version history.

Okta Verify passcode cannot be blank

Now an error message appears if you try to verify when the Okta Verify passcode field is empty.

Expanded rules information for API Access Management policies

Selecting the information icon or clicking the rule name in API Access Management polices displays the users and groups the rule applies to, as well as the scopes that are granted to those users and groups. For more information, see Create Access Policies. .

2017.45 began deployment on November 13

Okta Password Sync Agent supports TLS 1.2

The Okta Password Sync Agent supports Transport Layer Security (TLS) v1.2.

Okta Expression Language validation

Validation for the correct number of parameters is improved in functions in the Okta Expression Language.

OAuth 2.0 authentication for the DocuSign app

DocuSign app now uses OAuth 2.0 for authentication instead of username/password authentication performed via X-DocuSign-Authentication header.

Email template translation improvements

Updated translation in Push Verify Activation email templates.

System Log tracking for Device Trust for Windows

Certificate issuance, enrollment, and revocation events for Okta Device Trust for Windows are now written to the System Log.

System Log enhancement – token tracking

System logs now report the Subject in API Access Management and OpenID Connect access token and refresh token events in addition to clientId and orgId.

Network tab renamed

The Network tab is now the Networks tab.

Applications page enhancements

Users with numerous apps can find an app more easily with the new Search bar that accepts app names and app instances. You can also complete more tasks directly on the page, such as assigning users and groups. Additionally, you can copy embedded links straight to the clipboard from specific apps—no need to hunt through the app list to capture them. This feature is now GA. This feature is available in Production for new orgs only.

Group Push enhancements

Group Push now supports the ability to link to existing groups in Box, G Suite, Jive and Active Directory. You can centrally manage these apps in Okta. While this option is currently only available for the listed 4 apps, Okta will periodically add this functionality to more and more provisioning-enabled apps. This feature is now GA. This feature is available in production for new orgs only.

Private App Store

The Private App Store for Android (AfW) and iOS devices is now Generally Available. This feature allows admins to upload internally-developed native apps to Okta and distribute them to end users via Okta Mobility Management (OMM).

Profile Master and User Life Cycle Management enhancements

The flow of an end user's identity throughout the different stages of access is known as a user's lifecycle. This release contains several enhancements to define the options that manage this cycle clearly.

  • Simplified Import settings: Using a profile master necessitates a clear distinction between new and imported end users to prevent conflicts. Feedback from our users prompted improvements with matching rules, auto-confirmation and auto-activation settings.
  • New lifecycle settings: When an end user is deactivated in a profile mastered app, admins can now set whether they are deactivated, suspended, or remain an active user in Okta.

This feature is now GA. This feature is available in production for new orgs only.

SSO IWA Web App Agent update, version 1.11.1

This version includes internal updates and minor fixes. For agent version history, see SSO IWA Web App Version History.

Workday report pagination

You can now specify that Workday paginated reports can behave as non-paginated reports. This allows scheduled imports run faster and ensures that the report is only called for a single user during real time sync.

*Added after release.

2017.44 began deployment on November 6

Support for the Microsoft Edge browser plugin

The Microsoft Edge browser is supported by Okta with the Okta Secure Web Authentication Plug-in v5.16.0. The plugin is available on the end-user Dashboard and the Admin Downloads page. For version history, see Browser Plugin Version History.

Firefox plugin version 5.15.3 is Generally Available

Firefox plugin version 5.15.3 is now GA for all orgs.

This version provides support for the latest Firefox web extension framework. There is no UI impact for customers; however, they must have this version installed as of Firefox version 57 (released on November 14, 2017).

Note: When the Okta plugin version 5.15.3 is installed, Firefox version 53 or earlier does not support single sign-on to apps through Basic Authentication. If you have any questions or concerns following the upgrade, contact Okta Support. For version history, see Browser Plugin Version History.

System Log for Refresh Tokens

System Log entries related to refresh tokens in API Access Management and OpenID Connect now correctly log the clientIds and the number of tokens which were revoked.

New System Log tracking for Device Trust for Windows Device Authentication

Okta Device Trust for Windows authentication events are now written to the System Log.

Workplace by Facebook integration enhancement

The Workplace by Facebook integration is enabled for Universal Directory and is enhanced by additional properties in the User Profile. See Workplace by Facebook Provisioning Guide.

Email Template Enhancement

We have added the ${recoveryToken} variable to the Password Reset by Admin email template. See Customizing Email Templates for more information about email templates.

Group Push option to unlink a linked group is removed

The option to change a linked group in one operation is no longer available. You must first unlink the group and then recreate the link to a different group.

Support for Greek language

Support for the Greek language for the end user experience is now available to all customers in Beta format. You can select the default language preference for your entire org, and your end users can select a different language preference for their own experience. The end user's preference overrides the language set for the org. For more information, see Configure the Display Language.

Remove Group Push mappings

Admins can unlink a pushed group and remove any Group Push mappings that were created by Group Push rules. For more information, see Using Group Push.

Relinking to a group with Group Push

When using Group Push, you can relink to a group that you previously deleted with the leave the group in the target app option without reimporting the group from the target app.

System Log enhancements for workflow events

There are additional System Log descriptions for app approval workflow events. For a list of these events, see System Log Entries.

Atlassian SAML integration updated

We now allow admins to provide unique SP Entity ID and ACS URL values when configuring SAML for Atlassian Cloud (Atlassian Jira and Confluence). This is done in preparation for upcoming SAML related changes from Atlassian; for more details on the changes please refer to our Atlassian Cloud SAML Configuration Guide.

2017.42 began deployment on October 23

Password and MFA in one RADIUS request

You can now configure the RADIUS application to allow end users to submit a password and a second MFA factor, such as a security token, in a single request. The password and the second MFA factor are separated by a comma. For information on setting up and using this feature, see Advanced RADIUS Settings.

Improved strings in the Italian language

Several labels and messages localized in the Italian language have been improved.

System Log enhancements – group processing errors

Group processing errors are tracked in the System Log. If a group rule evaluation results in an exception for a user, it's tracked in the log.

2017.41 began deployment on October 16

SAML attribute maximum length

The maximum configured SAML attribute value is increased to 1024 characters.

Password complexity requirements listed

The password complexity requirements are more fully explained on the Sign In screen.

Password complexity option to exclude first and last names

Administrators can exclude first names, last names, or both as a password complexity requirement by checking options in the Password Settings section for a policy on the Authentication page. For more information, see Complexity Requirements.

API Access Management now generates System Log events

Legacy event types and log messages for authorization, token grants, authorization server lifecycle operations, scope, and claim operations are tracked in System Log v1. These events are already tracked in System Log v2.

2017.40 began deployment on October 9

Concurrent rate limits

In order to protect the service for all customers, Okta enforces concurrent rate limits starting with this release. Concurrent limits are distinct from the org-wide, per-minute API rate limits.

For concurrent rate limits, traffic is measured in three different areas. Counts in one area aren't included in counts for the other two:

  • For agent traffic, Okta measured each org's traffic and set the limit above the highest usage in the last four weeks.
  • For Office 365 traffic, the limit is 75 concurrent transactions per org.
  • For all other traffic including API requests, the limit is 75 concurrent transactions per org.

Okta has verified that these limits are sufficient based on current usage or grandfathered higher limits for those orgs that have historically exceeded this limit.

The first request to exceed the concurrent limit returns an HTTP 429 error, and the first error every 60 seconds is written to the log. Reporting concurrent rate limits once a minute keeps log volume manageable.

For details on the limits, see Concurrent Rate Limits. The Okta System Log includes entries for errors resulting from too many concurrent requests.

Length of subdomain names enforced

Okta enforces a maximum subdomain length of 57 characters when creating new Okta orgs.

Email template enhancements

To improve clarity, minor changes were made to the email that Okta automatically sends when end users sign into Okta from a new or unrecognized device.

System Log enhancements

Okta has made the following enhancements to the System Log:

  • Authentication failures are recorded when an app requires MFA and a user doesn't have any MFA factors set.
  • When an end user tries to access an app that has not been assigned to them, the System Log now records the app name as a target.

Combine values across groups

The union of group assignments allows you to take advantage of group prioritization and the attributes they contain. For end users belonging to multiple groups, their attributes can either be combined from string array values across groups, or set to honor the highest priority group. This feature is now Generally Available (GA). For more information, see Combine Values across Groups.

Ability to edit OpenID Connect scopes

OpenID Connect scopes are returned from requests to `/api/v1/authorizationServers/:authorizationServerID/scopes'. You can edit scope descriptions in the Okta user interface or via the API. For more information on scopes, see Create Scopes. For information on using the Okta API with an authorization server, see OAuth 2.0 API.

Reset passwords for AD-mastered users

Admins can reset passwords for AD-mastered users with the same easy process already in place for Okta-mastered users. For details, see Manage self-service password reset.

New Help Desk Administrator role

The new Help Desk Administrator role is now Generally Available. This role can perform common help desk actions. This role has a reduced set of permissions and promotes good security practices by not granting unnecessary permissions to help desk personnel.

Note that you cannot assign permissions to the Help Desk administrator role selectively. Instead, it has these fixed permissions:

  • Reset Password
  • Reset Multifactor Authentication
  • Unlock Account
  • Clear User Session

For more information, see Help Desk Administrator role.

Configure Advanced API Access for Office 365

You can now configure Advanced API Access for Office 365 instances by using the Sign On tab. This feature enables more robust provisioning functionality, and in the future will support new types of app integrations and functionality for Office 365.

2017.39 began deployment on October 2

System Log enhancements

  • To allow you to scan System Log events faster, the 20-character alphanumeric ID attribute for the actor and target fields of an event is no longer displayed. You can still access ID attributes by expanding individual events.
  • The checkOSXAccessEligibility event is no longer logged to the System Log.

2017.37 and 2017.38 combined release began deployment on September 25

Group Rules improvement

All group rules are processed for a user, even if one or more rules fail.

Support for the Turkish language

Support for the Turkish language for the end user experience is now available to all customers in Beta format. You can select the default language preference for your entire org, and your end users can select a different language preference for their own experience. The end user's preference overrides the language set for the org. For more information, see Configure the Display Language.

New link in Password Reset by Admin email

Until now, the reset password link in the Password Reset by Admin email redirected end users to the previous version (deprecated) of the Okta Sign In page. Now the link redirects end users to the current Okta Sign In screen if the template has not been customized. If the template was customized, you must update the link URL to ${resetPasswordLink} if you want to ensure that end users are redirected to the current Sign In page.

Note: A previous version of this announcement specified an incorrect link URL. The URL shown above is correct.

2017.36 began deployment on September 11

Link expiration in Okta email templates

The text in standard Okta email templates that specifies when links expire now displays in the language set by the end user's locale attribute. To change custom templates to match this behavior, see Functions. Also, for consistency, all standard templates use the same function for temporary links.

Okta People Picker for Sharepoint agent, version 2.2

Okta People Picker for Sharepoint agent version 2.2 is now available. This release includes the following:

  • Fixes an issue where users were unable to create a SharePoint site after People Picker for Sharepoint version 2.0 was installed.

  • Includes a PowerShell script to create the Sharepoint trusted token issuer in the downloadable Okta People Picker for Sharepoint packages.

  • Includes updated setup instructions for the SharePoint (On-Premise) application to indicate that the PowerShell script is now available inside the downloadable Sharepoint package.

For version history, see Sharepoint People Picker Agent history.

Extended Client Access policy capability for Microsoft Office 365

This feature is now Generally Available. Admins now have more options for specifying the mobile client types allowed to access Microsoft Office 365 Exchange ActiveSync from native applications.

For details, see Configuring Rules for Office 365 Client Access Policies.

Disable email-initiated account recovery

You can disable the use of email for initiating account recovery flows. At least one group password policy is required to make this specification.

Link to System Log from User Profile page

There is now a link from a User Profile page (Directory > People > <username>) that takes you directly to the System Log with a prepopulated search query for all events related to that user. :

WS-Federation username automatically populated with Okta username

When a user logs in from OWA or any Office 365 web app, they are redirected to Okta to login. The user does not have to type their username as it is now automatically populated with the Okta username resolved from Office 365. Note that the username is only populated after a user has successfully authenticated at least once on the device. This feature is now Generally Available.

Updated Okta Usage Report

We have improved the performance of our Okta Usage Report by removing the detailed Preview section of the UI. Simply enter your filter criteria, then click Download CSV to download your data and view the report. For details about Okta Reports, see Reports.

2017.34 and 2017.35 combined release began deployment on September 5

Work profile passcode policy for Android 7.0+ devices

If you have enabled Okta Mobility Management (OMM) enrollment through Android for Work, you can now configure a passcode policy for your Android 7.0+ end users' work profiles. You can set this policy in addition to or instead of a device passcode policy. This allows you to set a more secure policy for accessing work resources than for accessing personal apps and data.

System Log enhancements

  • We've consolidated and simplified the overall look and feel of the System Log.
  • System Log values are no longer truncated in the UI.
  • The Event Type field is no longer displayed on the main System Log page. Event Types are now visible by expanding an event.

For more details, see System Log.

Customized email for LDAP-mastered users

You can now customize the email that is sent when LDAP-mastered users attemt to reset a forgotten password and the request is denied. This customization has been available for Active Directory and Okta-mastered users. Additionally, the subject line is standardized for allowed and denied forgot password reset emails for both LDAP and Okta-mastered users. For more information, Email and SMS Options.

Set a regular expression in Template Plugin apps

You can now optionally define a regular expression when adding an Okta Template Plugin app. Regular expressions improve app security by creating a whitelist that matches patterns that you define. For more information, see Configuring Okta Template App and Plugin Template App.

More Del Auth System Log information

The System Log now includes information about the duration of each Delegated Authentication (Del Auth) request to help admins identify bottlenecks in the Active Directory (AD) Del Auth pipeline. The Del Auth System Log events now include times in milliseconds for:

  • delAuthTimeTotal: The total time spent for Del Auth in Okta. This time consists of the total time at the agent and the queue wait time in Okta before an agent starts processing the request. The queue wait times can be high if there are not enough agents to serve requests.
  • delAuthTimeSpentAtAgent: The total time the agent spent processing the request. This includes the time spent at the Domain Controller.
  • delAuthTimeSpentAtDomainController: The time spent at the Domain Controller.

For information about the System Log, see Accessing the System Log.

Note: You must be using AD agent version 3.1.0 or higher to use this feature.

2017.33 began deployment on August 21

Email template for attempted Self-Service Unlock Account when Account is not Locked is now customizable.

You can now customize the email template for Self-Service Unlock when Account is not Locked. For more information, see Customize the text of an email template.

Support for incremental imports

Incremental imports improve performance by only importing users that were created, updated, or deleted since your last import.

Okta now supports incremental imports for the following application integrations:

  • SuccessFactors
  • ServiceNow UD
  • SmartRecruiters

LDAP Profile Master option moved

The option for enabling LDAP Profile mastering is now on the LDAP Settings > Import Settings page.

IWA Web agent update, version 1.10.3

The IWA Web agent 1.10.3 is now Generally Available. This version restores support for Windows Server 2008. Please refer to IWA Web App Version History for more details about the change and Configuring Desktop SSO documentation for a complete list of supported platforms.

Duo SDK version 2.6

Okta sign in now uses version 2.6 of the Duo SDK. For more information on Duo, see Configuring Duo Security.

Okta RADIUS server agent version 2.7.0

The Okta RADIUS server agent version 2.7.0 is now Generally Available. This version contains better logging, improved queue management, packet duplication fixes, and many performance optimizations. Windows event logs are not created by default. This version supports the RADIUS Generic App and Amazon Workspace App. For the version history, see Okta RADIUS Server Agent Version History.

Improved error messaging

Okta has improved the messages returned with some error codes for OpenID Connect and OAuth 2.0 client apps using the [/oauth2/v1/clients](/docs/api/resources/oauth-clients.html) and [/api/v1/apps](/docs/api/resources/apps.html) endpoints.

2017.32 began deployment on August 14

Chrome browser plugin update, version 5.14.0

Okta plugin version 5.14.0 for the Chrome browser includes improvements to help prevent memory leaks. For version history, see Browser Plugin Version History.

Default Custom Authorization Server

Okta provides a pre­configured Custom Authorization Server named default. This default authorization server includes a basic access policy and rule, which you can edit to control access. It allows you to specify default instead of the authorizationServerId in requests to it:

  • https://{YourOktaOrg}}/api/v1/authorizationServers/default for a default Authorization Server
  • https://{YourOktaOrg}}/api/v1/authorizationServers/:authorizationServerId for other Custom Authorization Servers

For more information, see API Access Management.

OpenID Connect groups claim supports app groups

OpenID Connect, which uses the Okta Authorization Server, can retrieve application groups for use in tokens. Previously, application groups could only be retrieved with the Custom Authorization Server.

You can use the Okta Expression Language getFilteredGroups to retrieve application groups.

OAuth 2.0 clients now support web apps client credential grant type

OAuth 2.0 clients now support configuration of the web application type to use a client_credential grant type. This allows you to use one client_id for an application that needs to make user­-specific calls and back­end calls for data. For information on grant types, see App Wizard - Procedures.

System Log enhancement

The debug section of the System Log v2 now contains a list of the names of changed properties.

2017.31 began deployment on August 7

Improved reauthentication flow

SAML forceAuthN reauthentication flows always prompt for both the user name and password.

LDAP agent version 5.3.12

There is a new LDAP agent version 5.3.12 with updated default settings. For agent version history, see LDAP agent history.

Managed Google Play accounts for mobile apps

The simplified Android for Work setup wizard that removes the dependency on G Suite accounts is now Generally Available. For more information, see Setting up Android for Work in Okta.

OMM privacy sensitive enrollment flow

Beginning with Okta Mobile for Android 2.16.0, we introduced an improved Okta Mobility Management (OMM) enrollment flow that clarifies which type of data is private and which is company-accessible. This enrollment flow is now Generally Available.

Custom expired password flow

The ability to customize expired password flows to redirect end users to a specified website instead of the default Okta expired password form is now Generally Available.

For details, see Expired Password.

Key Rollover

The ability to generate a certificate with a specified validity period (see the Apps API and IdentityProviders API ) is now Generally Available. OpenID Connect and API Access Management are built on this feature.

OpenID Connect

OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol, which allows computing clients to verify the identity of an end user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end user in an interoperable and RESTlike manner. In technical terms, OpenID Connect specifies a RESTful HTTP API, using JSON as a data format.

OpenID Connect allows a range of clients, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end users. The specification suite is extensible, supporting optional features such as encryption of identity data, discovery of OpenID Providers, and session management.

Okta is certified for OpenID Connect. For more information, see OpenID Connect and Okta.

Performance improvements for Zendesk SAML App group assignments

To improve performance with long lists in the Zendesk SAML app, the Edit Group Assignment page now supports paging.

Blacklist an entire Network Zone

You can now blacklist entire zones to deny clients from these zones access to any URL for the org. This feature is Generally Available. For more information, see Network.

Workday profile update support

We have enhanced our Workday integration to support Profile Updates. For more information about Workday provisioning, see the Workday Provisioning Guide.

2017.29 and 2017.30 combined release began deployment on August 1

Increased number of Network Zones

The maximum number of network zones is increased to 5000 legacy network zones. For more information, see Network Zones.

Agent status indicator refresh time increased

The agent status indicator on the Settings page for an agent now refreshes every 30 seconds instead of every 5 seconds. This applies to Active Directory and LDAP agents.

More detailed invalid password message

The message that displays when an end user enters an invalid password now includes password age violations.

On Premises Provisioning agent and SDK version updates 1.2.2 and 1.2.3

Bug fix for agent installation failure when an Internet Explorer proxy was in use. For version history, see On Premises Provisioning Agent and SDK Version History.

2017.28 began deployment on July 17, 2017

System Log enhancement - Network Zones

We've enhanced our System Log to take advantage of our new Network Zones feature. Admins can now hover over an IP address that's part of an event and navigate through the series of menus to add that IP address to either the gateway or proxy list of IP addresses.

Disable Device Wipe permission

Through mobile policy rules for iOS and OS X devices (Devices > Mobile Policies), you can now disable the Wipe All Device Data option located on the Device Attributes page. Devices that are already enrolled in OMM are not affected by changes to this setting. For details, see Disable Device Wipe permission.

Redesigned Security menu

New Okta Security menus, redesigned based on your feedback, are now available in Preview. The new menu architecture provides a more intuitive configuration and management experience.

SAML support for Amazon Web Services with multiple accounts

SAML support for Amazon Web Services (AWS) with multiple accounts allows you to set up a single app integration to access multiple AWS accounts. You no longer have to set up multiple AWS app integrations in Okta for your end users. For details, see the AWS SAML Guide.

Multiple ACS URLs for SAML apps

When adding a SAML app, you can configure multiple ACS URLs to support apps capable of choosing where the SAML response is sent. This feature is now Generally Available. For more information, see Using the App Integration Wizard.

2017.26 and 2017.27 combined release began deployment on July 10

UD Integration with ServiceNow

Our Universal Directory integration with ServiceNow is now Generally Available. For details, see the ServiceNow Provisioning Guide.

Specify minimum password age for AD users

You can now specify the minimum age of end-user passwords in Active Directory Group Password policies.

New Microsoft Teams app integration

A new Teams app integration is available under the General tab for the Microsoft Office 365 app. To enable this app integration, see Enable Microsoft Office Applications:

Additional Search Enhancements

The Application Page contains usability improvements based on customer feedback. We've refined our Search to use app instance names. The page default app list is now sorted by name; previously, it was sorted by app type and name. For more details about search, see The Applications Page.

