Okta Classic Engine release notes (2018)
2018 Production Releases
2018.12 December release and updates
Generally Available Features
New Features
Push Notifications for the Okta RADIUS Agent
The Okta Radius Agent now includes functionality for end users to opt in to receive push notifications for MFA when enrolled with Okta Verify. For information on how to enable this setting, see Autopush for RADIUS.
Okta Windows Credential Provider agent, version 1.1.3
This release contains general bug fixes. For version history, see Okta MFA Credential Provider for Windows Version History.
Profile Editor supports linked objects
You can now add a custom attribute with a linked object data type to the Okta user profile. For details, see Add a linked object to an Okta user profile.
Add Notes to Okta-managed apps
You can now add App Notes to communicate with end users and other admins about apps. In addition to enhancing app deployment and usage, App Notes can also reduce help desk calls, provide troubleshooting assistance, and increase end user self service.
App Notes facilitate the following types of communications:
- Application notes to end users – Allows admins to present helpful information to end users, such as why they've been assigned the app, whom to contact for help, and links to additional information.
- Application notes to admins – Allows admins to share administrative details about apps with other Super, App, Read-only, and Mobile admins.
For more information, see Add notes to an app.
Super admins can choose default email notifications for admins
Super admins have the ability to select which email notifications a specific type of admin receives by default. This allows you to manage the amount of email traffic the different admin roles receive. The new defaults will override existing admin email notifications default settings (see Email Notifications for default settings). This will exclude most admins from receiving most email notifications.
Generally Available Enhancements
Admin Console update
We have updated the release number displayed in the Admin Console to the YYYY.MM.U format that we are officially adopting with the December Monthly Release. For more information, see Okta Classic Engine release notes.
Okta User Communication improvement
We have improved the Okta User Communication message in Settings > Customization to clarify the scope of end user communication.
Group Push enhancements
Group Push now supports the ability to link to existing groups in the following application integrations:
- Smartsheet
- Facebook at Work
- Org2Org
- Adobe CQ
- JIRA, JIRA On-Prem
- DocuSign
You can centrally manage these apps in Okta. For details, see Enhanced Group Push.
People page performance improvements
The A-to-Z links on the People page have been deprecated as part of efforts to improve the performance and responsiveness of the page in the Admin UI for large orgs.
Reports enhancement
When generating reports, the earliest start date you can select is now 13 months prior to the current date. For more information about Reports, see Reports.
Early Access Features
Early Access Enhancements
FIPS-mode encryption enhancement
We have updated the Okta Verify configuration UI label for the FIPS-Mode encryption setting. For more information, see Enabling FIPS-mode encryption.
Fixes
General Fixes
OKTA-185031
Recreating group push mappings for previously existing groups would cause group memberships to not be mastered by Okta.
OKTA-187881
An LDAP directory could not be assigned to an Okta group when Sync password was enabled and Create users was disabled.
OKTA-193192
Some end users were still prompted to authenticate with MFA despite successful enrollment with Okta Verify or Duo within the same session.
OKTA-194472
The API Access Management Admin role was not returned for the user when performing a GET on api/v1/users/${userId}/roles endpoint.
OKTA-195092
When using browsers other than Internet Explorer, Agentless Desktop SSO was performing two authentication requests for each user, increasing the authentication time.
OKTA-196220
Push Groups functionality only worked for admins with Super Admin rights.
OKTA-197099
Provisioning operations for the Coupa app failed.
OKTA-197991
The MFA Usage Report listed Okta Verify with Push as an enrolled factor even if the factor was reset by an end user from their dashboard making it no longer enrolled.
OKTA-198258
There was a minor grammatical error in the app approval admin notification message.
OKTA-198556
IdP Discovery rule with a Sharepoint On-Premise specific app instance condition was not routing properly on SP-initiated login flows.
OKTA-198797
After creating an ASN dynamic zone via the API, then viewing via the UI, the default proxy type was Unchecked instead of Any proxy.
OKTA-201054H
SAML IdP flow broke down with a 404 error if the ACS URL was in {{org}}/auth/saml20/{{IdP name}} format.
App Integration Fixes
The following SWA apps were not working correctly and are now fixed
- Alibaba Cloud (Aliyun) (OKTA-198076)
- Anaplan (OKTA-198239)
- Apple Business Manager (OKTA-198241)
- Dell Boomi (OKTA-198237)
- Egencia UK (OKTA-198487)
- Linux Academy (OKTA-198691)
- PacificSource InTouch (OKTA-197597)
- Perfode (OKTA-198238)
- Rival IQ (OKTA-190557)
- Salesforce: Marketing Cloud (OKTA-197948)
- Web Manuals (OKTA-199509)
Applications
Application Updates
The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
- LearnCore: For configuration information, see LearnCore's Using Okta for provisioning and SSO in LearnCore.
New Integrations
New SCIM Integration Application
The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:
- Web Manuals: For configuration information, see Web Manuals' Okta Provisioning Instructions.
SAML for the following Okta Verified applications
- Abstract (OKTA-192587)
- BambooHR (OKTA-199943)
- CloudBees (OKTA-191171)
- SAP Concur Solutions (OKTA-198484)
- Workable (OKTA-198491)
SWA for the following Okta Verified applications
- Acronis Cloud (OKTA-189384)
- Ameriflex Wealth Care