Enhanced System Log

  • The event log for OMM commands displays user, device, and policy information related to the command.
  • SysLog 1.0 and 2.0 track key rotation, key generation, and key cloning.

2017.25 began deployment on June 26

Custom placeholder text in account recovery dialog boxes

You can now customize the placeholder text that appears in dialog boxes when end users click account recovery links on the Sign-In page. For details, see Customize the placeholder text in account recovery dialog boxes.

Custom help link text on the Sign-In page

You can now customize the text of the help link on the Sign-In page. Clicking the link reveals account recovery options. For details, see Customize Sign-In page headings and links.

Mobile Policies and Wifi config location

The Mobile Policies and Wifi config security options are now only available on the Devices menu, as shown below. Previously, they were also available on the Security menu.

Support for RP-initiated Logout

Okta supports RPintiatedlogout from OpenID Connect client apps in both the Okta UI and Okta API. You can specify a logout redirect URI, or accept the default behavior of returning to the Okta Sign-in page. You can access this feature on the Create OpenID Connect Integration page (under Applications) in the UI.

2017.24 began deployment on June 19

Configure default scopes for an OAuth 2.0 client

To allow Okta to grant authorization requests to apps that do not specify scopes on an authorization request, you can now configure scopes as defaults. If the client omits the scope parameter in an authorization request, Okta returns all default scopes in the Access Token that are permitted by the access policy rule. For details, see Create Scopes.

Improved UI for creating OpenID Connect Apps

The wizard for creating an OpenID Connect app has been improved and consolidatedonto a single screen.

Enhanced settings for AD-mastered users

The Settings Page for AD-mastered users matches the Settings Page for Okta-mastered users to show the security question whether or not password reset or self-service unlock is available.

Chrome browser plugin update, version 5.12.0

Okta plugin version 5.12.0 is GA for the Chrome browser. This version updates how we describe the plugin in the Chrome web store, and provides several internal improvements. For version history, see Browser Plugin Version History.

Query string support in IdP Login URLs

Query string is now supported in the definition of an IdP Login URL:

  • The IDP Login URL field in the Add/Edit Endpoint wizard.
  • The IdP Single Sign-On URL for Inbound SAML. Reserved SAML parameters (SAMLRequest, RelayState, SigAlg, Signature) in the query strings are ignored.

2017.23 began deployment on June 12

People page button consolidation

Buttons on the People page for individuals are consolidated. If one or more actions are available, individual buttons appear. If three or more actions are available, a single button for a primary action appears adjacent to a More Actions button containing other available actions.

LDAP Agent version 5.3.10

The Okta Java LDAP agent version 5.3.10 is Generally Available. This version provides various improvements to the agent log, as well as fixes to the following issues:

  • Imports from LDAP failed in some orgs due to way the Okta LDAP agent handled unicode characters.
  • Imports from LDAP failed in some orgs due to randomly dropped connections between the LDAP agent and Okta.
For more information, see the Okta Java LDAP Agent Version History.

System Log – rollout and enhancements

  1. We have finished migrating all customers to our enhanced System Log as part of our on-going GA rollout. With this release, when navigating to the System Log in your Okta Administrator Dashboard, all orgs will now see the new System Log.
  2. We have enhanced our System Log by logging an event (security.session.detect_client_roaming) when a session roaming event is detected.
  3. The Okta Expression Language function getFilteredGroups events can be tracked with the /api/v1/events call, in addition to tracking in System Log v2.
  4. There is additional logging for an invalid OAuth 2.0 client. If we detect five or more consecutive authentication attempts with the wrong client secret, Okta logs the events as suspicious:
    • The requests may be to any OAuth 2.0 endpoint that accepts client credentials.
    • The counter resets after 14 days of no invalid authentication attempts, or after a successful authentication..
    • The message is Multiple requests with invalid client secret for client id.

Removed automatic fallback destination OU for LDAP provisioning groups

When configuring an LDAP provisioning group, you must now enter a DN attribute in the Provisioning Destination DN field to specify the container in which new users are created in LDAP (Directory > Groups > LDAP > Manage Directories). Before this change, leaving this field unpopulated meant that Okta automatically created new users in the container specified in the User Search Base field (Directory > Directory Integrations > LDAP > Settings > LDAP Configuration). This fallback method may have produced unexpected results. For more information, see Groups.

Dynamic claims for authorization servers

When configuring an authorization server, you can now specify when ID token claims are included in ID tokens sent from an authorization server. For details, see Create Claims.

New UI links

The Okta screens contain additional links. There is a link to the Okta Trust page from the bottom of the screen and the word Okta at the left of the menu bar is now a link to the Dashboard. Additionally, any links from an Admin banner page open in a new window by default.

The word Okta is a link.

Group Password Policy

The Group Password Policy feature is now GA. For details, see Security Policies.

Group Administrator Role

The Group Administrator role, previously known as the User Administrator role, is Generally Available. This role provides granular people management features and has enhanced capabilities for managing users within groups to which they are scoped. Super Admins can assign this role to isolate control over certain groups and teams within their organization. For details, see The Group Admin Role.

Switch to SHA-256 for enhanced security for Microsoft Office apps

We are switching from the SHA-1 signature algorithm to the SHA-256 algorithm for signing assertions used to sign in to Microsoft Office apps, both for browser-based and thick client use cases.

Note: This is a phased rollout to Production that is expected to be complete by 2017.26.

NetSuite UD integration

Our powerful new Universal Directory (UD) integration with NetSuite is now GA. For details, see the NetSuite Provisioning Guide.

Enhanced application search

The enhanced Application Page Search is now GA. If your org has 50+ apps, you can now use a Search bar that accepts app names and instances. You can also complete more tasks directly on the page, such as assigning users and groups. Finally, you can copy embedded links straight to the clipboard from specific apps without the need to scroll through the app list to find them.

Enhanced app assignment screen

An enhanced app assignment screen is available for all preview orgs. You can toggle between people and groups on the same screen, view an error message if an assignment cannot be completed, and select Assign to people or Assign to groups from the Assign button, as shown below. For details, see Assign Applications on the Using the Applications Page.

Unlock user accounts in bulk

You can unlock your user accounts in bulk in the same way that you can reset passwords and MFA in bulk.

SmartRecruiters provisioning integration (GA)

Our new provisioning integration with SmartRecruiters is now GA and supports the following features:

  • Import New Users
  • Push New Users
  • Push Profile Updates
  • Push User Deactivation
  • Reactivate Users

For details, see the SmartRecruiters Provisioning Guide.

Authentication whitelisting and blacklisting network zones

Authentication whitelisting and blacklisting based on Network zones is now Generally Available (GA). Network zones are sets of IP address ranges. You can use this feature in policies, application sign-in rules, and VPN notifications. This expands the use of Gateway IP Addresses. For more information, see Network.

2017.22 began deployment on June 5

Disable methods that end users can use to request apps

You can now disable the various methods your end users can use to request apps. For details, see Access Request Workflow.

2017.21 began deployment on May 24

End users' Display Language message

The following message now displays in the end users' Display Language setting if they have not specified a language preference.

Okta Confluence Authenticator v2.0.5

We have updated the Okta Confluence Authenticator to version 2.0.5. This version adds support for custom base URLs (for example, http://confluence.onprem.com/my-confluence). For version history, see the Okta Confluence Authenticator Version History.

As both the JIRA Authenticator and the Confluence Authenticator are built on the Okta SAML Toolkit for Java, all three components are incremented to version 2.0.5 to maintain version consistency. For more details on these integrations, see Using the Confluence On Premises SAML App and Using the JIRA On-Premises SAML App. We strongly recommend that customers download and upgrade the latest SAML toolkit and the relevant Jira or Confluence authenticators. You can access all of these tools from Settings > Downloads.

2017.20 began deployment on May 22

Compare group memberships to whitelist

Use the Okta Expression Language function getFilteredGroups to create a list of groups to which the current member belongs. With such a list you can, for example, create claims in Access Tokens and ID Tokens based on the groups. For details, see Group Functions.

UD locale property enforcement

The requirement that the Universal Directory locale property can only contain ISO/SCIM locale values is enforced for all new app instances. For details of this requirement, see UD Enforcement of ISO-compliant Locale Values.

OAuth 2.0 API

You can use the login_hint property on the OAuth 2.0 API (/oauth2/:authorizationServerId/v1/authorize) to populate a username when prompting for authentication.

2017.19 began deployment on May 15

JIRA, Confluence, and SAML Toolkit updates

We have updated the following Okta authenticators:

  • Okta JIRA Authenticator to version 1.0.15 for the JIRA On-Premises app version 6.x.x.
  • Okta JIRA Authenticator to version 2.0.4 for the JIRA On-Premises app version 7.x.x
  • Okta Confluence Authenticator to version 2.0.4 for the Confluence On-Premises SAML app
  • Okta SAML Toolkit for Java to version 2.0.4

We strongly recommend that you download and upgrade to the latest SAML toolkit and the necessary Jira or Confluence authenticators. You can access all of these tools from the Okta Downloads page (Settings > Downloads). For version history, see Version History Tables.

HTTP redirect binding support

You can now use an HTTP redirect for SAML single log-out requests.

ServiceNow SLO

The ServiceNow SAML application now supports Single Logout (SLO). This is an optional feature, and it is not enabled by default. To set up SLO for ServiceNow, follow the steps in the ServiceNow SAML guide.

Atlassian integrations update

We have updated our Jira and Confluence Cloud provisioning integrations to match with Atlassian's new identity structure using Atlassian Accounts. As part of this update, we have disabled/removed Sync Password and Update User Attributes functionality because Atlassian no longer supports them.

Atlassian is migrating all JIRA Cloud and Confluence Cloud customers by May 26th, 2017 to a new single identity called Atlassian Account. When you are ready, contact Atlassian to have your account migrated. If you do not contact Atlassian your account will be migrated automatically starting May 29th, 2017.

For details, see Migration to Atlassian Account for Jira Cloud and Confluence Cloud Customers for details.

2017.18 began deployment on May 3

New System Log rollout

We are migrating a significant number of our customers to our enhanced System Log as a part of our on-going GA rollout. In the next release, you may see the new System Log when navigating to Security System Log in your Okta Administrator Dashboard.

Custom attributes for CSV app imports

We have an enhancement for admins using .csv templates for user app assignments in lieu of provisioning. Along with importing users with Base attributes using a .csv template, you can import users with Custom attributes defined in the Profile Editor.

Convert a group task to an individual task

If a task is created from a group app assignment, you can change it to an individual assignment. All group assignment tasks contain an option for this permanent conversion. For details, see the Tasks Page section in The Administrator Dashboard.

User Administrator role (GA)

The User Administrator role is now GA, including the people management features. This role has enhanced capabilities for managing groups. Super Admins can assign this role to isolate control over certain groups and teams within their organization.

Integration update

To support our Concur integration, we now support TLS v1.2.

2017.17 began deployment on April 26

Egnyte provisioning enhancement

We have updated Egnyte provisioning so that once a user is provisioned into Egnyte by Okta and assigned the SSO authentication type, no further email validation is required. If you still want to receive a validation email from Egnyte for new SSO users, check the Send Egnyte Validation Email for SSO users box under the Provisioning tab.

New reports

We have added a new set of reports to our Reports page.

Auth Troubleshooting reports provide links to pre-defined queries in our System Log about the following authentication events:

  • Okta Logins (Total, Failed)
  • SSO Attempts
  • Auths Via AD Agent (Total, Failed)

2017.16 began deployment on April 20

New progress indicators

We've updated the visual progress indicators that appear in the Okta platform (spinners, progress bars).

Authentication Whitelisting and Blacklisting Network Zones

Authentication whitelisting and blacklisting based on Network zones is now Generally Available (GA). Network zones are sets of IP address ranges. You can use this feature in policies, application sign-in rules, and VPN notifications. This expands the use of Gateway IP Addresses. For more information, see Network.

Browser plugin updates

Okta plugin version 5.11.0 is GA for Chrome, Firefox, Internet Explorer (IE), and Safari browsers. This version provides recent performance and security enhancements. For more information, see Browser Plugin Version History.

2017.15 began deployment on April 17

macOS MDM and Android for Work

Okta is enabling two features, macOS MDM and Android for Work, for OMM customers that have not switched to our SKU packaging. For OMM customers with SKU packaging, these features are already enabled.

End-user welcome emails localized

The Welcome email that Okta sends to new end users is localized in the language in the users' default locale property (if specified) instead of the display language configured for your org (if different). For more information, see Configure the display language.

Display the source of app logins in the System Log

Admins can now examine the System Log to determine (in many cases) whether a given app login was initiated through the user's dashboard or through the browser plugin. For more information, see Reports.

Group password policy

Group Password Policy is now Generally Available for all Preview orgs. It is still an Early Access feature for Production orgs.

SAML certificates

Okta Admins can upload their own SAML certificates to sign the assertion for Outbound SAML apps and to sign the AuthNRequest and decrypt the assertion for Inbound SAML. For more information, see the Bring Your Own SAML App Certificate guide.

New Version of Okta Sign-In Widget

Version 1.11.0 of the Okta Sign-In Widget is available for Preview orgs. For more information, see Okta Sign-In Widget.

Integration update

Okta now supports TLS v1.2 communication between Okta and the Jira-On Premises server. We recommend updating your server as soon as possible, in accordance with security best practice.

Agent update

We have updated the On­-Premises Provisioning (OPP) agent to version 1.01.00. This update adds an http option and makes UTF-8 encoding the default. Previously the default encoding was the one set on the OS/system on which the OPP agent was installed. After upgrading the agent, the default encoding becomes UTF-8, unless you override the default.

2017.13 began deployment April 3

System Log enhancement

We have enhanced our System Log to now log the actual raw user agent string in the RawUserAgent string field.

Agent updates

  • We have updated the On-Premises Provisioning (OPP) agent to version 1.0.13. This allows the OPP agent to use the TLS v1.2 protocol, and deprecates TLSv1.0. We recommend updating your OPP agent as soon as possible, as TLSv1.0 is no longer considered secure.

2017.12 began deployment March 27

System Log (V2) enhancements

  • Click Expand All to expand the left side event categories. This link then toggles to Collapse All.

  • More information about an event is now displayed when the category is collapsed. The following additional details are displayed (if available):

    • Actor: user id
    • Client: ip address
    • Event: transaction id
    • Target: target resource type and target resource id
  • In addition to displaying the Outcome of an event, when the Outcome is failure, we now also display the reason why

2017.11 began deployment on March 21

Gmail with a generated Exchange ActiveSync Device Identifier (EAS ID)

We now configure Gmail with a generated Exchange ActiveSync Device Identifier (EAS ID) when you deploy the Gmail native app to your Android for Work-enabled devices. This is consistent with our support for the native mail app on iOS devices. EAS IDs are provided in a CSV file available at Devices > Overview. You can use EAS Device IDs in your environment to control which Exchange ActiveSync-enabled devices are allowed to connect to your Exchange Servers.

Multi-factor authentication with System Log

The System Log now records the result of applying the Okta sign-on policy to determine whether to use multi-factor authentication for a user trying to log in. This log entry includes the user's zone:

2017.10 began deployment on March 13

Atlassian Cloud app

We have introduced a new Atlassian Cloud app integration that supports SAML for both JIRA Cloud and Confluence Cloud. In order to use SAML you will need to:

  • Switch your JIRA/Confluence Cloud tenants to Atlassian Account.

  • Switch to the Atlassian Cloud app integration in Okta.

For details, see How to Configure SAML 2.0 for Atlassian Cloud.

508 compliance

As part of Okta's Section 508 Compliance, links and buttons in certain areas of the Okta service are now illuminated when they're in focus. For more information about focus changes, see Testing HTML for Section 508 Compliance.

Android for Work

To harmonize with Google's plans to EOL the Divide Productivity app suite, we are now pre-configuring Gmail for Android for Work profiles on OMM-enrolled devices. For more information, see here.

Platform release notes

Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.

Application updates

We've implemented SWA for the following Okta Verified application:

  • LoansPQ (OKTA-116896)

We've added the following Mobile application for use with Okta Mobility Management (OMM) (Android and iOS):

  • Zoom (OKTA-116961)

2017.09 began deployment on March 6

British Telecom (BT) Cloud Phone Production and BT Cloud Phone User Acceptance Testing (UAT)

Our Universal Directory-enabled provisioning integrations for British Telecom (BT) Cloud Phone Production and BT Cloud Phone User Acceptance Testing (UAT) environments are now Generally Available (GA) (note that the UAT app is available in Preview orgs only). The BT Cloud Phone applications support attribute-level mastering, which allows BT Cloud Phone to act as a master for users ' direct and extension numbers while other attributes are mastered by a different source, such as Active Directory (AD). For details, see British Telecom Cloud Phone configuration guide.

RingCentral Office @ Hand for AT&T Production and RingCentral Office @ Hand for AT&T User Acceptance Testing (UAT)

Our Universal Directory-enabled provisioning integrations for RingCentral Office @ Hand for AT&T Production and RingCentral Office @ Hand for AT&T User Acceptance Testing (UAT) environments are now GA (note that the UAT app is available in Preview orgs only). The RingCentral Office @ Hand for AT&T applications support attribute-level mastering, which allows Office @ Hand for AT&T to act as a master for users ' direct and extension numbers while other attributes are mastered by a different source, such as Active Directory. For details, see RingCentral Office @ Hand for AT&T configuration guide.

We have enhanced deprovisioning for Dropbox Business to include off-boarding features.

When deprovisioning users, you can now do the following:

The Okta Mobile Safari Extension allows Okta Mobile to share a session with Safari.

Essentially, an end user can sign into SAML apps without re-entering their Okta credentials on their mobile device. This feature can be disabled if you'd rather not allow seamless SAML access to Safari. For details, see Okta Mobile SafariExtension.

VPN profiles via OMM

We have added a new option to our current list of VPN profiles viaOMM. Admins can now provision Pulse Connect Secure as a VPN client. For details, see Configuring VPN Profiles. This feature is currently only available for iOS devices.

Cell display

The cell in which your org is running now appears at the bottom of the page. A cell is an independent collection of multi-tiered, redundant hardware and software designed to effectively manage service traffic and requests for a subset of Okta tenants. Okta is comprised of multiple cells strategically deployed across several geographic regions. You may be asked to provide your cell number whenever you contact Okta Support.

508 compliance

As part of Okta 's 508 Compliance, input text fields are now illuminated when they 're in focus.

For more information about focus changes, see here.

2017.05 began deployment on February 28

This release combines features from Okta Preview Sandbox (oktapreview.com) 2017.03, 2017.04, and 2017.05.

Push Universal Groups to Active Directory

As with Domain local and Global groups, you can now push Universal groups to Active Directory.

OpenID Connect app

When creating a new OpenID Connect app and configuring an Implicit grant type, you can now specify whether to include ID Tokens, Access Tokens, or both.

SAML standards

Per SAML standards, we now send Universal Directory (UD) array attributes in SAML 1.1 assertions as multi attribute values.

System Log

We have enhanced our System Log to now include more granular Microsoft Office 365 events.

Okta Verify with Touch ID is now Generally Available.

You can configure an end-user fingerprint request that appears after the initial MFA challenge. If the user's device is lost or stolen, no one else can gain access to it. This feature is currently available only for iOS devices. For details, see Okta Verify with Touch ID.

Language improvements

We have improved text in the end user Welcome screen and Settings page in the Japanese language.

SAML ACS Endpoint by URL

In addition to the index, we now support requesting the SAML ACS Endpoint by URL. For information about allowing apps to request other URLs, see Using the App Integration Wizard.

Authorization Server to Manually Rotate Keys.

You can set an authorization server to manually rotate keys. Keys are rotated automatically by default. For more information, see API Access Management.

Important: Automatic key rotation is more secure than manual. Use manual key rotation only if you can't use automatic.

Search API

You can now search on the exact name of an authorization server or resource URI from the Authorization Servers tab (Security > API).

Enhanced the Amazon Web Services SAML SSO

We have enhanced the Amazon Web Services SAML SSO to allow setting of a configurable AWS ACS URL and AWS API URL. These fields are optional, and give the you added control over the app configuration. Note that if you already have an Amazon Web Services app configured, it will continue to work as-is. (This feature was hotfixed in Preview Release 2017.02).

Browser plugin update

The Okta plugin version 5.9.3 is now Generally Available (GA) for Firefox and Internet Explorer (IE) browsers. This release provides performance and security enhancements and is available to all customers via Settings > Downloads. For version history, see Browser Plugin Version History.

Agent update

  • The Okta IWA Web App version 1.10.1 is now GA. This release includes internal improvements as well as all the fixes and enhancements contained in EA versions 1.10.0 and 1.10.1. It is available to all customers via Settings > Downloads. For version history, see SSO IWA Web App Version History.

2017.02 began deployment on January 17

Unless otherwise noted, these features are available for all organizations with release 2017.02.

508 compliance

The Okta end user Dashboard now supports skip navigation to allow users and screen readers to bypass links at the top of the page and go directly to their desired content such as app integrations, the Add App button, and end user Settings. For more information about skip navigation technology, see here.

Directories

  • To allow more granular control of outbound provisioning to Active Directory (AD), admins can now deactivate the accounts of unassigned AD users and update user attributes in AD during app assignment and profile updates. For details, see Configuring Import and Provisioning Settings.

  • You can permanently delete a deactivated user with the Delete button that appears in the directory screen for that user, as shown below. You cannot undo this deletion. After deletion you can reuse the user name and other identifiers; however, log entries are retained.

2017 Application Integrations and Updates

2017.52 (combines app integrations from 2017.51 and 2017.52 releases)

Application Integration Updates

New Application Integrations

SAML for the following Okta Verified applications

  • HONK Rescue (OKTA-151854)

  • Kentik (OKTA-152933)

  • OC Tanner AppreciateHub (OKTA-151853)

  • Synerion Enterprise (OKTA-152185)

  • Wombat Security Technologies (US) (OKTA-151569)

SAML for the following Community Created application

  • OverDRIVE (OKTA-151568)

SWA for the following Okta Verified applications

  • Alerus: Account Access (OKTA-150560)

  • Amazon Vendor Central (OKTA-150503)

  • Cheetah Digital: Marketing Suite (OKTA-149943)

  • Foxit (OKTA-153102)

  • i3screen (OKTA-150608)

  • Snapseed (OKTA-153109)

  • VTS (OKTA-153111)

Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Atlassian Cloud (OKTA-151525)

  • Foxit (OKTA-152688)

  • Google Maps (OKTA-151645)

  • join.me (OKTA-152689)

  • Snapseed (OKTA-152691)

  • VTS (OKTA-152719)

2017.50

New Application Integrations

SAML for the following Okta Verified applications

  • NS1 (OKTA-150610)

  • Recurly (OKTA-151098)

SWA for the following Okta Verified applications

  • ADP Retirement Services (Plan Sponsor/Advisor Login) (OKTA-150835)

  • Auth0 (OKTA-149833)

  • Brit Systems (OKTA-150646)

  • eZcard (OKTA-149086)

  • LastPass Affiliate (OKTA-149785)

Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Bellgram (OKTA-151286)

  • Jell (OKTA-151270)

2017.49 (combines app integrations from 2017.48 and 2017.49 releases)

Application Integration Updates

  • Provisioning is implemented for the Verecho Partner-Built application (OKTA-150478). For details, see the Verecho Configuration Guide.

  • Code42 Provisioning, a Partner-Built integration, has updated their integration to now support Push Groups feature.

  • Provisioning is enabled for Pathgather. See the Pathgather Provisioning Guide for details.

New Application Integrations

SAML for the following Okta Verified applications

  • Academy LMS by Praetorian Digital (OKTA-149948)

  • Jostle (OKTA-148625)

  • monday.com (OKTA-146798)

  • Sighten.io (OKTA-146496)

  • Spacebase (OKTA-149054)

  • WegoWise (OKTA-149747)

SWA for the following Okta Verified applications

  • Ally Bank Login (OKTA-148498)

  • American Academy of Actuaries (OKTA-149200)

  • Apple Store for Business (OKTA-148098)

  • Bellgram (OKTA-149000)

  • Buddy Build (OKTA-148336)

  • CheckAlt Item Processing (OKTA-143087)

  • CN Transportation Services (OKTA-149327)

  • Conference of Consulting Actuaries (OKTA-149201)

  • CoreLogic (OKTA-149370)

  • FireEye (ETP) (OKTA-147126)

  • International SOS Assistance ()

  • Jell (OKTA-148868)

  • LexisNexis Insurance Solutions (OKTA-149001)

  • MasterCard Portfolio Viewer (OKTA-146956)

  • Microsoft Office 365 (OKTA-148998)

  • Microsoft Volume Licensing Service Center (OKTA-149245)

  • Pathgather (OKTA-150302)

  • Rollbar (OKTA-148225)

  • Society of Actuaries (OKTA-149199)

  • SunTrust SunView Treasury Manager (OKTA-148671)

  • TravelCube Pacific (OKTA-148220)

  • Virgin Pulse (OKTA-147924)

Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Airtame (OKTA-148643)

  • Confluence (Atlassian) (OKTA-149483)

  • Front (OKTA-148736)

  • Intercom (OKTA-148512)

  • International SOS Assistance (OKTA-148642)

  • JIRA Cloud (Atlassian) (OKTA-149477)

  • Marketo (OKTA-148744)

  • Nest (OKTA-149485)

  • SenderGen (OKTA-149770)

  • UberConference (OKTA-149924)

  • Workable (OKTA-149486)

  • ZScaler (OKTA-150480)

Mobile application for use with Okta Mobility Management (OMM) (Android)

  • InVisionApp (OKTA-149768)

Mobile applications for use with Okta Mobility Management (OMM) (iOS)

  • HighQ (OKTA-150276)

  • Stripe (OKTA-149772)

2017.47 (combines app integrations from 2017.46 and 2017.47 releases)

Application Integration Updates

  • Provisioning is implemented for the Namely Partner-Built application (OKTA-147131). For details, see the Namely Configuration Guide.

New Application Integrations

SAML for the following Okta Verified applications

  • 6sense ABM and Analytics (OKTA-148708)

  • Clear Review (OKTA-147041)

  • PathSavvy (OKTA-147739)

  • Spacio (OKTA-146489)

  • WebEx (Cisco) (OKTA-148764)

  • WGM Apps (OKTA-146195)

SAML for the following Community Created application

  • EclipsePPM (OKTA-141524)

SWA for the following Okta Verified applications

  • Abacus (OKTA-147741)

  • Aria (Customer Support Portal) (OKTA-147180)

  • AuthAnvil (OKTA-146187)

  • Deutsche Bank Autobahn (OKTA-146481)

  • Fiix (OKTA-146158)

  • Firefox (OKTA-148214)

  • Grovo (OKTA-149064)

  • ISO PAAS (OKTA-147804)

  • MultiSafepay (OKTA-146386)

  • ProofPoint Threat Insight Dashboard (OKTA-144658)

  • PWC Connect (OKTA-142763)

  • SmartBid (OKTA-145025)

  • Uber Central (OKTA-144015)

  • Zoho Books UK (OKTA-146369)

Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Abacus (OKTA-146602)

  • EverBridge (OKTA-147611)

  • Facebook (OKTA-147072)

  • Firefox (OKTA-147073)

  • Instagram (OKTA-147108)

  • LastPass (OKTA-147110)

  • MySonicWall (OKTA-147114)

  • New Relic (OKTA-149048)

  • Toggl (OKTA-147070)

Mobile application for use with Okta Mobility Management (OMM) (Android)

  • Keepass2Android (OKTA-147109)

Mobile applications for use with Okta Mobility Management (OMM) (iOS)

  • Berenberg: Equity Research Portal (OKTA-149134)

  • MiniKeePass (OKTA-147111)

2017.45

Application Integration Updates

  • The Pathgather app is Okta-built. The Pathgather Cloud Provisioning Connector integration is now OKTA owned and publicly available. For any existing app instances using the custom version of this integration and being migrated to this publicly available bundle, the import feature would be disabled by default. Admins will need to enable the feature on the Provisioning tab and re-save the app instance to keep using the import feature.

  • Provisioning is implemented for the LastPass Sync Partner-Built application (OKTA-147131). For details, see the LastPass Sync Configuration Guide.

New Application Integrations

SAML for the following Okta Verified applications

  • Andromeda On-Premises (OKTA-146475)

  • Breezy HR (OKTA-146166)

  • DataScience.com Platform (OKTA-144598)

  • EmployeeChannel (OKTA-140778)

  • Retail Zipline (OKTA-145897)

  • Slemma (OKTA-146159)

SWA for the following Okta Verified applications

  • Consumer Edge Research (OKTA-142258)

  • Evercore ISI: Equity Research (OKTA-142259)

  • Evercore ISI: Equity Research iPad (OKTA-146167)

  • Guidepoint (Client Login) (OKTA-143877)

  • LiveWell (OKTA-143858)

  • PlanGuru (OKTA-143812)

  • PostNL (OKTA-144235)

  • ProofPoint Secure Share Administration (OKTA-144523)

  • SaneBox (OKTA-145283)

  • Sentinel Security Life Admin Portal (OKTA-146067)

  • SRA (OKTA-143289)

Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Health4Me (OKTA-145156)

  • POP Tracker (OKTA-145158)

Mobile applications for use with Okta Mobility Management (OMM) (Android)

  • Termux (OKTA-143068)

  • Termux:Styling (OKTA-143067)

Mobile applications for use with Okta Mobility Management (OMM) (iOS)

  • G Suite (OKTA-143066)

  • Google Quick Search (OKTA-143065)

2017.44 (combines app integrations from 2017.43 and 2017.44 releases)

New Application Integrations

SAML for the following Okta Verified applications

  • DealerSocket (OKTA-145234)

  • EAT Club (OKTA-138253)

  • Engagio (OKTA-145232)

  • Frontline Vulnerability Manager (OKTA-142918)

  • Google Cloud Platform (OKTA-145110)

  • NexTravel (OKTA-142917)

  • Plex Identity Access Management (OKTA-141301)

  • ProductIP (OKTA-146194)

  • Saba (OKTA-144740)

  • SightPlan (OKTA-142620)

  • TextMagic (OKTA-143869)

SWA for the following Okta Verified applications

  • AmericanFunds Retirement Solutions (OKTA-143495)

  • Aviva My Business (OKTA-141954)

  • Barlaycard (OKTA-141952)

  • BT Business (OKTA-141953)

  • CEB Shared Services Leadership Council (OKTA-143891)

  • CFS dataVISION (OKTA-143526)

  • Credit Suisse Plus (OKTA-141949)

  • DuPont eLearning Suite (OKTA-142178)

  • Exane BNP Paribas (OKTA-142253)

  • Google Cloud Platform (OKTA-145110)

  • Inbox by Gmail (OKTA-145603)

  • Inbox by Gmail (OKTA-145603)

  • Rhone Group (OKTA-141951)

  • Vintage King (OKTA-145160)

  • World First (OKTA-141955)

Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Cisco Spark Platform (OKTA-144000)

  • G Suite (OKTA-139982)

  • Google Cloud Platform (OKTA-145110)

  • LumApps (OKTA-143063)

  • MyCigna (OKTA-145152)

Mobile applications for use with Okta Mobility Management (OMM) (iOS)

  • Autonomous (OKTA-141746)

  • Deutsche Bank: Global Markets Equities (OKTA-141743)

  • Fiix (OKTA-144609)

Mobile applications for use with Okta Mobility Management (OMM) (Android)

  • Berenberg: Corporate Portal (OKTA-141737)

  • Inbox by Gmail (OKTA-145603)

2017.42

New Application Integrations

SAML for the following Okta Verified applications

  • 6sense ABM & Analytics (OKTA-143628)

  • BasicOps (OKTA-139540)

  • Branch SAML (OKTA-141410)

  • Sentry (OKTA-143868)

  • Sequr (OKTA-142392)

  • Symantec Web Security Service (OKTA-136082)

  • Udemy for Business (OKTA-143722)

SWA for the following Okta Verified applications

  • Bernstein Research (OKTA-144390)

  • Business VAT (OKTA-141946)

  • Eden (OKTA-144050)

  • Google Docs (OKTA-142694)

  • Redburn (OKTA-141948)

Mobile application for use with Okta Mobility Management (OMM) (Android and iOS)

  • Google Voice (OKTA-139985)

Mobile applications for use with Okta Mobility Management (OMM) (iOS)

  • Bernstein Research (OKTA-141739)

  • Raymond James Equity Research (OKTA-141744)

Mobile application for use with Okta Mobility Management (OMM) (Android)

  • SAP Cloud for Customer (OKTA-141032)

2017.41

Application Integration Updates

  • The Okta/Slack integration now supports Schema Discovery and additional profile attribute mappings. For details, see the Slack Provisioning Guide.

New Application Integrations

SAML for the following Community Created application

  • Udemy for Business (OKTA-142080)

SWA for the following Okta Verified applications

  • Killer Tracks (OKTA-142365)

  • LeadsPedia (OKTA-142166)

  • miniOrange (OKTA-141313)

  • NFL Game Pass (OKTA-141322)

  • Star Cruise B2B (OKTA-142743)

  • Uber for Business (OKTA-141950)

  • Wolfe Research (OKTA-140617)

Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Bank of America Merrill Lynch: Mercury Login (OKTA-142038)

  • Captec: CRM (OKTA-140860)

  • J.P. Morgan Markets (OKTA-140879)

  • Morgan Stanley Matrix (OKTA-142039)

  • Morgan Stanley: Research (OKTA-140889)

  • Sentieo (OKTA-140885)

  • Société Générale: Markets (OKTA-142040)

Mobile applications for use with Okta Mobility Management (OMM) (iOS)

  • Goldman Sachs 360 (OKTA-140865)

  • Jefferies: Global Equity Research (OKTA-140877)

  • RBC Insight (OKTA-141745)

  • UBS: Neo Login (OKTA-140890)

2017.40

New Application Integrations

SAML for the following Okta Verified applications:

  • Atipica (OKTA-142623)

  • Coggle (OKTA-142079)

  • Expressive (OKTA-142221)

  • jTask Pulse (OKTA-141922)

  • Whistic (OKTA-128904)

SWA for the following Okta Verified applications:

  • Banc Mall (OKTA-140874)

  • CrowdStrike Support Portal (OKTA-140514)

  • Pandaw (OKTA-141916)

  • Principal Employer (OKTA-141121)

  • Shoutem (Affiliate Login) (OKTA-141851)

Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS):

  • Google Authenticator (OKTA-139981)

  • Google Keep (OKTA-139983)

  • Google News & Weather (OKTA-139984)

  • Hangouts Meet (OKTA-139986)

  • HSBC Global Research (OKTA-140867)

  • Microsoft Office 365 (OKTA-138222)

  • Microsoft Teams (OKTA-138225)

  • S&P Capital IQ (OKTA-140882)

Mobile application for use with Okta Mobility Management (OMM) (iOS):

  • Google Plus (OKTA-139987)

2017.39

Application Integration Updates

  • Okta has implemented provisioning for the Trello Partner-Built application (OKTA-142138). For details, see the Trello Configuration Guide.

New Application Integrations

SAML for the following Okta Verified applications:

  • Coveo Cloud (OKTA-141304)

  • icare - Guidewire Policy Center (OKTA-139024)

  • MyWebTimesheets (OKTA-141411)

  • Splan Visitor (OKTA-141202)

  • UniversitySite (OKTA-141300)

SAML for the following Community Created application:

  • UsefulFeedback (OKTA-134151)

SWA for the following Okta Verified applications:

  • Calendly (OKTA-140676)

  • Canaccord Genuity (OKTA-140615)

  • ClassMarker (OKTA-141175)

  • fusionZONE Automotive (OKTA-140669)

  • It Glue (OKTA-140213)

  • LoansPQ (OKTA-141025)

  • Medi-Share Provider Portal (OKTA-140351)

  • Microsoft Office 365 (OKTA-142184)

  • Office National Australia (OKTA-139526)

  • Stratocast MS Login (OKTA-140601)

  • Unbounce (OKTA-141630)

  • United Health Care (OKTA-141178)

Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS):

  • Adam Phones Portal (OKTA-140839)

  • Barclays Live Client Login (OKTA-140853)

  • Citi Velocity (OKTA-140863)

2017.38 (combines app integrations from 2017.37 and 2017.38 releases)

New Application Integrations

SAML for the following Okta Verified applications:

  • Berenberg: Equity Research Portal (OKTA-139765)

  • CloudHealth (OKTA-141172)

  • Glint Innovation (OKTA-137507)

  • Gusto (OKTA-140767)

  • Holland and Barrett (OKTA-139764)

  • ProLease (OKTA-138755)

  • Wellworks For You (OKTA-131905)

SAML for the following Community Created application:

  • HSE-Compliance (OKTA-139418)

SWA for the following Okta Verified applications:

  • AB Bernstein (OKTA-139766)

  • Abbvie (OKTA-133949)

  • AbsorbLMS (OKTA-141014)

  • ADP TotalSource (OKTA-140931)

  • Autonomous (OKTA-140614)

  • Azure Manage (OKTA-141166)

  • Azure Portal Login (OKTA-136276)

  • B. Riley Equity Research (OKTA-140607)

  • BlueMatrix (OKTA-140608)

  • Boston Private Bank: Online Banking (OKTA-138006)

  • Carerix (OKTA-140487)

  • Ceridian HR/Payroll Web (OKTA-139044)

  • Creditsafe NL (OKTA-137827)

  • Deutsche Bank: Global Markets Equities (OKTA-136778)

  • EasyKeys.com (OKTA-141168)

  • Engine Yard (OKTA-141165)

  • Financial Times (OKTA-136815)

  • Gett For Business (OKTA-136816)

  • Glint Innovation (OKTA-137507)

  • GoAnywhere Login (OKTA-136177)

  • Granite Rock Reports (OKTA-139556)

  • HFR (OKTA-140606)

  • ICICI Bank Money2India (OKTA-140806)

  • Microsoft SharePoint Online Office 365 (OKTA-140253)

  • Morning Star: Investment Research (OKTA-139767)

  • Olympex Global (OKTA-136819)

  • One Codex (OKTA-140587)

  • ONEaccess (OKTA-136813)

  • Optimal Workshop (OKTA-140491)

  • OTR Global (OKTA-140612)

  • PNC - Online Banking (OKTA-141076)

  • Pond5 (OKTA-137182)

  • RBC Insight (OKTA-140616)

  • RJ Capital Markets Equity Research (OKTA-140609)

  • Safeware (OKTA-139076)

  • UBS: Neo Login (OKTA-135350)

  • Wealthscape (OKTA-139423)

Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS):

  • Ribena (OKTA-139763)

  • Receipt Bank (OKTA-138882)

Mobile application for use with Okta Mobility Management (OMM) (iOS):

  • Dropbox Business (OKTA-135103)

2017.36

New Application Integrations

Mobile application for use with Okta Mobility Management (OMM) (Android and iOS):

  • My MWC Americas (OKTA-138408)
  • Quip (OKTA-136945)

Mobile application for use with Okta Mobility Management (OMM) (Android):

  • LucidChart (OKTA-136946)

SAML for the following Okta Verified application:

  • SailPoint IdentityIQ (OKTA-81678)

SWA for the following Okta Verified applications:

  • Arvest Banking (OKTA-137291)

  • BAML Works (OKTA-139658)

  • Cintellate by SAI Global (OKTA-137811)

  • ComputerShare Support Portal (OKTA-138293)

  • Creditsafe UK (OKTA-138608)

  • Macquarie (OKTA-138421)

  • Microsoft Intune Company Portal (OKTA-138764)

  • myKaarma (OKTA-139092)

  • MyKaarma (OKTA-139092)

  • NFL Game Pass (OKTA-139100)

  • Royal Mail (OKTA-136820)

  • sai.patenergy.com (OKTA-139302)

  • SeatGeek (OKTA-139120)

  • Vanguard Software (OKTA-138897)

  • Vanguard Software (OKTA-138897)

  • Visible Alpha (OKTA-136814)

2017.35

New Application Integrations

Mobile application for use with Okta Mobility Management (OMM) (Android and iOS):

  • Intune Company Portal (OKTA-138220)

SAML for the following Okta Verified applications:

  • CrossLead (OKTA-137987)

  • PageTiger (OKTA-137850)

  • PerformYard (OKTA-138423)

  • Piwik (OKTA-137352)

  • Polestar SaaS - MyPayPortal (OKTA-133390)

  • SmartRecruiters (OKTA-137424)

  • Twebcast (OKTA-133391)

SWA for the following Okta Verified applications:

  • Beonic Technologies Traffic Insight (OKTA-137971)

  • CommonwealthBank NetBank (OKTA-138420)

  • FINRA (OKTA-135356)

  • Infor EAM (OKTA-137136)

2017.34

New Application Integrations

Mobile application for use with Okta Mobility Management (OMM)(Android and iOS):

  • Saleshood (OKTA-136672)

SAML for the following Okta Verified applications

  • SafetyStratus (OKTA-137023)

  • ThreatStream SaaS (OKTA-132850)

  • Workstars (OKTA-137849)

SAML for the following Community Created application

  • Velaro (OKTA-137485)

SWA for the following Okta Verified applications

  • 3Rivers (OKTA-136657)

  • Aviva (OKTA-136823)

  • Bank of America Merrill Lynch: Mercury Login (OKTA-136776)

  • Barclays Live Client Login (OKTA-136775)

  • Charlie HR (OKTA-136824)

  • Citizens Bank accessMONEY Manager (OKTA-136559)

  • FCA: Connect (OKTA-136767)

  • Fedex United Kingdom (OKTA-136818)

  • FINRA IARD (OKTA-136769)

  • FINRA Web CRD (OKTA-136768)

  • Mortgagebot LOS (OKTA-136686)

  • Nespresso UK (OKTA-136861)

  • Oracle WebCenter Portal (OKTA-132500)

  • RedQuarry (OKTA-136461)

  • REI: Super (OKTA-136272)

  • Sage Employee Services Portal (OKTA-137622)

  • Sainsburys Groceries (OKTA-136845)

  • UnaVista Transaction Reporting (OKTA-135357)

  • Valera Global (OKTA-136817)

  • Viking (OKTA-136821)

  • Zepbrook (OKTA-136822)

2017.33

New Application Integrations

SAML for the following Okta Verified applications

  • Kollective (OKTA-135191)

  • RedLock (OKTA-136600)

SWA for the following Okta Verified applications

  • FCA: Gabriel (OKTA-135355)

  • Juilliard (OKTA-134620)

  • MyGeotab (OKTA-135211)

  • Ramp (OKTA-136243)

  • TestRail (OKTA-136226)

2017.32

Application Integration Updates

New Application Integrations

SAML for the following Okta Verified application

  • VendorHawk (OKTA-135783)

SWA for the following Okta Verified applications

  • Adam Phones Portal (OKTA-135352)

  • American Strategic Insurance - Agent Login (OKTA-135526)

  • Arizona Uniform (OKTA-136054)

  • Baker Hill Advisor (OKTA-131770)

  • Goldman Sachs 360 (OKTA-135343)

  • J.P. Morgan Markets (OKTA-135346)

  • Jefferies: Global Equity Research (OKTA-135347)

  • Morgan Stanley Matrix (OKTA-135348)

  • Piper Jaffray: Research Access (OKTA-135349)

  • Proposify (OKTA-134813)

  • Societe Generale: Markets (OKTA-135351)

  • State Street (OKTA-135354)

2017.31

Application Integration Updates

  • Provisioning is implemented for the TalentLMS Partner-Built application (OKTA-135457). For details, see the TalentLMS Configuration Guide.

  • We have enhanced the Roambi provisioning integration to support Roambi's European endpoint. If you are on Roambi EU, go to the Provisioning tab in Okta, and select EU from the Account Location dropdown menu.


    For details, see the Roambi Provisioning Guide.

  • The following update was deployed to Preview with 2017.28, and is now deployed to Production. The Google Apps integration includes the following improvements:

    • Reduced import time by increasing the maximum number of users returned in a page from Google from 100 to 500.

    • Reduced the time it takes to update group memberships by batching requests into a single (up to 1000 per request) request. This significantly reduces the network overhead and latency when performing a large number of updates.

New Application Integrations

SAML for the following Okta Verified applications

  • Gong (OKTA-133878)

  • HappyFox Chat (OKTA-133841)

  • WebEx (Cisco) (OKTA-126745)

SAML for the following Community Created applications

  • ACA Aponix Web Portal (OKTA-132502)

  • Sentieo (OKTA-113327)

SWA for the following Okta Verified applications

  • Activist Shorts Research (OKTA-135345)

  • Alibaba Cloud (Aliyun) (OKTA-133666)

  • Attorney Information System (AIS) (OKTA-134332)

  • AutoLoop (OKTA-134497)

  • HSBC Global Research (OKTA-135344)

  • Lakeland Bank (OKTA-133317)

  • Sentieo (OKTA-135353)

Mobile application for use with Okta Mobility Management (OMM) (Android and iOS)

  • MyGeotab (OKTA-134841)

Mobile application for use with Okta Mobility Management (OMM) (Android)

  • Dropbox for Business (OKTA-132476)

2017.30

Production release 2017.30 combined Preview releases 2017.29 and 2017.30.

Application Integration Updates

  • The Smartsheet integration has improved messaging.
  • Provisioning is implemented for the 15Five Partner-Built application (OKTA-134568). For details, see the 15Five Configuration Guide.

New Application Integrations

SAML for the following Community Created application:

  • SchoolKeep (OKTA-128903)

SAML for the following Okta Verified applications:

  • Aviso (OKTA-133528)

  • Blue Ocean Brain (OKTA-131689)

  • HelloSign (OKTA-130205)

  • KPN Zorg Messenger (OKTA-133243)

  • OneTrust (OKTA-128479)

  • Sapling (OKTA-133389)

  • UserVoice (OKTA-109584)

  • WorkRamp (OKTA-131683)

SWA for the following Okta Verified applications:

  • NS1 (OKTA-133489)

  • OneSignal (OKTA-133218)

  • TeluxHD (OKTA-132188)

  • The Courier Mail (OKTA-133043)

Mobile application for use with Okta Mobility Management (OMM) (Android and iOS):

  • FreshService (OKTA-131337)
  • Intelex Mobile (OKTA-133346)
  • Snapchat (OKTA-132858)

Mobile application for use with Okta Mobility Management (OMM) (iOS):

  • NetDocuments (OKTA-133690)

2017.28

New Application Integrations

SAML for the following Okta Verified applications:

  • Alterdesk (OKTA-131448)

  • DEEM (OKTA-104299)

  • IncentFit (OKTA-128183)

  • KPN Zorg Messenger (OKTA-130957)

  • Learndot (OKTA-105640)

SWA for the following Okta Verified application:

  • Kamer van Koophandel (OKTA-132527)

2017.27

Application Integration Updates

  • The CornerStone on Demand integration now supports a customizable SAML ACS URL.
  • Okta now supports SHA256 Fingerprints for application Security Certificates. Users of Freshservice are advised to update their SHA1 fingerprint to SHA256.

New Application Integrations

SAML for the following Okta Verified applications

  • DocSend (OKTA-129382)

  • Envestnet Tamarac (OKTA-129603)

  • Netskope Reverse Proxy (OKTA-121479)

  • Noggin OCA (OKTA-129599)

  • Pendo (OKTA-126426)

  • ReadMe SAML (OKTA-130202)

  • ShareVault (OKTA-129602)

  • Talla (OKTA-130777)

  • TeamsID (OKTA-127919)

  • TruSTAR (OKTA-129855)

  • Ultimate Software Perception (OKTA-130955)

SAML for the following Community Created applications

  • Advent Black Diamond (OKTA-125369)

  • GoLinks (OKTA-124520)

SWA for the following Okta Verified applications

  • Apple ID (OKTA-130193)

  • CoStar (OKTA-130094)

  • Ernst Publishing (OKTA-130675)

  • Flagstar Bank - Correspondent Purchasing System (OKTA-131690)

  • JobTeaser (OKTA-130924)

  • Oracle Fusion (OKTA-128954)

  • Spectrum Time Warner Cable (OKTA-130723)

  • The Courier Mail (OKTA-129829)

We've added the following Mobile application for use with Okta Mobility Management (OMM) (Android)

  • Replicon (OKTA-131332)

We've added the following Mobile application for use with Okta Mobility Management (OMM) (Android and iOS)

  • Diligent Boardbooks (OKTA-130402)

2017.26

Application Integration Updates

We have added support for EU endpoints to our NetSuite integration. You can now select EU endpoints when configuring provisioning for NetSuite.

New Application Integrations

SWA for the following Okta Verified applications

  • Apple Search Ads (OKTA-129245)

  • Contract Express (OKTA-129632)
  • TELUS Business Connect Voice Manager (OKTA-128491)

Okta Mobility Management (OMM) (iOS and Android)

My MWC Shanghai (OKTA-128667)

2017.25

Application Integration Updates

  • Org2Org group membership update jobs are more resilient. Previously, jobs failed as soon as any user within the update failed; therefore, not all users were updated who could have been. Now jobs fail only when more than 90% of the user's group memberships fail to update.

    The 90% threshold exists to detect and prevent situations where the Org2Org connector, or the target instance, are incorrectly configured and the job terminates early.

  • We have enhanced Smartsheet provisioning to support User Reactivation. For this enhancement to take effect, you need to re-save Provisioning settings for any existing app instances.

    For details about Smartsheet provisioning, see the Smartsheet Provisioning Guide.

New Application Integrations

SAML for the following Okta Verified applications

  • Contently (OKTA-128326)
  • StartMeeting (OKTA-128482)
  • ValiMail (OKTA-129219)

SWA for the following Okta Verified applications

  • Google My Business (OKTA-129217)
  • Nationstar (OKTA-130026)
  • PennyMac (OKTA-130028)

2017.24

Application Updates

We've enhanced error handling for Service Now Eureka app provisioning.

New Application Integrations

SAML for the following Okta Verified applications

  • CloudAMQP (OKTA-127339)

  • Findo (OKTA-126795)

  • Gliffy (OKTA-128907)

  • ProdPad (OKTA-126422)

SWA for the following Okta Verified application

  • American Modern Agent Login (OKTA-128670)

2017.23

Application Updates

We've enhanced the following integrations:

  • BambooHR: Schema Discovery now supports attributes with numerical names. Previously, we only imported attributes with alpha-character aliases, such as hireDate. Note that attributes that are members of BambooHR Tables are not supported at the moment.

  • Rally: Schema Discovery now supports all Rally user attributes available through the API, in addition to custom attributes.

    UltiPro: We've improved error messaging for provisioning international employees.

We've implemented Provisioning for the following Partner-Built application:

New Application Integrations

SAML for the following Okta Verified applications

  • Five9 Plus Adapter for Zendesk (OKTA-127619)

  • Helpjuice (OKTA-126793)

  • Infor Cloud (OKTA-93453)

  • Mode Analytics (OKTA-126792)

SAML for the following Community Created application

  • Realtime Board (OKTA-126428)

SWA for the following Okta Verified application

  • ScholarOne (OKTA-127984)

We've added the following Mobile application for use with Okta Mobility Management (OMM) (iOS)

  • OrgWiki (OKTA-128240)

2017.22

We have implemented the following application integrations:

SAML for the following Okta Verified applications

  • Airtable (OKTA-124530)
  • Beam (OKTA-124524)
  • OnDMARC (OKTA-126212)
  • Tesorio (OKTA-127504)

SWA for the following Okta Verified applications

  • AvidXchange (OKTA-127776)
  • Travelport ViewTrip (OKTA-126959)

We've added the following Mobile application for use with Okta Mobility Management (OMM) (iOS and Android)

  • Salesforce.com (Federated ID) (OKTA-55571)

2017.21

Application integration updates

  • Euromonitor Passport: We've removed Custom SSO Mode (note that SAML SSO was implemented earlier this year). For more details, see How to Configure SAML 2.0 for Euromonitor Passport.
  • Egnyte: We now send the IdP Username as the Name ID value in the SAML assertion if available. If not available, we send the Username.

New application integrations

We have implemented the following:

SAML for the following Okta Verified applications

  • Benchling for Enterprise (OKTA-122008)

  • ClearStory Data (OKTA-125199)

  • cmpute.io (OKTA-120176)

  • Gliffy (OKTA-126552)

  • Klue (OKTA-124525)

  • LogicManager (OKTA-117451)

  • MuleSoft - Anypoint Platform (OKTA-108055)

  • Workato (OKTA-125200)

SWA for the following Okta Verified applications

  • Cannex Customer Portal (OKTA-126589)

  • Santander (OKTA-126270)

  • SilkRoad Learning (GreenLight) (OKTA-126207)

  • Sitrion (OKTA-126937)

  • Virtru (Google Login) (OKTA-126142)

Mobile application for use with Okta Mobility Management (OMM) ( iOS only)

  • ComplianceWire SWA (OKTA-126740)

2017.19

Application integration updates

We have changed the names of the following app integrations:

  • SmartRecruiters is now SmartRecruiters (SWA Only)
  • SmartRecruiters SAML is now SmartRecruiters (this app has provisioning and SAML functionalities)

We have implemented the following:

SAML for the following Okta Verified applications

  • StatusCast (OKTA-93551)

SWA for the following Okta Verified applications

  • Infor EAM (OKTA-120077)

Mobile application for use with Okta Mobility Management (OMM) (Android and iOS)

  • Infor EAM (OKTA-119531)

Mobile application for use with Okta Mobility Management (OMM) (Android)

  • Outlook Web Access - 2003 (OKTA-124388)

2017.18

We have implemented the following:

SAML for the following Okta Verified applications

  • Orginio (OKTA-123619)
  • ParkMyCloud (OKTA-123570)

SAML for the following Community Created application

  • PageUp (OKTA-66973)

Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Ceridian Dayforce HCM (OKTA-122004)
  • Global Relay Archive (OKTA-122777)
  • My M360 by GSMA (OKTA-123799)

Mobileapplication for use with Okta Mobility Management (OMM) (IOS only)

  • GoodNotes (OKTA-122663)

SWA for the following Okta Verified applications:

  • HBS Timesuite (OKTA-123531)

  • Lender Price (OKTA-123320)
  • My Atlassian (OKTA-123161)
  • PeopleStrategy (OKTA-123366)
  • Schwab Advisors UAT (OKTA-122167)

2017.17

We have implemented the following:

SAML for the following Okta Verified applications

  • Palo Alto Networks - CaptivePortal (OKTA-112813)

  • Palo Alto Networks - GlobalProtect (OKTA-113138)

  • SigOpt (OKTA-122575)

SWA for the following Okta Verified applications

  • Bank Of The West - WebDirect (OKTA-120423)

  • Client Track (OKTA-122171)

  • My Cloud (OKTA-122215)

  • ONE by AOL: Video (OKTA-122583)

2017.16

We've implemented the following:

SAML for Community Created applications

  • Cylance (OKTA-118387)

  • Logit (OKTA-116516)

  • TurboRater (OKTA-121517)

SAML for Okta Verified applications

  • Detectify (OKTA-122007)

  • HPE Connected MX (OKTA-117314)

  • Recognize (OKTA-116273)

  • Vena (OKTA-116275)

  • YardiOne Dashboard (OKTA-117894)

SWA for Okta Verified applications

  • America First Credit Union (OKTA-122681)
  • MasterCard Smart Data (OKTA-122268)
  • ONE by AOL: Video (OKTA-121268)

OMM for iOS only

  • GlobalMeet Web Audio (OKTA-118774)

OMM for iOS and Android

    • GlobalMeet Audio (OKTA-118774)
  • 2017.15

    We've implemented the following:

    SAML for the following Community Created application

    • Sisense (OKTA-119574)

    SAML for the following Okta Verified applications

    • Akamai Enterprise Application Access (OKTA-116573)

    • Amazon Appstream (OKTA-117136)

    • Bugsnag (OKTA-120278)

    • ClearCompany (OKTA-120378)

    • Dialpad (OKTA-120168)

    • DigiCert (OKTA-121112)

    • F5 BIG IP (OKTA-111494)

    • Five9 Plus Adapter for Agent Desktop Toolkit (OKTA-120279)

    • Gatekeeper (OKTA-119753)

    • IBMid (OKTA-117726)

    • SalesLoft (OKTA-120019)

    • Shufflrr (OKTA-116274)

    • ThirdPartyTrust (OKTA-119751)

    Application enhancement

    We have enhanced our Evernote integration to include support for Business Sandbox environments for SWA, SAML, and Provisioning.

    2017.13

    We've implemented the following:

    SWA for the following Okta Verified applications:

    • IBM Connections (OKTA-119786)

    • LoansPQ (OKTA-119828)

    • TrueAbility (OKTA-119073)

    SAML for the following Okta Verified applications:

    • Blueboard (OKTA-117705)

    • BoardEffect (OKTA-120303)

    • Oracle Hyperion EPM Cloud Services (OKTA-116517)

    We've added the following Mobile application for use with Okta Mobility Management (OMM) (Android and iOS):

    • Reflektive (OKTA-118779)

    We've added the following Mobile applications for use with Okta Mobility Management (OMM) (iOS only):

    • GreatVines Beverage Sales Execution (OKTA-119035)

    • Invision (OKTA-120152)

    2017.12

    We've implemented the following:

    SWA for the following Okta Verified applications:

    • BEAMGroups (OKTA-119020)

    • Cashet (OKTA-118123)

    • Chrome River (OKTA-119192)

    • Citrix Receiver (OKTA-116900)

    • Glip (OKTA-118950)

    • KnowBe4 (OKTA-118147)

    • LoansPQ (OKTA-116896)

    SAML for the following Okta Verified applications:

    • Aurion (OKTA-109423)

    • BearTracks (OKTA-114504)

    • bob (OKTA-114648)

    • Lattice (OKTA-119365)

    • Lessonly (OKTA-114044)

    • Skyhigh Networks (OKTA-118138)

    • When I Work (OKTA-117854)

    SAML for the following Community Created application:

    • SoapboxHQ (OKTA-83597)

    We've added the following Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS):

    • Basecamp (OKTA-118773)

    • Birst (OKTA-118938)

    • Glip (OKTA-119377)

    • Livestream (OKTA-118776)

    • Workfront (OKTA-119072)

    We've added the following Mobile application for use with Okta Mobility Management (OMM) (iOS only):

    • InVisionApp (OKTA-118777)

    We've changed Signature/Digest algorithms from SHA1 to SHA256 for the following SAML apps:

    • CloudMine (OKTA-114839)

    • Snowflake (OKTA-114823)

    • Titanfile (OKTA-114834)

    2017.11

    Application enhancement

    • We have enhanced the Amazon Web Services (AWS) configuration screen to reduce sensitive information displayed.

    We've implemented the following:

    SWA for the following Okta Verified applications:

    • CBRE-EA (OKTA-115150)

    • A Cloud Guru (OKTA-117538)

    • Adstream (OKTA-115203)

    • Alerus Financial Retirement Account Access (OKTA-116702)

    • Atlassian Cloud (OKTA-118934)

    • BirdDogHR (OKTA-115842)

    • Cook County Illinois (OKTA-109891)

    • Ensighten (OKTA-117875)

    • J. P. Morgan Markets (OKTA-115883)

    • Merchant e-Solutions (OKTA-116199)

    • Western Union Point of Sale (OKTA-114908)

    SAML for the following Okta Verified applications:

    • Bambu by Sprout Social (OKTA-116521)

    • ContractSafe (OKTA-116632)

    • Euromonitor Passport (OKTA-117579)

    • FotoWeb (OKTA-99225)

    • HireVue (OKTA-112967)

    • LiGO (OKTA-115115)

    • Merlin Guides (OKTA-115970)

    • Nmbrs (OKTA-117137)

    • Onshape (OKTA-115971)

    • Platform9 (OKTA-97788)

    • Schwab Compliance Technologies (OKTA-108582)

    • Secret Server (OKTA-115972)

    • Splunk Cloud (OKTA-114946)

    • Testable (OKTA-115562)

    We've added the following Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS):

    • Certify (OKTA-115303)

    • Greenhouse (OKTA-115836)

    • Hightower (OKTA-87082)

    • Procore (OKTA-115699)

    • Pulse Connect Secure VPN (OKTA-115309)

    • VLC (OKTA-117613)

    2017.10

    We've implemented SWA for the following Okta Verified application:

    • LoansPQ (OKTA-116896)

    We've added the following Mobile application for use with Okta Mobility Management (OMM) (Android and iOS):

    • Zoom (OKTA-116961)

    2017.09

    We've implemented the following:

    SWA for the following Okta Verified application:

    • BT Cloud Phone (OKTA-110344)

    SAML for the following Okta Verified applications:

    • Fujitsu RunMyProcess (OKTA-114630)

    • myPolicies (OKTA-113177)

    We 've changed Signature/Digest algorithms from SHA1 to SHA256 for the following SAML apps:

    • Bonusly (OKTA-114813)

    • Bullhorn (OKTA-113959)

    • Dell Boomi SAML (OKTA-114810)

    • GoodData (OKTA-114830)

    • HighQ (OKTA-114811)

    • Intuit Quickbase with SubDomain (OKTA-114812)

    • iPass (OKTA-114837)

    • Joomla (OKTA-114838)

    • Keylight Platform by LockPath (OKTA-114840)

    • SocialText (OKTA-114826)

    • SpringCM (OKTA-114829)

    • WidenCollective (OKTA-114809)

    2017.05

    JIRA Cloud and JIRA on-premise app integration

    We have added the option to send email notifications upon user creation to the JIRA Cloud and JIRA on-premise app integrations.

    We'e implemented the following:

    SWA for the following Okta Verified applications:

    • Adjust (OKTA-113618)

    • Apple MyAccess (OKTA-113555)

    • Awesome Screenshot (OKTA-113632)

    • Framer Cloud (OKTA-113964)

    • Google Partner Dash (OKTA-113487)

    • Google Tag Manager (OKTA-113211)

    • Kanbans (OKTA-69763)

    • Predictive Policing (OKTA-111943)

    • Principal Advisor (OKTA-112103)

    • WestNet Learning (OKTA-114255)

    SAML for the following Okta Verified applications:

    • Duo Network Gateway (OKTA-111954)

    • Honest Buildings (OKTA-112673)

    • Keeper Password Manager and Digital Vault (OKTA-112806)

    • LiveRamp Connect (OKTA-113207)

    • MetricStream (OKTA-111284)

    • Qminder (OKTA-112438)

    • RFPIO (OKTA-112823)

    • Velpic (OKTA-113130)

    SAML for the following Community Created applications:

    • Splunk Cloud (OKTA-96258)

    We've added the following Mobile application for use with Okta Mobility Management (OMM):

    • Cornerstone OnDemand (OKTA-114007)

    • MyMWC - GSMA (OKTA-112838)

    • SDGs in Action (OKTA-110663)

    • SDGs in Action (OKTA-110663)

    We've changed Signature/Digest algorithms from SHA1 to SHA256 for the following SAML apps:

    • AbsorbLMS (OKTA-114002)

    • ACL GRC (OKTA-112483)

    • ANCILE uAlign (OKTA-112835)

    • BenefitSolver (OKTA-112466)

    • Bright Funds (OKTA-112472)

    • BSwift (OKTA-113982)

    • Changepoint (OKTA-114004)

    • Cisco Spark Platform (OKTA-113962)

    • Corcentric COR360 (OKTA-113989)

    • Corpedia (OKTA-112484)

    • CultureWizard (OKTA-112487)

    • Daptiv (OKTA-112488)

    • Eloqua (OKTA-113985)

    • Everbridge Manager (OKTA-112458)

    • GetThere (OKTA-112490)

    • IBM Global Expense Reporting Solutions (GERS) (OKTA-112459)

    • iMeetCentral (OKTA-112477)

    • Information Center (Deprecated)(OKTA-112478)

    • Introhive (OKTA-112491)

    • Intuit Quickbase without SubDomain (OKTA-112462)

    • KnowBe4 (OKTA-112463)

    • LeanKit (OKTA-114001)

    • MyComplianceOffice (OKTA-112493)

    • Novatus (OKTA-113963)

    • Qvidian (OKTA-113995)

    • SAP NetWeaver (OKTA-113987)

    • Schoolzilla (OKTA-112464)

    • Selectica (OKTA-113997)

    • TalentWise (OKTA-112460)

    • Towers Watson Case Management (OKTA-112470)

    • Whitehat Security (OKTA-113977)

    • Zoho (OKTA-112479)

    • ZoomForth (OKTA-112480)

    2017.02

    We have implemented the following:

    Application integrations enhancements

    Trello apps have been renamed to: Trello (SWA Only) and Trello (for SAML)

    SWA for Okta verified applications

    • Fidelity & Guarantee Life (OKTA-110857)

    • Untangled Solutions (OKTA-110783)

    SAML for Okta verified applications

    • Citrix Netscaler Gateway (OKTA-111142)
    • Five9 Agent Desktop Plus (OKTA-111282)

    • GpsGate (OKTA-111458)

    • Wiredrive (OKTA-110761)

    SAML for community created applications

    • Benefex RewardHub (OKTA-108578)
    • Caspio (OKTA-97787)

    • Sustainovation Hub (OKTA-110852)

    • WidePoint - ITMS (OKTA-102918)

    Change to Signature/Digest algorithms from SHA1 to SHA256 for all the following SAML apps

    • Jobvite (OKTA-112093)

    2017 Bug Fixes

    2017.52 Bug Fixes (combines 2017.51 and 2017.52 releases)

    • OKTA-65773 – The number of users did not display correctly in the Password Reset Filter on the People page.
    • OKTA-135913 – The Password Reset list only showed two users. The Admin had to select Show More to see the full list.
    • OKTA-138274 – When creating or updating a group in Slack, existing members of the group in Slack are now downloaded into Okta. This fixed an issue where subsequent group membership could not be updated on the group.
    • OKTA-143576 – Users were not forced to reset a temporary password after their accounts were locked and subsequently unlocked.
    • OKTA-144882 – Group Push errors for the Slack app could not be fixed or deleted.
    • OKTA-145449 – Org2Org now respects rate limits and automatically reschedules the provisioning job if rate limits are exceeded.
    • OKTA-146217 – The VPN setup page failed to load for some customers.
    • OKTA-146835 – Importing users from Active Directory failed after selecting no secondary email, if a value for secondary email was previously mastered and mapped in Active Directory.
    • OKTA-147768 – The app user property Personal Meeting Room URL could not be mapped when pushing users to WebEx.
    • OKTA-148505 – Password complexity rules were not fully localized.
    • OKTA-148558 – The link expiration time sent in the Password Reset email varied from the time specified in the password policy.
    • OKTA-149651 – Group rules did not retrieve all specified Okta-mastered groups when there were other groups with similar names.
    • OKTA-149782 – Auto Launch for Bookmark apps could not be enabled.
    • OKTA-150877 – Importing users from Active Directory and mapping them to existing users failed if the existing users had mappings to an app instance that was previously deleted by a group membership change.
    • OKTA-151726 – Active Directory groups with an asterisk (*) in their names did not appear in the group list.

    2017.52 App Integration Fixes (combines 2017.51 and 2017.52 releases)

    The following SWA apps were not working correctly and are now fixed

    • Creditsafe (OKTA-153212)

    • ISO PAAS (OKTA-151277)

    • JWPlayer (OKTA-152062)

    • KISS Metrics (OKTA-150894)

    • Schwab Equity Award Center (OKTA-152286)

    The following SAML apps were not working correctly and are now fixed

    • IBM SmartCloud for Social Business (OKTA-152015)

    • JobScience (OKTA-149440)

    2017.50 Bug Fixes

    • OKTA-145602 – Erasing all IP addresses in the Default IP Blacklist zone caused an error to display.
    • OKTA-146677 – When performing a group push for SCIM apps, Okta overwrote the group memberships for that group.
    • OKTA-147424 – While creating or updating user profiles using Profile Sync provisioning type for a Microsoft Office 365 app, the email address could be updated in Office 365; consequently, the attribute was no longer pushed during these profile updates. Additionally, the mapping in Universal Directory was removed for this attribute.
    • OKTA-148212 – When provisioning to an app failed after assigning the app to a group, the app User Profile details were not displayed.
    • OKTA-148275 – When using the Edge browser, the security image was not displayed during Sign On. Additionally, Multifactor Authentication on a per-app basis was not available after installing the Okta Browser Plugin for Edge.
    • OKTA-148314 – The export to a CSV file from the MFA Usage report was formatted incorrectly.
    • OKTA-148668 – The System Log did not track the addition of a new Administrator correctly.
    • OKTA-149861 – The link to the CSV version of the Applications Access Audit report for current assignments was not functional.
    • OKTA-149888 – The display name could not be updated during a profile push to the Slack app. As a result, the property was no longer pushed during profile updates but still can be pulled from Slack.
    • OKTA-150748 – Multifactor Authentication for Microsoft RDP was not available under certain circumstances.

    2017.50 App Integration Fixes

    The following SWA apps were not working correctly and are now fixed

    • Absolute Console (OKTA-150815)

    • Amazon (OKTA-151850)

    • Cain Travel (OKTA-150780)

    • Cardmember Service by Elan Financial Services (OKTA-150776)

    • Corporate Perks (OKTA-150781)

    • Envoy (OKTA-150770)

    • J.Crew (OKTA-151571)

    • Kestra Financial (OKTA-150774)

    • Softchoice (OKTA-150773)

    • Ticketmaster (OKTA-150772)

    • TimeOff Manager (OKTA-150635)

    The following SAML app was not working correctly and is now fixed

    • JIRA On-Prem (OKTA-135556)

    2017.49 Bug Fixes (combines 2017.48 and 2017.49 releases)

    • OKTA-128322 – Attempting to sign in to the JIRA On-prem app or the Confluence On-prem app did not create a new session if the user already had a valid browser session for the app.
    • OKTA-137503 – The Reset Password screen did not require that only one user category be selected.
    • OKTA-140940 – Buttons on the Group Assignment screen were not aligned properly.
    • OKTA-144636 – Password requirements were incorrectly evaluated on passwords longer than 72 characters.
    • OKTA-146332 – Some imports failed for the NetSuite app.
    • OKTA-146398 – After disabling Duo Security as a Multifactor Authentication factor, it still appeared on the multifactor page.
    • OKTA-146745 – Some App users were not found in the System Log when searching for events by Display Name.
    • OKTA-147353 – Some attributes imported from SuccessFactors had their values in the Okta profile set to external codes (identifiers configured in SuccessFactors).
    • OKTA-147406 – Users were prompted for passwords on iOS 10.3 devices, even though Certificate Based Authentication was enabled for them on Microsoft Exchange ActiveSync.
    • OKTA-147430 – After updating the application username format in the Application Integration Wizard SAML App, multiple requestable SSO URLs were deleted.
    • OKTA-147965 – The System Log did not display password reset entries that were denied.
    • OKTA-147997 – Adding the RememberMe cookie during login through JIRA authenticator configuration was not supported.
    • OKTA-148200 – Accessing the Confluence On-prem app redirected users to sign in to Okta even when their accounts were not present in Okta.
    • OKTA-148873 – Updating the Connector Configuration for On-Prem Provisioning settings for an app caused an error.
    • OKTA-149267 – Users could not access the JIRA On-prem app during SP-initiated login using JIRA versions later than 3.0.3.
    • OKTA-149329 – When converting individual users from individual to group assignments, admins were advised that some users who were eligible for conversion were not listed, when all eligible users were listed.
    • OKTA-150318 – Okta improved the admin System Log message for Salesforce provisioning integration when any provisioning operation; for example, profile updates or push password, failed due to Salesforce API rate limit constraints.
    • OKTA-150713 – Installation of the Okta Active Directory Agent on Windows 2012R2 server may fail in some situations.

    2017.49 App Integration Fixes (combines 2017.48 and 2017.49 releases)

    The following SWA apps were not working correctly and are now fixed

    • AccessAudi (OKTA-149978)

    • FedEx US (OKTA-149239)

    • General Motors GlobalConnect (OKTA-149897)

    • Hellofax (OKTA-150611)

    • HelloSign (OKTA-149952)

    • iStock (OKTA-147972)

    • Linux Academy (OKTA-149374)

    • Microsoft Intune Company Portal (OKTA-149953)

    • NFL Game Pass (US) (OKTA-150001)

    • PayPal (OKTA-149500)

    • PlanGrid (OKTA-149956)

    • RingCentral (OKTA-149957)

    • RingCentral (UK) (OKTA-149976)

    • RingCentral SWA (OKTA-149388)

    • Segment (OKTA-149947)

    • Squarespace V6 (OKTA-149951)

    • TechSoup (OKTA-149955)

    • The Australian (OKTA-148795)

    • Twilio (OKTA-148606)

    • Upwork (OKTA-149097)

    • Webassessor (OKTA-149960)

    The following SAML app was not working correctly and is now fixed

    • WebEx (Cisco) (OKTA-141708)

    2017.47 Bug Fixes (combines 2017.46 and 2017.47 releases)

    • OKTA-135228 – For orgs with Push Groups enhancements enabled, Okta no longer updates the email address of a group when pushing updates to Google
    • OKTA-136225 – Automatic activation of some Active Directory end users failed under certain circumstances.
    • OKTA-137204 – A manual import from ServiceNow could not be completed.
    • OKTA-138265 – AD-mastered users could not sign into Okta if their passwords contained unicode characters.
    • OKTA-141457 – When users chose to reveal passwords, they could type characters into the password field.
    • OKTA-141780 – The logo for the Generic RADIUS app could not be edited.
    • OKTA-142922 – The System Log did not track successful IdP-initiated login events to Microsoft Office 365. This feature requires Okta customer support to enable it for your org.
    • OKTA-143716 – The display date for notifications lists was not fully localized.
    • OKTA-143904 – When using Group Push, unlinking a push group and keeping the group in target application prevented the group from being re-imported into Okta.
    • OKTA-143942 – The System Log recorded client access policy denials as successful authentication events.
    • OKTA-143955 – When users were deactivated, Admins were presented with a misleading message reading "Deactivation email sent to n people". The message text now correctly reads "n people deactivated".
    • OKTA-144534 – The error messages on the sign page during Okta Verify MFA were not localized.
    • OKTA-144750 – Some fields of failed MFA logins were not properly displayed in the Suspicious Activity Report.
    • OKTA-145117 – The System Log entry corresponding to successfully importing a new member to an app group event was incomplete.
    • OKTA-145625 – New customers were not able to setup Android for work with Managed Play Accounts.
    • OKTA-146048 – When resetting a password, the New Password screen was not visible for some users.
    • OKTA-146134 – End User App Settings on the General tab were not fully localized.
    • OKTA-146457 – The Okta Privacy Policy Page did not render correctly on mobile devices.
    • OKTA-146725 – The System Log entry corresponding to failed authentication to Active Directory had missing error codes
    • OKTA-146744 – Time expressions were not localized in customized email templates.
    • OKTA-147616 – Some Okta users were deactivated after the recent introduction of an Effective Date feature in the BambooHR app for organizations that were using the pre-start interval feature .
    • OKTA-147970 – Admins could not configure mobile apps for an OAuth 2.0/OpenID Connect native client.
    • OKTA-148451 – After changing a profile attribute, the profile sync from Okta to Active Directory did not start automatically.
    • OKTA-148721 – When some users clicked on an expired forgot password link, Okta became unresponsive.
    • OKTA-149046 – With the release of 2017.45, a handful of organizations with early access feature SAML_SUPPORT_ARRAY_ATTRIBUTES enabled may have experienced functional disruption to their AWS SSO flow. End users in impacted organizations either saw limited roles available when accessing AWS or were shown the error message: Your request included an invalid SAML response.
    • OKTA-149283 – Time expressions were not localized in customized email templates.

    2017.47 App Integration Fixes (combines 2017.46 and 2017.47 releases)

    The following SWA apps were not working correctly and are now fixed

    • Authorize.Net Merchants (OKTA-148370)
    • Barclaycard (OKTA-148011)
    • Amazon (OKTA-149084)
    • Amazon CA (OKTA-148898)
    • Amazon DE (OKTA-148475)
    • Amazon UK (OKTA-148897)
    • Amazon Web Services (OKTA-149088)
    • Booker (OKTA-146439)
    • Carta (OKTA-147973)
    • Citrix Receiver (OKTA-148386)
    • CRG emPerform (OKTA-147542)
    • EverBridge (OKTA-148344)
    • FogBugz (OKTA-147545)
    • Instagram (OKTA-148040)
    • J.P. Morgan Markets (OKTA-148904)
    • Knoll (OKTA-148051)
    • LegalZoom (OKTA-147377)
    • LucidChart (OKTA-147729)
    • Maxwell Health (OKTA-147827)
    • Microsoft Dynamics CRM Online (OKTA-149074)
    • Mint Bills (OKTA-147827)
    • MSDSonline (OKTA-147186)
    • Ray Wenderlich (OKTA-148510)
    • Subaru Partners (OKTA-148485)
    • Uber (OKTA-148431)
    • Vanguard (OKTA-148206)
    • Virgin Pulse (OKTA-148204)
    • Wescom Credit Union (OKTA-147541)

    The following SAML apps were not working correctly and are now fixed

    • 6sense ABM and Analytics (OKTA-148708)

    • TOPdesk 5 (OKTA-145409)

    2017.45 Bug Fixes

    • OKTA-129750 – Adding a RADIUS app for RADIUS authentication did not enable the extra verfication end-user settings for some customers.
    • OKTA-139543 – End users who were locked in Okta could connect to a VPN by providing the correct Multifactor Authentication token.
    • OKTA-140434 – Provisioning errors were not tracked in the System Log for the GoToMeeting app.
    • OKTA-142050 – Provisioning failure errors were not tracked in the System Log for the Salesforce app.
    • OKTA-142758 – Some users could not use API token authentication with the IWA agent v1.11.0.
    • OKTA-142976 – Activate User failed when called from the People page with a Pending Activation filter, if the Profile Editor used a Boolean custom attribute containing special characters.
    • OKTA-144878 – The Push Verify Activation email templates were not translated consistently.
    • OKTA-145578 – Admins could not edit group rules.
    • OKTA-145605 – In most browsers a display issue prevented the addition of new groups to a group membership rule if there were more than 50 groups.
    • OKTA-145720 – Updates to Okta user profiles failed when custom attribute values contained 4-byte UTF-8 characters.
    • OKTA-145784 – In some cases, the user count displayed when converting individual users to group users was incorrect.
    • OKTA-146210 – The help text for the Provisioning tab was not in the correct location.
    • OKTA-146770 – Some text in Okta Verify localized for Chinese was not properly translated.
    • OKTA-147366 – The link from the Admin console to the release notes failed.
    • OKTA-147929H – Admins sending emails to large mail lists caused significant performance issues.

    2017.45 App Integration Fixes

    The following SWA apps were not working correctly and are now fixed

    • FedEx US (OKTA-146605)

    • Lead2Lease (OKTA-146486)

    • LeadLander (OKTA-144833)

    • Microsoft SharePoint Online Office 365 (OKTA-146946)

    • Mint (OKTA-147361)

    • Okta Community (OKTA-146382)

    • PlanGrid (OKTA-146598)

    • Proofpoint Secure Share (OKTA-145653)

    • Velaro (OKTA-132288)

    • Woopra (OKTA-146487)

    The following SAML app was not working correctly and is now fixed

    • Citrix Netscaler Gateway (OKTA-145561)

    2017.44 Bug Fixes (combines 2017.43 and 2017.44 releases)

    • OKTA-128067 – Okta to Microsoft Office 365 group synchronization sometimes caused Office 365 contacts to disappear from distribution groups. This correction applies to the Early Access feature to update the Member attribute in Office 365 groups when a new user is provisioned.
    • OKTA-137826 – Admins could not assign an application to a user due to a mapping error when the user profile was mastered from an app with numeric attributes mapped to a fixed numeric value.
    • OKTA-138151 – Group rules failed during JIT login and removed users from the group.
    • OKTA-139772 – Events for the JIRA app were not tracked in the System Log.
    • OKTA-140296 – Roles assigned for the Salesforce app were not saved.
    • OKTA-140362 – When adding new members to an app group, the AppUser target in the System Log was not recording the DisplayName.
    • OKTA-140509 – The Okta Verify activation link was not localized.
    • OKTA-140900 – Email as a required factor for Multifactor Authentication did not work properly with RADIUS.
    • OKTA-140980 – Some users were imported from LDAP incorrectly and became Okta-mastered because of an invalid date format.
    • OKTA-141137 – Some mobile administrators could not change mobile policy rules.
    • OKTA-141984 – When attempting to change an expired password, some users received an Unable to connect to the server error.
    • OKTA-142114 – Custom Enterprise iOS apps could not be uploaded to hosted app store if they are not properly signed.
    • OKTA-142627 – System Log events were not generated for voice call factor attempts.
    • OKTA-143910 – Some security Network Zones could not be deleted.
    • OKTA-144104 – Words and phrases in several screens were not localized correctly.
    • OKTA-144294 – The policy screen for apps was not visible for some organizations.
    • OKTA-144432/OKTA-144891 – The Sign In error message was not always localized.
    • OKTA-144652 – The French translation contained double quotation marks (") instead of apostrophes (').
    • OKTA-144661 – The country list used when setting up an SMS factor was not sorted.
    • OKTA-145004 – The link for an email confirmation change page was not translated.
    • OKTA-145630 – The enhanced profile page was not accessible to users of the Developer Paid Edition.
    • OKTA-146566 – AUser not assigned to app error was returned from a GET/oauth2/v1/authorize for OAuth clients with a custom client ID.

    2017.44 App Integration Fixes (combines 2017.43 and 2017.44 releases)

    The following SWA apps were not working correctly and are now fixed

    • Adjust (OKTA-145895)

    • AlertLogic (OKTA-145349)

    • AppRiver (OKTA-145520)

    • Code42 Single Tenant (OKTA-146498)

    • D&B Hoovers (OKTA-145596)

    • DealerTrack (OKTA-145445)

    • DriveHQ (OKTA-145588)

    • EchoSpan (OKTA-146213)

    • eWallet ADP (OKTA-144251)

    • FedEx US (OKTA-145604)

    • Gandi.net (OKTA-145396)

    • GoodHire (OKTA-145735)

    • HealthEquity (OKTA-145024)

    • iSqFt (OKTA-146076)

    • My Health Online (Sutter Health) (OKTA-146240)

    • MySonicWall (OKTA-144680)

    • NFL Game Pass (OKTA-145211)

    • Papyrs (OKTA-145431)

    • Right Networks Server (OKTA-145270)

    • Site24x7 (OKTA-143583)

    • Stamps.com (OKTA-146045)

    • Tenable Support Portal (OKTA-144822)

    • Visual Studio (OKTA-143568)

    • ZeroFox (OKTA-145166)

    2017.42 Bug Fixes

    • OKTA-127045 – The Email Verification, Email Factor Challenge and Send Push Verify Activation Link email templates were not translated.
    • OKTA-140149 – Error messages for failed Active Directory authentications weren't recorded in the System Log.
    • OKTA-140515 – Okta Verify push notifications were displayed in English, regardless of the org's configured language.
    • OKTA-141158 – The Privacy Policy page did not display correctly on mobile devices.
    • OKTA-141770 – Adding specific applications to the list of apps managed by an App Admin failed if the app name contained the pipe character ( | ).
    • OKTA-141960 – For orgs using the EA feature Graph API provisioning for Microsoft Office 365, updating O365 group membership using Group Push failed.
    • OKTA-142985 – Admins were unable to reuse a group name with Group Push rules if the original group was deleted.
    • OKTA-143578 – When attempting to convert users from individual to group-based assignments, an incorrect banner message displayed.
    • OKTA-143855 – The Change Email Confirmation email template was not translated.
    • OKTA-144432 – When resetting a password, an error message sometimes displayed in English instead of the language configured in the browser.
    • OKTA-144435 – Some text on the Okta Sign In screen was not translated into Danish.
    • OKTA-144437 – When using an expired reset password link or an expired unlock account link, the French error message was not consistent with the English.
    • OKTA-144657 – When selecting a long security question in French, the field extended beyond the dialog box.
    • OKTA-144928H – Deleting an Admin who had previously approved self-service app requests sometimes impacted the ability of other Admins to approve future requests.

    2017.42 App Integration Fixes

    The following SWA apps were not working correctly and are now fixed

    • Beeline TMS (OKTA-144601)

    • GoToMeeting (OKTA-144380)

    • Instacart (OKTA-144442)

    • iSupport (OKTA-144603)

    • Microsoft SharePoint Online Office 365 (OKTA-144418)

    • Schwab Personal Finance (OKTA-144444)

    • Spectrum Time Warner Cable (OKTA-144602)

    • UsabilityHub (OKTA-144596)

    • Virgin Pulse (OKTA-144600)

    The following SAML apps were not working correctly and are now fixed

    • FreshService (OKTA-138139)

    • Mobi Wireless Management (OKTA-142935)

    2017.41 Bug Fixes

    • OKTA-136019 – The corresponding user not found error was missing from the WebEx app.
    • OKTA-139077 – In the Okta Authentication Notification email, text under Sign-In Details appeared in English regardless of the configured language.
    • OKTA-139667 – The link to reset password by email was visible even when email was disabled as a recovery factor.
    • OKTA-140535 – The error message that appears when an invalid phone number is entered during SMS enrollment was not correctly translated into Finnish.
    • OKTA-141876 – Deleting Okta users with Username/Login attribute values containing 99 or 100 characters failed.
    • OKTA-143329 – App Administrators received a 403: Forbidden error when attempting to access the Applications page.
    • OKTA-143712 – App Administrators could not accept or save new app assignments.
    • OKTA-143913 – Existing App Administrators could not be removed from that role.

    2017.41 App Integration Fixes

    The following SWA apps were not working correctly and are now fixed

    • AWS Console (OKTA-143728)

    • Paylocity Web Pay (OKTA-143122)

    The following SAML app was not working correctly and is now fixed

    • LogicMonitor (OKTA-142693)

    2017.40 Bug Fixes

    • OKTA-136489 – The Webex Personal Room URL failed to update when the end user profile was updated. The fix adds a check-box on the Provisioning tab for the Webex (Cisco) app to enable such updates.

    • OKTA-137447 – When importing end users from an Oracle OID LDAP server, only some were imported successfully.
    • OKTA-138926 – The error message that displayed on the MFA verification screen displayed in end users' locale language instead of the default browser language.
    • OKTA-140027H - When integrating AWS with Okta, adding a 40th Connected Account ID failed.
    • OKTA-140622 – When importing or provisioning end users in Salesforce, not all profile types were available.
    • OKTA-140486 – Some of the text in the Okta MFA challenge screen displayed in English instead of Italian.
    • OKTA-141462 – Signing into Okta using certificate-based primary authentication failed for some end users.

    • OKTA-142196H – In orgs with the Early Access MFA feature, Android device users were not prompted for MFA after entering their PIN even though their org had an MFA policy configured to challenge end users.
    • OKTA-143003H - Some users who had not yet activated their Okta account were locked in the Reset Password status.
    • OKTA-143497H – Error messages on the Okta Sign In page appeared in English regardless of the configured language.

    2017.40 App Integration Fixes

    The following SWA apps were not working and are now fixed

    • J.P. Morgan Markets (OKTA-142766)

    • Newport Group (OKTA-142163)

    • United Health Care (OKTA-142401)

    2017.39 Bug Fixes

    • OKTA-133742 – An http 429 response code caused a cascading effect on end users' Home pages.
    • OKTA-134017 – Clicking Show More in the System Log was slow to yield results.

    • OKTA-134515 – AD provisioning failures generated the following Dashboard Task: Automatic activation of user <user name> to app Active Directory failed: null.
    • OKTA-137109 – In some cases, Okta returned response code 200 with a SAML response in the OPTIONS request, and in other cases, response code 302. Response code 200 is now returned in all cases with no SAML response to an OPTIONS request.
    • OKTA-137268 – The ExactTarget app failed to create new users when provisioning was enabled.
    • OKTA-138118 – The user reactivation function failed during provisioning for the UltiPro app.
    • OKTA-138962 – The Okta Sign In page did not resize automatically in small browser windows.
    • OKTA-140014 – The content of the Event info column in some System Log entries displayed incorrectly.

    • OKTA-140484 – Only a partial permissions list was displayed when assigning the Salesforce app to a group or user.
    • OKTA-140517 – During the change password flow, the "success" message in the Change Password dialog box displayed in English regardless of the language set in users' Display Language.
    • OKTA-140628 – The firstname and lastname fields displayed long values incorrectly on the Okta Home page.
    • OKTA-140859 – The error message that end users receive when attempting to update their profile was not localized when the system mode was degraded.
    • OKTA-141162 – During the reset password flow, the Reset Password dialog box displayed an untranslated message when users' Display Language was set to Portuguese.
    • OKTA-141184 – An email was sent to end users even though email password reset was disabled in the Account Recovery settings when an admin presses return.
    • OKTA-142607H SP-initiated authentication to the Skype for Business app failed in orgs configured with the New Okta Sign In flow.

    2017.39 App Integration Fixes

    The following SWA apps were not working and are now fixed

    • Amazon Web Services (OKTA-141303)

    • AWS Console (OKTA-140247)

    • Elegant Themes (OKTA-141769)

    • iConnectData (Comdata) (OKTA-140618)

    • MailRoute (OKTA-141171)

    • MB Marketing (OKTA-141170)

    • Nexus Payables (OKTA-141768)

    • Track What Matters (OKTA-141925)

    • Veeam (OKTA-141849)

    • Workable (OKTA-141476)

    • Wufoo (OKTA-141468)

    2017.38 Bug Fixes (combines 2017.37 and 2017.38 releases)

    • OKTA-118881 — The setup instructions for the On Prem Sharepoint app contained an incorrect PowerShell command.

    • OKTA-129237 — Deleting a user who was excluded from an MFA rule made the rule impossible to modify.
    • OKTA-131859 — Custom attributes deleted from the Add Attribute page did not appear in the Refresh Attribute list in the Pick Schema Attributes window.
    • OKTA-132168/138650 — Some text in the Account Unlock Requested email appeared in English regardless of the language configured for the org.

    • OKTA-133088 — The recommended sizes of customer-provided images (for example, in the Edit Logo dialog box) were incorrect and inconsistent.
    • OKTA-133571 — When prompted to enroll a phone number for self-service password reset at sign in, the enrollment failed if the end user had at least one second factor already enrolled and had not been challenged recently for MFA.
    • OKTA-134963 — When using Find groups by rule to create a list of groups to push to an app (for example, Active Directory), the list included some groups that came from the same app.

    • OKTA-137429 — In reset password flows, the Send Message dialog box appeared in English regardless of the language configured for the org.

    • OKTA-137750 — In the Welcome screen displayed to new end users, users' names were cut off if they contained diacritical marks (for example, umlauts and accents).
    • OKTA-138809 — Error messages displayed in the Reset Password dialog box appeared in English regardless of the end user's configured Display Language.
    • OKTA-139085H — When the iOS 11 native Mail app is configured to use Modern Authentication for Okta-mastered users who are assigned to an Office 365 WS-Fed app using either the Profile Sync or User Sync provisioning type, the Mail app continually prompts end users for a password. For details, see Announcements.
    • OKTA-139087 — In the User Activation email, the text of the Activate Okta Account button appeared in English regardless of the language configured for the org.
    • OKTA-139195 — When single quotation marks (') were used in UI labels and email templates, the single quotation mark did not appear and other unexpected text displayed.
    • OKTA-139337 — Automatically pushing profile updates to Salesforce sometimes failed.
    • OKTA-139584 — The SAML forceAuthN request prompt included a Remember me option. This option has been removed from this re-authentication flow.
    • OKTA-139644 — When assigning Salesforce to Okta end users, profiles associated with the Customer Community Plus license did not appear in the Profiles drop-down list.
    • OKTA-140918 — Some SP-initiated log-in flows to SAML apps failed due an issue decoding the SAML request.
    • OKTA-141461H — Workday imports failed for users whose profile did not contain custom report data.

    2017.38 App Integration Fixes

    The following SWA apps were not working and are now fixed

    • 6sense ABM AND Analytics (OKTA-139419)

    • Azure Portal Login (OKTA-139980)

    • Bank of America (OKTA-139976)

    • BlueStar (OKTA-139997)

    • CallTower (OKTA-139996)

    • Cover-More Travel Insurance (OKTA-139393)

    • DNSPod (OKTA-139558)

    • ePayslips (OKTA-139534)

    • Fedex United Kingdom (OKTA-139977)

    • Filesanywhere (OKTA-140001)

    • FINRA (OKTA-139416)

    • Gliffy (OKTA-139954)

    • iOvation (OKTA-140002)

    • ISS ProxyExchange (OKTA-139632)

    • KnowledgeHound (OKTA-138418)

    • MCM (OKTA-140003)

    • Micro Focus (OKTA-139651)

    • Microsoft Office 365 (OKTA-138224)

    • MURAL (OKTA-140000)

    • MyActiveHealth (OKTA-139635)

    • Salesforce: Marketing Cloud (OKTA-139532)

    • SecureMail Cloud (OKTA-139535)

    • Site24x7 (OKTA-139575)

    • Socialite (OKTA-139592)

    • Synnex Vendor Portal (OKTA-139979)

    • Vistaprint (OKTA-140142)

    • Yield Software (OKTA-139634)

    2017.36 Bug Fixes

    • OKTA-115069 — Salesforce import jobs were very slow and delayed dependent app activity.
    • OKTA-129315H — No factors appeared in the Reset Multifactor Authentication dialog box even though at least one factor was configured for the user.

    • OKTA-133052 — Not all topic labels on the new user Security page were translated successfully.
    • OKTA-134449 — Add user to group membership events in the System Log did not include Display Name or Alternate ID.
    • OKTA-136849 — First names, last names, and middle names containing non-ASCII characters did not display legibly when users were provisioned to Adobe CQ.
    • OKTA-137397 — system.na3.netsuite.com was not available in the Instance Type drop-down menu on the NetSuite App Settings page.
    • OKTA-138392 — App sign on rules designed to allow trusted iOS mobile devices to access WS-Federation and SAML apps failed if the policy included a Deny rule with a higher priority.
    • OKTA -138449 — When safe mode was employed, Duo was disabled even when it was the only MFA factor.
    • OKTA-138982 — Admins were unable to download a CSR for setting up Apple Push Notifications. The error was caused by including special characters in the org name.
    • OKTA-139256 — Activation emails in the Dutch language failed to display the correct username.
    • OKTA-139855 / OKTA-105855 — Instructions for setting up the SharePoint On-Premises app referenced a file (CreateSPTrustedTokenIssue.ps1), but did not include the location of the file.

    2017.36 App Integration Fixes

    The following SWA apps were not working and are now fixed

    • Buffer (OKTA-139413)

    • Campaign Monitor (OKTA-138879)

    • CareFirst (OKTA-138443)

    • Client Track (OKTA-138559)

    • CultureGrams (OKTA-139637)

    • Docebo (OKTA-139636)

    • EmblemHealth (OKTA-139302)

    • Ingram Micro (OKTA-139579)

    • myresourcelibrary (OKTA-138438)

    • OPP (OKTA-139633)

    • Principal Advisor (OKTA-138902)

    • Principal Financial Personal (OKTA-138904)

    • Spectrum Time Warner Cable (OKTA-139554)

    • Symantec Hosted Endpoint (OKTA-138267)

    The following OMM app was not working and is now fixed

    • ShareFile (OKTA-139210)

    2017.35 Bug Fixes (combines 2017.34 and 2017.35 Preview releases)

    • OKTA-114208 – login.okta.com now supports Preview and Developer orgs.
    • OKTA-118583 – G Suite profile pushes were not successful for existing end users.
    • OKTA-126080 – Push Groups failed when a user belonging to the group being pushed was deleted through the Dropbox app.
    • OKTA-128444 – Under certain circumstances, incorrect System Log events were generated for Password reset operations.
    • OKTA-129837 – Time unit text (days, years, months, etc.) in the Okta Welcome email appeared in English, rather than the end user's configured language.
    • OKTA-130218 – Using the Show More option changed the view order of Group Assignments.
    • OKTA-133078 – A System Log event was not generated when a user rejected an Okta Verify push notification.
    • OKTA-133791 – The wrong year appeared in the footer of end user Home page if the Okta Home footer was disabled in Display Options.
    • OKTA-133814 – Error messages did not display for some user lifecycle operations.
    • OKTA-134396 – The UI incorrectly showed support for linking to a group in Office 365. Linking to a group is only supported for AD, Box and G Suite (see Using Group Push).
    • OKTA-135164 – Read-Only Admins were unable to view the new Settings page, which is an Early Access feature under Provisioning.
    • OKTA-135334 – There was a typo in the Generic RADIUS App Sign-On tab.
    • OKTA-136213 – Clicking the Disconnect... link on the User Profile page did not disconnect users that were profile-mastered by Active Directory.
    • OKTA-136844 – App logos could not be uploaded when creating a new SWA app through the App Integration Wizard.
    • OKTA-137054 – The download link for the RSA SecurID agent in Security > Multifactor pointed to the wrong target.
    • OKTA-137226 – Samanage API authentication failed when trying to authenticate through Okta.
    • OKTA-137285 – Some apps could not be configured for provisioning when the Early Access Provisioning Settings page feature was enabled.
    • OKTA-137337 – The Admin OAN Self Service page displayed a 500 Internal Server Error.
    • OKTA-137429 – Not all fields were localized as specified following a Self Service Password Reset request.
    • OKTA-137555 – The AssertionConsumerServiceURL attribute in a SAML authentication requests matched one of the configured SSO URLs but an error was returned.
    • OKTA-138051 – Some fields and errors messages used in the Okta sign in flow were not properly localized.
    • OKTA-138219 - Updated permissions for Group and User Admin roles.

    2017.35 App Integration Fixes

    The following SWA apps were not working and are now fixed

    • Azure Manage (OKTA-137231)

    • Box (OKTA-138287)

    • Shiftboard (OKTA-137224)
    • Truckstop.com (OKTA-137817)

    The following SAML app was not working and is now fixed

    • Salesforce.com (OKTA-137272)

    • MuleSoft - Anypoint Platform (OKTA-135779)

    2017.33 Bug Fixes

    • OKTA-131120 – Box provisioning errors were not logged in the new System Log.
    • OKTA-131895 – With the new sign-in flow enabled, Windows 10 phone users were unable to sign in to the following Microsoft Office 365 apps: Delve/Microsoft Flow/Microsoft Power BI/Outlook Groups/Skype for Business.
    • OKTA-133446 – The wrong error message was displayed when a self-service password reset operation was attempted for a user who had not setup their recovery security question.

    • OKTA-133837 – The default time range in the new System Log was sometimes out of sync with the actual time zone, causing the most recent events not to be reported.
    • OKTA-134317 – The German translation for Okta password requirements contained a typo.
    • OKTA-135367 – Inactive users in SmartRecruiters were imported to Okta as active users.

    • OKTA-135970 — The Display Language section of the end-user Settings page was not fully localized.
    • OKTA-135970H — AD Group Push failed following group membership updates.

    • OKTA-137133 – Users sometimes saw a double sign in prompt to sign in to Okta for SAML apps.
    • OKTA-137280 – Configuring CORS origin in Chrome sometimes resulted in an internal server error.

    2017.33 App Integration Fixes

    The following SWA apps were not working and are now fixed

    • Air France (OKTA-136448)

    • Amazon Developer (OKTA-136282)

    • Hightail (OKTA-136365)

    • Microsoft Office 365 (OKTA-136263)

    • Vungle (OKTA-136483)

    2017.32 Bug Fixes

    • OKTA-123583 – Some error messages were incomplete if there were errors updating user profiles during import.
    • OKTA­-127450 – The Add policy button was not disabled for Org Admins since they cannot create authorization server policies.
    • OKTA-129771 – After you configured a custom sign out page, some users were incorrectly directed to the primary sign in page during authentication.
    • OKTA-131502 – Microsoft Office 365 email accounts of Samsung SAFE device users were deactivated when any EAS sign on policy settings in the app instance were changed.
    • OKTA-132173H – The Starleaf and Cisco ISVs did not receive the active attribute when users were updated.
    • OKTA-133546 – Some end users could not open Microsoft Office 365 online files with their desktop version of MS Office 2010.
    • OKTA-135969H – After enabling provisioning, existing group did not appear in the Microsoft Office 365 group assignment screen.

    • OKTA-133671 – When viewed by Group administrators managing users in specific groups, the Add Person page incorrectly identified the Group field as optional.
    • OKTA-133546 – End users could not open Microsoft Office 365 online files with their desktop version of MS Office 2010.
    • OKTA-133671 – When viewed by Group administrators managing users in specific groups, the Add Person page incorrectly identified the Group field as optional.
    • OKTA-134566 – Authentication failed during provisioning for the DocSend app.
    • OKTA-135230/OKTA-132277 – For some apps, some inactive users could not be deactivated.

    • OKTA-135451 – Some Dutch and Swedish translations were missing for the sign-in widget.
    • OKTA-136959 – Admins could not configure Android for Work.

    2017.32 App Integration Fixes

    The following SWA apps were not working and are now fixed

    • AlertLogic (OKTA-136168)

    • AST Equity Plan Solutions (OKTA-136206)

    • Box (OKTA-136541)

    • Confluence (Atlassian) (OKTA-136065)

    • Microsoft Office 365 (OKTA-136263)

    • Ultimate Software (OKTA-135120)

    • Webassessor (OKTA-136220)

    2017.31 Bug Fixes

    • OKTA-128784 – Sign-on policy outcome reason events did not have enough granularity in the outcome results.
    • OKTA-130926 – Some third party notice links redirected to the wrong notice.
    • OKTA-131320 – While creating customized email templates, localization was inconsistent.
    • OKTA-133542 – When importing from the Smart Recruiters app into Okta, inactive users were treated as active.
    • OKTA-133569 – SAML requests with redirect binding dropped the relay state.
    • OKTA-133702 – Sometimes users were not re-prompted for credentials when signing in to a SAML app.
    • OKTA-134184 – Administrators did not receive emails for User Lockout events.
    • OKTA-134207 – Error messages that displayed during change and reset password flows did not match the language of the user interface.
    • OKTA-134640 – When enrolling an iPad iOS device version 10.3.3 into OMM using the Okta Mobile Application, the Mobile Native Applications were not pushed to the device.
    • OKTA-135230/OKTA-132277 – For some apps, some inactive users could not be deactivated.

    2017.31 App Integration Fixes

    The following SWA apps were not working and are now fixed:

    • ADP iPayStatements (OKTA-134635)

    • MIR3 inEnterprise (OKTA-133844)

    • NGS Connex (OKTA-133857)

    • Pivotal Academy (OKTA-134826)

    • Seek (AU) - Employer (OKTA-134584)

    • SyncBASE/OPTRACK (OKTA-133882)

    • The Australian (OKTA-134585)

    2017.30 Bug Fixes (combines 2017.29 and 2017.30 Preview releases)

    • OKTA-126117 – Some users received incorrect lockout messages during Okta sign in.
    • OKTA-128212 – The user name failed to autopopulate in the new sign-in screen when using On-prem Multifactor Authentication.
    • OKTA-128721 – Custom SMS templates allowed messages longer than 160 characters.
    • OKTA-129383 – Installation for the Okta On-premises Provisioning Agent failed when an Internet Explorer proxy was in use.
    • OKTA-130314 – Selecting the Previous button caused an error during SAML app creation.
    • OKTA-130513 – The link for the Apple MDM certificate renewal was incorrect.
    • OKTA-130692 – System Log 2.0 dropdown lists did not scroll in the advanced filter dialog..
    • OKTA-131282 – Okta Verify Push sometimes incorrectly returned an error.
    • OKTA-131366 – Group app assignment for the Microsoft Office 365 app sometimes failed.
    • OKTA-131421 – The Samanage app did not support a fully configurable ACS URL.
    • OKTA-132091 – In System Log 2.0 the Show More option failed for some searches.
    • OKTA-132097 – The Show Temporary Password feature did not work for some users.
    • OKTA-132012H – Some users with accounts create with Just In Time (JIT) provisioning were locked in the Pending Activation state.
    • OKTA-132733 – Some users could not update the technical contact for their accounts.
    • OKTA-132774 – Some automatic profile push updates failed for the Jive app.
    • OKTA-132779 – Forced Authentication did not work properly for some apps.
    • OKTA-132846 – Multifactor authentication did not work properly for newly enrolled factors.
    • OKTA-133611 – Default mapping did not map the correct fields in the ServiceNow UD app.
    • OKTA-133751 – The Microsoft Office 365 instructions link did not work.
    • OKTA-134149 – Scheduled updates from the ServiceNow app did not import users to Okta.
    • OKTA-134407H – The Admin. Dashboard did not load menus and tasks when a banner was displayed.

    2017.30 App Integration Fixes

    The following SWA apps were not working and are now fixed:

    • Aviso (OKTA-133339)

    • Citibank (OKTA-133064)

    • Eventbrite (OKTA-133710)
    • Fastly (OKTA-133683)
    • FedEx US (OKTA-133418)

    • Flickr (OKTA-133397)

    • Huddle (OKTA-132781)

    • Kammer van Koophandel (OKTA-134302)
    • Symantec Email Quarantine (OKTA-133845)
    • Vitality (OKTA-133361)

    The following SAML app was not working and is now fixed:

    • Cornerstone OnDemand (OKTA-132824)

    2017.28 Bug Fixes

    • OKTA-115069 — Importing users from Salesforce sometimes took an excessive amount of time.
    • OKTA-123695 — /api/v1/apps/:appId/groups didn't return groups if the specified app was inactive.
    • OKTA-126820 — A 403 error occurred when clicking Temporary Password to reset a password.
    • OKTA-129089 — Provisioning for the GoToMeeting app failed when attempting to authenticate API credentials.
    • OKTA-130934 — Error messages that display to help enforce password policy rules displayed in English regardless of the configured language.
    • OKTA-131339 — Provisioning users to the Adobe CQ SAML app sometimes failed.
    • OKTA-131784 — Identity provider JIT reactivation of users sometimes failed when there were configured group assignments.
    • OKTA-132207 — Sometimes the mapping between the external Microsoft user and the Okta user was inaccurate.
    • OKTA-132290 — In the Convert Group Assignments UI, the number of group assignments to convert did not return to zero after clicking Convert All.
    • OKTA-132516H — Okta's plugin for the Chrome browser consumed an excessive amount of memory.
    • OKTA-133405H — In Identity Provider Authentication Settings, custom attributes did not appear in the Match against list.

    2017.28 App Integration Fixes

    The following SWA apps were not working and are now fixed:

    • Confluence (Atlassian) (OKTA-132033)

    • Humanity (OKTA-131083)

    • Mimecast Personal Portal v3 (OKTA-131191)

    • Saba (OKTA-132037)

    2017.27 Bug Fixes

    • OKTA-117073 — Some links and buttons in Okta were not illuminated when they were in focus.
    • OKTA-117081 — A 500 error occurred when attempting to access some SAML apps configured to prompt for MFA and enabled to honor Force Authentication.
    • OKTA-125258 — Role options for all groups continued to appear after the AWS web app was changed to individual assignment.
    • OKTA-128396 — If Voice Call was the last MFA method used, deleting the Forgot Password Voice Call phone number in end-user account settings blocked subsequent access to those settings.
    • OKTA-128740 — OMM-enrolled Android users' custom email settings were lost after admins updated certain EAS settings for the Office 365 app in Okta.
    • OKTA-129248 — Importing users from SuccessFactors failed in certain circumstances.

    • OKTA-129256 — Self-service password reset emails did not display in the intended language.
    • OKTA-130069 — Several links and input fields on the Okta Sign In page customized to display in German continued to display in English.
    • OKTA-130764 — Clients with a token_endpoint_auth_method set to client_secret_post did not have a selected radio button on the Client Credentials display.
    • OKTA-131113 — The reset password link contained an error in the German translation of the Okta-generated Reset Password email.
    • OKTA-131294 — Okta reported an error when a SAML 2.0 Identity Provider (IdP) was created and some fields were omitted.

    • OKTA-131504 — The order in which administrator types were listed on the Administrators page and the Add Administrator dialog box did not match.
    • OKTA-131875H — Removed a potential cross-site scripting vulnerability from setup instructions for some SAML apps.

    2017.27 App Integration Fixes

    The following SWA apps were not working correctly and are now fixed:

    • 10000ft (OKTA-129322)

    • Basecamp (OKTA-131080)

    • CSCglobal (OKTA-130350)

    • Egencia (OKTA-131089)

    • FlipKart (OKTA-130780)

    • Great-West Life (OKTA-131687)

    • MassMutual RetireSmart (OKTA-131686)

    • Microsoft Account (OKTA-130765)

    • MURAL (OKTA-131679)

    • ProofHQ (OKTA-131081)

    • ServiceNow - Eureka and later releases (OKTA-129647)

    • Veeam (OKTA-130821)

    • VMware Partner Central (OKTA-130208)

    • Yahoo Mail (OKTA-131688)

    The following SAML app was not working correctly and is now fixed:

    • LiquidFiles (OKTA-129648)

    2017.26 Bug Fixes

    • OKTA-117352 – When validating the names of scopes for social identity providers, Okta didn't enforce the restrictions specified in the OAuth 2.0 spec.
    • OKTA-118336 – Signing in to the Oracle Tab app for Android devices failed in orgs where the New Okta Sign-In page was enabled.
    • OKTA-119679 – Importing users from Ultipro caused null or empty errors.
    • OKTA-121703 – A newly created app failed to submit credentials in Firefox when using the Okta browser plugin.
    • OKTA-121819 – Read-Only admins were denied display of Yubikey reports.
    • OKTA-121924 — Users could not update Duo information within Okta during sign in.
    • OKTA-122419 — A French Polynesian mobile number was shown as invalid during SMS Enrollment.
    • OKTA-123695 – Users could not view groups assigned to inactive applications.

    • OKTA-124263 – Some user information failed to auto-populate in the Kronos app when the Okta plugin for Internet Explorer was installed.
    • OKTA-125248 – Group Push enhancement allowed the renaming of Google groups if spaces were in the title—even when the renaming feature was disabled.
    • OKTA-125678 – Enabling the Okta plugin made the Save As button of an internal app inoperative.
    • OKTA-126768 – Customized language sign-in labels failed to display correctly for Chinese, Portuguese, and Dutch.
    • OKTA-127353 – MFA for Chromebooks did not display the New Okta Sign-In page.
    • OKTA-127377 – The Okta browser plugin sparked two password prompts on a single page.
    • OKTA-128184 – A typo was found in the Dutch version of Okta Verify with Push.
    • OKTA-128891 – A sign-in message displayed when signing out of a custom SAML app.
    • OKTA-128945 – A new org could not successfully push groups to G-Suite.

    2017.26 App Integration Fixes

    The following SWA apps were not working correctly and are now fixed:

    • Cover-More Travel Insurance (AU) (OKTA-130939)

    • Mapbox (OKTA-130787)

    • Skylight (OKTA-130315)

    • Yahoo Mail (OKTA-130149)

    2017.25 Bug Fixes

    • OKTA-116468 – The upgrade to Jira Authenticator v3.x altered the sign in flow and caused mixed results when users tried to access Jira.
    • OKTA-120029 – The Confluence on-premises app redirected to the wrong authentication URL.
    • OKTA-122794 – Some apps with a SAML 2.0 sign on mode and some Inbound SAML setups failed to use a SHA-256 certificate..
    • OKTA-124753 – Read-Only Admins were able to upload Yubikey seed files.
    • OKTA-124758 – The Fresh Service app required a SHA certificate that differed from the Okta Security Certificate Fingerprint.
    • OKTA-124989 – The People page displayed an inaccurate count of users with expired passwords, and incorrectly listed some users as Active.
    • OKTA-125263 – Active Directory-mastered users were unable to reset their passwords through SMS or email.
    • OKTA-125882 – No confirmation button was visible when users signing in through O365 were prompted to select a security image.
    • OKTA-126811 – Salesforce sandbox provisioning failed to import portal users.
    • OKTA-127423 – An excessive import duration caused Workday to time out.
    • OKTA-128360 – Scheduled imports for groups in O365 failed repeatedly.
    • OKTA-128814H – API validation failed when updating users of the Org2Org if the Country attribute was not set.

    • OKTA-129862 – Authentication for the O365 app did not support additional WS-Fed parameters sent by the Outlook plugin.
    • OKTA-129970 – Long running reports caused Workday imports to fail.

    2017.25 App Integration Fixes

    The following SWA apps were not working correctly and are now fixed:
    • Doba (OKTA-129851)

    • Jitterbit (OKTA-129667)

    • Moqups (OKTA-130022)

    • VMware Horizon View VDI (OKTA-129398)

    2017.24 Bug Fixes

    • OKTA-118336 – Signing into the Oracle Tap Android application failed on Android devices, while the New Sign-in Page was enabled.
    • OKTA-122975 – After clicking some apps on the Okta dashboard in a Safari browser, the transition page that displays before the app opens did not render correctly.
    • OKTA-124320 – Some users were unable to register U2F keys to use for MFA.
    • OKTA-124802 – In some cases, authentication failed when configuring SpringCM provisioning.
    • OKTA-125181 – The wrong error was reported and Okta became non-responsive after entering an incorrectly-formatted username in the Validate Configuration field (LDAP integration settings).
    • OKTA-125362 – Trying to use the administrator option Show XML in the ServiceNow app failed in the Firefox browser with the Okta plugin enabled.
    • OKTA-125431 – In some circumstances, when pushing a group from Okta to AD, only some group members were pushed successfully.
    • OKTA-125850 – Users could not access some applications whose Sign On policy called for multifactor authentication.
    • OKTA-126804 – System Log entries for Add user to group membership events were missing Display Name information.
    • OKTA-126950 – The security question presented to end users during the Okta account recovery flow was in English when the end user Display Language was set to a non-English language.
    • OKTA-126996 – SP-initiated logins to apps configured to redirect to a custom log-in page failed in orgs with the New Okta Sign In Page enabled.
    • OKTA-127389 – Attempting to download the root certificate for certificate-based authentication for the Microsoft Office 365 app failed when the org name contained certain non-alphanumeric characters.
    • OKTA-127651 – In some cases, saving changes to Microsoft Office 365 group app assignments caused a 500 error.
    • OKTA-128182 – In orgs with multiple AD domains, user assignments could not be confirmed for imported users who were already imported from another AD domain.
    • OKTA-129014 – The dropdown that controls Authorization Server lifecycles failed to display properly if you navigated directly to a tab or refreshed a tab other than Settings.

    • OKTA-129291 – The Okta EL function getFilteredGroups was not compatible with SAML attributes in the App Wizard or in AppUser profile mappings.

    2017.24 App Integration Fixes

    The following SWA apps were not working correctly and are now fixed:

    • AvantLink (OKTA-128518)

    • Chase Bank - Personal (OKTA-127948)

    • Plex (OKTA-128351)

    • Redis Labs (OKTA-128346)

    • Vanguard (OKTA-128343)

    • Wells Fargo - Personal (OKTA-128350)

    2017.23 Bug Fixes

    • OKTA-103403 – Some admins were unable to import users.
    • OKTA-109790 – Following installation, the beta LDAP agent caused some previously imported users' names to change.
    • OKTA-117134 – The Okta browser plugin didn't detect the change password form of an Okta-managed app and didn't offer to save the password.
    • OKTA-118715 – The Okta browser plugin displayed the Save this password in Okta banner to users who did not have a valid Okta session.
    • OKTA-120788 – Some custom Schema Attributes failed to save.
    • OKTA-124287 – The sign-in button for an Okta-managed app was inoperative.
    • OKTA-125213 – The Okta browser plugin didn't offer to save the password of apps hosted on the local host.
    • OKTA-127162 – Users received error messages when attempting to deactivate users for the ZScaler app.
    • OKTA-128545 – Provisioning for the Coupa app failed for some users.

    2017.23 App Integration Fixes

    The following SWA apps were not working correctly and are now fixed:

    • Cascade HR (OKTA-128216)

    • cloudHQ (OKTA-127742)

    • Microsoft SharePoint Online Office 365 (OKTA-127652)

    • The Street (OKTA-127935)

    2017.22 Bug Fixes

    • OKTA-122440 – Users trying to change their current password received error messages when the password contained some html tag elements.
    • OKTA-123785 – For some users with Network Zones enabled, the Messages description under VPN Notification failed to display correctly.
    • OKTA-125850H – A 404 error occurred when attempting to access some SAML apps configured to prompt for MFA and enabled to honor Force Authentication.

    • OKTA-125885 – After selecting Show More to expand a list of over twenty groups, Admins were unable to change the group priority.
    • OKTA-127051 – Searching for apps in Preview orgs sometimes resulted in slow response times.
    • OKTA-127905 –Okta Mobile Connect Single Sign On was temporarily unusable due to missing text and buttons.

    2017.22 App Integration Fixes

    The following SAML app was not working correctly and is now fixed

    • Artifactory (OKTA-113892)

    The following SWA apps were not working correctly and are now fixed

    • Advent Black Diamond (OKTA-127375)
    • Citrix Netscaler Gateway (OKTA-127025)
    • In Honda (OKTA-126638)
    • Mass Mutual (OKTA-127331)
    • Miles & More (OKTA-125495)
    • Zang OnEsna (OKTA-127201)
    • Zoho Invoice (OKTA-127246)

    2017.21 Bug Fixes

    • OKTA-112868 - Users launching the same app in multiple windows were prompted to confirm their identity to stay signed in.
    • OKTA-119445 - The Profile Editor failed to load when an inactive or deleted Directory Integration was still listed under Profile Masters.
    • OKTA-119458 - When registering an Android device in OMM using AFW, the Play Store for Work was not populated with apps.
    • OKTA-120029 - Some users with custom URL context paths failed to authenticate.
    • OKTA-120886 - When an Okta alert warned users about their expiring session, some users experienced errors in their workflow.
    • OKTA-121390 - Importing active users failed in some cases.
    • OKTA-121705 - Updating user profiles failed in some cases.
    • OKTA-121859 - Provisioning failed when the securityQuestion and securityAnswer fields were left empty in User Profile Mappings.
    • OKTA-125051 - Text in end users' Display Language setting was not localized in the configured display language.
    • OKTA-125295 - Some groups failed to display users, and users could not be added nor removed.
    • OKTA-126360 - The State field under GeographicalContext failed to populate in the System Log.
    • OKTA-127512H - The Okta service sent admins multiple summary emails for the same import event.

    2017.21 App Integration Fixes

    The following SAML apps were not working correctly and are now fixed

    • Egnyte (OKTA-117225)

    • Panorama9 (OKTA-125364)

    • Sugar CRM (OKTA-67252)

    The following SWA apps were not working correctly and are now fixed

    • Akamai EdgeControl (OKTA-126758)

    • ClearCompany (OKTA-126049)

    • CloudCheckr (OKTA-126623)

    • CT Lien Solutions (OKTA-117451)

    • Evernote Business (OKTA-125498)

    • Flickr (OKTA-126727)

    • Flurry (OKTA-126629)

    • G Suite (OKTA-125961)

    • HeyOrca (OKTA-126622)

    • PeopleStrategy (OKTA-126913)

    • ReadMe.io (OKTA-126630)

    2017.20 Bug Fixes

    • OKTA-99850 – Updating the OpenID Connect property max_age incorrectly caused a new session to be created, which updated the createdAt timestamp.
    • OKTA-122136 - Some users were unable to sign in to new apps.
    • OKTA-122431 - In orgs with a Lock out policy configured, some Active Directory (AD) users could sign in to Okta when the AD agent was not functioning.
    • OKTA-122637 – Pushing groups to an app failed if user profiles contained certain emoji characters.
    • OKTA-122983 - Users with configured SMS authentication received an error message when entering their phone number to reset their password or unlock their account.
    • OKTA-123686 – The Preview Sandbox banner appeared twice in the Welcome screen presented to new Okta users.
    • OKTA-123939 – Okta Sign-In page failed for AD-mastered users who had not configured a security question and no password reset email was sent to them.
    • OKTA-124354 - Duplicate users caused match conflicts during some AD imports.
    • OKTA-125156 - Some admins were unable to reorder their Access Policies for Authorization Servers.
    • OKTA-125167 - Some error messages were sent without text, causing an error.
    • OKTA-127155H – OIDC/OAuth2 requests failed to respect default SAML IdP configuration.

    2017.20 App Integration Fixes

    The following SAML apps were not working correctly and are now fixed:

    • CloudHealth (OKTA-123984)

    • OpsGenie (OKTA-120528)

    The following SWA apps were not working correctly and are now fixed:

    • AdMob (OKTA-125591)

    • Adobe Creative (OKTA-125497)

    • DoubleClick for Advertisers (OKTA-125592)

    • DoubleClick For Publishers (OKTA-125960)

    • Dropbox Business (OKTA-125948)

    • Firebase (OKTA-125593)

    • FullStory (OKTA-125929)

    • Gliffy (OKTA-125634)

    • Google Data Studio (OKTA-125788)

    • Google DoubleClick Ad Exchange (OKTA-125820)

    • Google Merchant Center (OKTA-125793)

    • Google Partner Dash (OKTA-125501)

    • Google Picasa (OKTA-125772)

    • Google Play (OKTA-125768)

    • Google Plus (OKTA-125854)

    • Google Search Console (OKTA-125709)

    • Google Tag Manager (OKTA-125857)

    • Google Voice (OKTA-125859)

    • Level 3 Communications (OKTA-125494)

    • Rise Vision (OKTA-125872)

    • Teamviewer (OKTA-125292)

    • Verint (OKTA-125496)

    2017.19 Bug Fixes

    • OKTA-121113 — Automatically importing users failed in some circumstances.
    • OKTA-121486 — Even after users reset their passwords, their status remained in a reset password state in Okta.
    • OKTA-121892 — The ManagerUpn attribute on the AD appuser was not updated when pushed from Okta.
    • OKTA-122450 — The Clear User Sessions button failed to display on the user profile for some users.
    • OKTA-122684 — Some reset password links did not expire.
    • OKTA-122780 — Some users received an internal error message when selecting the Box app integration.
    • OKTA-124266 — The custom expression link in the Active Directory integration screen redirected to the wrong page.

    2017.19 App Integration Fixes

    The following SAML apps were not working correctly and are now fixed:

    • LiquidFiles (OKTA-121955)
    • Space IQ (OKTA-123613)

    The following SWA apps were not working correctly and are now fixed:

    • BetterCloud (OKTA-125215)
    • Evernote Business (OKTA-123979)
    • Girard Securities (OKTA-111336)
    • Hertz Gold Plus Rewards (OKTA-124848)
    • Kaspersky CompanyAccount (OKTA-122566)
    • Markel Insurance (OKTA-124511)
    • QuickVTR (OKTA-123986)
    • Sage Employee Self Service (OKTA-124880)
    • WorkdayCommunity (OKTA-125175)

    2017.18 Bug Fixes

    • OKTA-116651 — Backslash characters displayed twice for some users in attribute mappings.
    • OKTA-119776 — Some admins received an error message when attempting to approve apps on their task page.
    • OKTA-119792 — Some users were unable to enroll RSA devices with Okta's New Sign-in flow.
    • OKTA-122836 — A scheduled user update did not import custom attributes.
    • OKTA-122855 — Some users saw task lists for unassigned apps.
    • OKTA-123622 — Some Internet Explorer users could not mark account deprovisioning tasks as complete.
    • OKTA-125194H — Authentication failed for locked out users in orgs with JIT and AD delegated authentication enabled.

    2017.18 App Integration Fixes

    The following SAML app was not working correctly and is now fixed:

    • Clarizen (OKTA-113837)

    The following SWA apps were not working correctly and are now fixed:

    • Absolute Data & Device Security (OKTA-123628)
    • CloudCheckr (OKTA-124280)
    • G Suite (OKTA-124179)
    • Google Accounts Personal (OKTA-124302)
    • Google AdSense (OKTA-124288)
    • Google AdWords (OKTA-124298)
    • Google Analytics (OKTA-124290)
    • Google Apps Admin (OKTA-124429)
    • Google Mail (Offline) (OKTA-124436)
    • Google Play Developer Console (OKTA-123809)
    • Guardian Insurance (OKTA-121265)
    • Postmark (OKTA-123677)
    • ProProfs (OKTA-124314)
    • ReviewSnap (OKTA-124349)
    • SHRM Online (OKTA-123189)
    • Squarespace V6 (OKTA-123784)
    • YouTube (OKTA-124138)

    2017.17 Bug Fixes

    • OKTA-110523 — Agent embedded browsers failed to display OAuth options on Win2k16 when Internet Explorer (IE) Enhanced Security Configurations(ESC) are enabled.
    • OKTA-113433 — Safari users received an incorrect error message when signing in to Okta.
    • OKTA-115168 — Application Administrators were incorrectly allowed to create an OpenID Connect service client even though they weren't assigned an OpenID Connect client app.
    • OKTA-117353 — Admins' Task counter displayed an inordinate number of tasks.
    • OKTA-120425 — The OMM dashboard was non-responsive for some users.
    • OKTA-120883 — The Dutch language did not translate properly in the Okta Widget for Chrome and Firefox browsers.
    • OKTA-123576H — The Android for Work Setup button (Devices > Mobile Policies > Mobile tab) was non-responsive when the sign on method for the G Suite app was SAML 2.0.
    • OKTA-123777H — The Okta Sign On form did not appear when signing in with Firefox version 45.x.x Extended Support Release.
    • OKTA-123911H — Users received an incorrect error when attempting to reset their password.

    2017.17 App Integration Fixes

    The following SAML app was not working correctly and is now fixed:

    • ShowPro (OKTA-116217)

    The following SWA apps were not working correctly and are now fixed:

    • Aetna Health Insurance (OKTA-123000)

    • Donnelley Financial Solutions File16 (OKTA-123198)

    • Frontline Education (OKTA-123177)

    • Guardian by LawLogix (OKTA-122910)

    • Lifelock (OKTA-123197)

    • My Ceridian Solutions (OKTA-121195)

    • TravelCube Pacific (OKTA-123159)

    2017.16 Bug Fixes

    • OKTA-96981 - Users changing their passwords did not receive the correct error message for invalid passwords.
    • OKTA-109336 - Users changing their passwords did not receive the correct error message for insufficient password requirements.
    • OKTA-110838 - Users changing their password multiple times a day or reusing old passwords did not receive the correct error message.
    • OKTA-115189 - Sign-in flow failed for some users.
    • OKTA-116029 - Admins were unable to sync Active Directory groups that contained users moved between an Organizational Unit (OU) that was synced to Okta and an OU that was not.
    • OKTA-119626 - Modifying the tenantName attribute of existing user profiles caused an API validation failure.
    • OKTA-120005 - Admins were unable to customize an email template for users with forgotten passwords.
    • OKTA-120329 - Admins were unable to deactivate and reassign Yubikeys from deleted users.
    • OKTA-120410 - Admins were unable to move users from a group with roles assigned to one without.
    • OKTA-121122 - Running multiple tasks for some users caused Invalid Credentials.
    • OKTA-121794/OKTA-123378H - Provisioning failed for Coupa OAN app.

    2017.16 App Integration Fixes

    The following SWA apps were not working correctly and are now fixed:

    • ADP Workforce Now (Admin) (OKTA-119713)
    • Ceridian Online Customer Support (OKTA-121196)
    • G Suite (OKTA-122199)
    • Impraise (OKTA-122557)
    • NCM Axcessa (OKTA-122565)
    • ONE by AOL Mobile (OKTA-121276)
    • Sophos Partner Portal (OKTA-118766)
    • Ticketmaster (OKTA-122560)
    • US Messenger (OKTA-122562)

    2017.15 Bug Fixes

    • OKTA-122442H – AD LDAP Group and User filters did not work as expected because uppercase characters in Boolean variables were changed to lowercase after settings were saved.
    • OKTA-88095 – Trusted proxies from network zones were not used in the Network Zones feature.
    • OKTA-100438 – Users were unable to switch to other factors after selecting SMS authorization.
    • OKTA-108988 – Some users assigned the G Suite application were unable to update their Google Group memberships.
    • OKTA-110028 – Okta's SCIM client did not handle the response correctly when the 204 status code was returned by the server.
    • OKTA-111809 – Excessive emails about certificate expiration were sent to users.
    • OKTA-112868 – Some users received login error messages.
    • OKTA-113809 – All password requirements were displayed when a user forgot their password instead of the password requirements selected by admins.
    • OKTA-114022 – Sign out failed in the app MFA screen.
    • OKTA-114853 – In some cases the SP-side API token for provisioning could not be refreshed.
    • OKTA-115166 – Some app admins were unable to modify the applications permitted in their Profile Editor.
    • OKTA-115179 – App admins without permission to import new users saw the option to import CSVs.
    • OKTA-117461 – Admins were unable to properly modify application labels.
    • OKTA-117697 – Deleting a user from a group exceptions rule caused the rule to fail.
    • OKTA-118911 – Some locked out users displayed as Active on the admin dashboard.
    • OKTA-118912 – Some admins received error messages when deactivating accounts.
    • OKTA-118927 – Admins were unable to edit their users' mobile number in their user's Settings Page.
    • OKTA-119364 – Some admins received an error when creating a new user.
    • OKTA-119654 – Users received an incorrect error when attempting to reset their password.
    • OKTA-120008 – Push groups by rule failed when groups had the same name, but different descriptions.
    • OKTA-120678 – Identity provider signature certificates failed to display.
    • OKTA-120830 – New end users whose secondEmail attribute was AD-mastered and was set to Read Only in the Profile Editor could not complete the Okta welcome flow.
    • OKTA-121432 – Filtering by Event Type in the System Log failed for some users.
    • OKTA-121854 – Some users were unable to enable SSL pinning on the RADIUS agent.
    • OKTA-121690 – Updating a user's mobile number in the user profile did not update the number in the user's Settings Page and deleted the previously-configured number.

    2017.15 App Integration Fixes

    The following SAML app was not working correctly and is now fixed:

    • JAMF Software Server (JSS) (OKTA-120322)
  • The following SWA apps were not working correctly and are now fixed:

    • AirWatch Portal (OKTA-120568)

    • Akamai EdgeControl (OKTA-120409)

    • ASAE (OKTA-120595)

    • BT Cloud Phone (OKTA-120571)

    • CBRE (Employee Login - The Navigator) (OKTA-121509)

    • Cisco AMP for Endpoints (OKTA-120968)

    • Credible Behavioral Health (OKTA-120697)

    • CUNA Mutual (OKTA-120733)

    • Datahug (OKTA-121489)

    • G5 Action Analytics (OKTA-121506)

    • GTA Travel (OKTA-120792)

    • IBM Workspace (OKTA-121501)

    • Informatica Award Program (OKTA-120596)

    • Liveramp (OKTA-121512)

    • Maxemail (OKTA-120809)

    • MySonicWall (OKTA-120291)

    • National Life Group (OKTA-120567)

    • NGS Connex (OKTA-120591)

    • Roadmunk (OKTA-121504)

    • SAP Support Portal (OKTA-120909)

    • ShareThis (OKTA-121513)

    • TimeLog (OKTA-120590)

    • Twitter (OKTA-121124)

    • United Concordia (OKTA-120594)

    • XSplit (OKTA-121497)

    2017.13 Bug Fixes

    • OKTA-79821 - The Save Password button failed to save the password for some users.
    • OKTA-86540 - IP Zones were listed by ID instead of by name or order last added.
    • OKTA-111018 - Users with the Okta New Sign-In Page enabled received a 400 Bad Request when attempting to sign into Veeva Vault app.
    • OKTA-111656 - The Okta plugin failed to sign in some users.
    • OKTA-112935 - When some admins attempted to create an AD-mastered user, an Okta-mastered user was sometimes created instead.
    • OKTA-113253 - When admins used a Reset Password template, their end users were redirected to a 403 error page.
    • OKTA-114197 - After deleting a user with an enrolled device, the Device Overview page failed to load.
    • OKTA-114853 - Some users' refresh token failed to refresh.
    • OKTA-115282 - Setting up the Security Key (U2F) key factor from the user account page resulted in an error message.
    • OKTA-117968 - Some users received an error when importing users from their Okta Production org.]

    Note: OKTA-113496H – If you experienced a timeout error while attempting to create a large number of user accounts via the API, contact Okta Support for a possible remedy.

    2017.13 App Integration Fixes

    The following SWA apps were not working correctly and are now fixed:

    • CrazyEgg (OKTA-119975)

    • Egnyte (OKTA-120373)

    • ESPN (OKTA-120482)

    • Google AdSense (OKTA-120154)

    • MetLife MyBenefits (OKTA-120301)

    • Microsoft OneDrive (OKTA-120264)

    • SyncBASE (OKTA-120149)

    • Union Bank (OKTA-119767)

    • Verizon Wireless Business (OKTA-120221)

    The following SAML app was not working correctly and is now fixed:

    • Saba (OKTA-112840)

    The following OMM app was not working correctly and is now fixed:

    • Bill.com (OKTA-119939)

    2017.12 Bug Fixes

    • OKTA-115172 - Read-only admins and mobile admins were able to delete users from a Profile Master.
    • OKTA-114321 - Use of the Amazon Assistant plugin triggered rate limit errors for some Internet Explorer users.
    • OKTA-118120 - Customers experienced a 500 error when attempting to Retry on the Task page.
    • OKTA-105635 - Provisioning failed for GoToMeeting new users.
    • OKTA-115172H - Read-only and Mobile admins had greater access rights for Profile Master actions than permitted by their defined roles.
    • OKTA-117336 - When Okta deprovisioned a user in Rally, the user's role reverted to the original value pushed from Okta in spite of adequate mappings.
    • OKTA-118733H - The label on a button located in the Okta footer was difficult to read because the font was too dark.
    • OKTA-120086H - Out-of-network Windows users attempting to access Okta managed apps configured to deny such access were redirected to a Windows third-party enrollment page instead of the standard Access Denied page, as expected.

    2017.12 App Integration Fixes

    The following SWA apps were not working correctly and are now fixed:

    • ADP Workforce Now (Admin) (OKTA-104388)

    • ADP Workforce Now (Employee) (OKTA-104388)

    • Awin (OKTA-118368)

    • CallRail (OKTA-119212)

    • Creately (OKTA-119223)

    • Edward Don and Company (OKTA-119203)

    • Flurry (OKTA-119224)

    • Real Capital Analytics (OKTA-119391)

    • Travitor (OKTA-116914)

    • Zkipster (OKTA-118207)

    The following SAML apps were not working correctly and are now fixed:

    • Attendease (OKTA-117520)

    • Rally Software (OKTA-117336)

    • Workfront (OKTA-110025)

    2017.11 Bug Fixes

    • OKTA-107707 - AD-mastered users received an incorrect description of the password complexity requirement when changing or resetting passwords if the Group Password Policy feature was not enabled.
    • OKTA-112348 - Concur users could not update employee IDs because of a change in the Concur API.
    • OKTA-113061 - ADP users received an error after disabling a group in their Active Directory.
    • OKTA-114022 - The Sign Out button located on the App MFA screen failed to sign out users.
    • OKTA-114203 - Deleted and deactivated App Wizard or org-created applications were still assignable to admins.
    • OKTA-115824 - The generated list of Zscaler IP Addresses was stale.
    • OKTA-117237 - Some users could not sign into Skype for Business when the Office 365 sign-on policy denies ActiveSync traffic.
    • OKTA-117305 - A link emailed to some AD-mastered users to unlock their accounts resulted in a 403 error.
    • OKTA-118196 - Enabling or disabling Exchange ActiveSync settings for Office O365 failed for some orgs.
    • OKTA-118544 - Removed Mobile Admin rights were incorrectly restored to some users.
    • OKTA-118733H - The label on a button located in the Okta footer was difficult to read because the font was too dark.

    2017.11 App Integrations Fixes

    The following SWA apps were not working correctly and are now fixed:

    • AdvancedMD (OKTA-117176)

    • Amazon Associates CA Affiliate (OKTA-117060)

    • Amazon CA (OKTA-116925)

    • Amazon Web Services (OKTA-115117)

    • Amplitude (OKTA-117441)

    • AP Stylebook (OKTA-117712)

    • Atlas Solutions (OKTA-117476)

    • AvayaLive (OKTA-115557)

    • Bing Ads (OKTA-116205)

    • BioCentury (OKTA-117566)

    • Codeship (OKTA-117369)

    • Confluence (Atlassian) (OKTA-116216)

    • D2L (OKTA-117567)

    • Dash (OKTA-116424)

    • Dataloader.io (OKTA-115819)

    • DealerSocket AAX (OKTA-117127)

    • Dell EMC (OKTA-117569)

    • Docker Hub (OKTA-115331)

    • Essendex (OKTA-114906)

    • Exclusive Resorts (OKTA-117126)

    • Geckoboard (OKTA-116259)

    • Give Something Back (OKTA-117129)

    • Hellofax (OKTA-118422)

    • HelloSign (OKTA-115502)

    • Inspired eLearning (OKTA-116992)

    • JoyentCloud (OKTA-117565)

    • Kaiser (OKTA-116425)

    • Kampyle (OKTA-116427)

    • LawRoom (OKTA-117420)

    • Lifesize Cloud (OKTA-115541)

    • MarkMonitor (OKTA-117125)

    • MathWorks (OKTA-115559)

    • MetLife MyBenefits (OKTA-116356)

    • Nature.com (OKTA-116426)

    • OpenVPN Connect (OKTA-117714)

    • Operative.One (OKTA-117179)

    • Oracle Human Capital Management (OKTA-117130)

    • Oracle Partner Store (OKTA-117713)

    • Oracle Support (OKTA-116428)

    • Rackspace Cloud Control Panel (OKTA-117443)

    • RackSpace Webmail (OKTA-116598)

    • RingCentral (OKTA-115817)

    • RingCentral (UK) (OKTA-117124)

    • RingCentral SWA (OKTA-115555)

    • SendGrid (OKTA-116385)

    • Skype (OKTA-115290)

    • Smartsheet (OKTA-116462)

    • SnapAV (OKTA-117128)

    • SpyFu (OKTA-117143)

    • Team Gantt (OKTA-117007)

    • Tech Data (OKTA-115664)

    • Teladoc (OKTA-117572)

    • Twilio (OKTA-117571)

    • Uline (OKTA-118130)

    • ZocDoc (OKTA-116699)

    2017.10 Bug Fixes

    • OKTA-115175 - Read-only admins and Mobile admins had access to an invalid navigation link.
    • OKTA-117259 - When users requested access for a bookmark app they received a 500 internal server error message.
    • OKTA-115205 - Some Microsoft Office 365 WS-FED events were incorrectly logged as policy errors.
    • OKTA-116869 - RightNow CX provisioning failed with an HTTP transport error.
    • OKTA-114241 - Assigning users to an app sometimes failed when the locale attribute contained an underscore.
    • OKTA-116873 - Users were not properly imported into the Kickboard app from a CSV file.
    • OKTA-97702 - Some News UK users received Google license errors.
    • OKTA-115419 - Provisioning users to the Verecho app failed.
    • OKTA-116655 - All groups were not visible when adding or editing groups.
    • OKTA-118765H - After deleting a user, some successfully imported users did not appear on the Import tab, or appeared as imported with conflicts.

    2017.10 App Integrations Fixes

    The following SWA apps were not working correctly and are now fixed:

    • PhotoBucket (OKTA-117940)

    • Soundcloud (OKTA-117941)

    The following SAML app was not working correctly and is now fixed:

    • Pilgrim SmartSolve (OKTA-113317)

    2017.09 Bug Fixes

    • OKTA-26128 - The maximum length of a string in a password policy could not be validated under certain circumstances.
    • OKTA-90569 - Permission errors were thrown when attempting to send messages to end users.
    • OKTA-93556 - An error message was not received after entering a blank email when unlocking a user account.
    • OKTA-93953 - The password field accepted only two digits instead of three when configuring password attempts.
    • OKTA-107621 - The System Log incorrectly showed a Zone as OFF_NETWORK, even though it was correctly processed as ON_NETWORK.
    • OKTA-108000 - In the SAML Settings section of the App Integration Wizard, the Custom Field Mappings Expressions dialog box rendered incorrectly.
    • OKTA-108219 - The Okta browser plugin 's auto-login feature failed for a custom SWA app in certain circumstances.
    • OKTA-110347 - The legacy EventType was missing from the downloadable System Log report.
    • OKTA-110623 - Custom attributes with Read-Write user permission added to the Okta user profile did not appear in end user Personal Information settings unless the admin added an attribute value.
    • OKTA-111332 - Deactivated users were not returned in user searches.
    • OKTA-111339 - Users from Salesforce who have a custom profile in the EA Salesforce Community and Portal feature could not be imported.
    • OKTA-111394 - When the group password policy or password policy Softlock features were enabled, users could not unlock AD accounts with self-service unlock.
    • OKTA-111945 - Mobile phone information was not written to the correct location in the Facebook@Work app.
    • OKTA-112045 - Reset MFA was unavailable on the Admin Dashboard when Prompt for Factor was not selected in the security policy.
    • OKTA-113380 - All users were deprovisioned from the SuccessFactors app (EA) during scheduled imports in certain circumstances.
    • OKTA-113485 - Some Group Push rules could not be deleted.
    • OKTA-113524 - The Pending Task Notification banner displayed for some apps when there were no pending tasks.
    • OKTA-113961 - Users marked as billing and technical contacts could not be deleted.
    • OKTA-114101 - When trying to reset a password using SMS, sending the code failed on the first attempt.
    • OKTA-114165 - Transaction event lag was not displayed in the System Log 2.0.
    • OKTA-114592 - Timezone and Locale user attributes were not saved correctly in the Salesforce app.
    • OKTA-114983 - Deleting API tokens failed when the admin who created the token was deleted.
    • OKTA-115769 - No error message displayed when admins with insufficient permissions tried to assign users to a group.
    • OKTA-117646H – In the Active Directory Import tab, a message in the Import Results screen reported that some number of imported users needed review but no user records were listed in the main table.
    • OKTA-117757H – A language other than the configured language was displayed after signing in to Okta from a new device or from a browser not previously used to sign in to Okta.
    • OKTA-118132H – The Okta service was temporarily unavailable for HTTP requests with invalid region values.

    2017.09 App Integrations Fixes

    The following SWA apps were not working correctly and are now fixed:

    • Audible (OKTA-114601)

    • GEHA (OKTA-114569)

    • Google Merchant Center (OKTA-114806)

    • KnowledgeTree (OKTA-114606)

    • Limeade (OKTA-114803)

    • Mango Languages (OKTA-114618)

    • MINDBODY (OKTA-114620)

    • Newport Group (OKTA-114608)

    • Nextiva NextOS 3.0 (OKTA-113038)

    • SAP NetWeaver Application Server (OKTA-114801)

    • Skillshare (OKTA-114622)

    • UsabilityHub (OKTA-114160)

    2017.05 Bug Fixes

    • OKTA-59054 - A non-operational button to globally expire passwords was displayed in error.
    • OKTA-84474 - For end users required to provide MFA, the IWA background image failed to appear during sign on.
    • OKTA-89842 - Users were shown a menu option for which they did not have permissions and received an error page.
    • OKTA-89870 - The Assign Apps option was incorrectly available for the User Admin.
    • OKTA-89874 - Users profile pages did not display assigned applications.
    • OKTA-93556 - An empty email field failed to display the appropriate error message.
    • OKTA-96219 - Users created in downstream applications sometimes had the wrong group level attribute.
    • OKTA-98392 - Mobile setup for Duo MFA failed to scale for mobile devices.
    • OKTA-104954 - Null values for SCIM app custom attributes were not pushed to third-party apps.
    • OKTA-105809 - A 400 Bad Request error was caused when more than thirty users signed in using a single browser.
    • OKTA-105873 - Importing users via a CSV file failed for some types of apps.
    • OKTA-106534 - Box settings changes were saved even after the service account validation failed.
    • OKTA-106579 - Users weren't deactivated in Okta when the option Immediate Termination Reason for a Contingent Worker was set in Workday.
    • OKTA-106902 - Following an AD Import, the Employment Status and Job Information fields were not mapped in BambooHR.
    • OKTA-107388 - In app attribute settings, the Group Priority option Combine values across groups reverted to Use Group Priority after provisioning settings were changed.
    • OKTA-107998 - API-activated users were successfully created and assigned to a group, even when they did not meet the group's password requirements, but failed at activation.
    • OKTA-108093 - Microsoft Office 365 failed to push null values for the Description in a Distribution List or Security Group.
    • OKTA-108477 - Signing in to ClearCompany from the Okta dashboard failed.
    • OKTA-109159 - Manipulating HTML script tags for use in the Okta MFA security question was prevented, while saving unsafe database additions was allowed.
    • OKTA-110000 - When group memberships in Org2Org were updated, members were removed, then re-added. In some cases this caused unwanted deprovisioning.
    • OKTA-110090 - Workday-mastered, imported end-users were intermittently arrested in an activating status.
    • OKTA-111110 - An empty Reports section on the Admin Dashboard was displayed inadvertently.
    • OKTA-111322 - Group Pushes to Slack failed.
    • OKTA-111339 - Salesforce Community provisioning failed for custom Community user profiles.
    • OKTA-111391 - End-users were prompted for MFA more often than the specified, app-specific sign on policy rule.
    • OKTA-111609 - The new System Log did not log User attempted unauthorized access to app events.
    • OKTA-111614 - System Log queries containing the { character failed.
    • OKTA-111662 - Users imported from the RightNow CX app did not have an External ID attribute.
    • OKTA-111832 - Authenticating users failed for apps that use wrappers.
    • OKTA-112707 - The Show More button did not display when filtering the list of OAN applications by Supports Provisioning.
    • OKTA-112713 - Users were prompted twice for credentials: once to access OKTA, and again to access a SAML app.
    • OKTA-113380H - All users were deprovisioned from the EA Success Factors app during scheduled imports.
    • OKTA-113406 - Passcode rules were sent to iOS and Mac OSX devices even though a Simple Passcode policy had not been configured.
    • OKTA-113873 - Okta SMS failed to re-send an authentication code during MFA enrollment.
    • OKTA-114245 - Requesting the SAML ACS endpoint by URL failed for some existing apps.
    • OKTA-114296H - Users of Firefox browser version 51.0 and later were prompted to install the Okta browser plugin even though it was already installed and functional.
    • OKTA-114334H - In our support for multiple ACS URLs, SAML responses contained incorrect recipient and destination URLs.
    • OKTA-114885H - Attempting to clear a group provisioning error by changing a user's samAccountName via the Task page failed.
    • OKTA-116085H - Updating app profiles for a large number of assignments failed in some circumstances.
    • OKTA-116211H - Group rules were not processed in some circumstances.

    2017.05 App Integrations Fixes

    The following SWA apps were not working correctly and are now fixed:

    • Account Research Manager (OKTA-112001)

    • Becker CPA Exam Review (OKTA-113793)

    • Club OS (OKTA-113777)

    • DataSafe (OKTA-113471)

    • Dell Member Purchase Program (MPP) (OKTA-112809)

    • Engage (OKTA-113764)

    • Engrade (OKTA-112825)

    • FidelityPSW (OKTA-111625)

    • FlightStats (OKTA-113795)

    • Glassdoor (OKTA-112826)

    • IFTTT (OKTA-113794)

    • IMDB Pro (OKTA-113491)

    • J.P. Morgan ACCESS (OKTA-112816)

    • MassMutual RetireSmart (OKTA-112822)

    • Mastermind (OKTA-112358)

    • Netatmo Channel (OKTA-113603)

    • PaperHost (OKTA-113602)

    • Practising Law Institute (OKTA-112812)

    • Redis Labs (OKTA-113422)

    • ROI Solutions (OKTA-113762)

    • ShipStation (OKTA-112293)

    • Site5 (OKTA-113790)

    • Stack Overflow Careers (OKTA-114146)

    • StatusCake (OKTA-114162)

    • The Hartford EBC (OKTA-113160)

    • The Institutes (OKTA-112814)

    • Ticketmaster ONE (OKTA-112819)

    • TriCare (OKTA-113402)

    • VerizonWireless (OKTA-112811)

    • ZipRecruiter (OKTA-112810)

    • Microsoft Hotmail (OKTA-113181)

    2017.02 Bug Fixes

    • OKTA-105737 – Some diacritical marks were missing in the Czech language version of end user settings and security questions.
    • OKTA-107252 – Some end-users received an error when submitting their cell number for SMS-based, self-service password reset.
    • OKTA-108889 – Overly restrictive requirements prevented private apps from uploading to the Private App Store.
    • OKTA-109731 – After assigning an app to a group and changing one user to individual assignment, unassigning the group failed.
    • OKTA-111070 – Connecting to the Asana SCIM server failed for TLS1.2.
    • OKTA-111174 – The Okta Sign In page did not resize automatically on some iPhone versions.
    • OKTA-111344 – The Importing users from CSV message did not clear even though the import completed successfully.
    • OKTA-111577 – SSO to the Quantas app failed for Internet Explorer.
    • OKTA-111707 – After enabling the New Okta Sign-In Experience for some orgs, the sign-in fields weren't visible.
    • OKTA-112193H – In certain circumstances, schema discovery failed after enabling provisioning settings of the Org2Org app.
    • OKTA-112886H – In orgs with mobile policies created before introduction of the passcode option Allow simple value, iOS and OSX device users were prompted to change their passcode if any platform rules were changed.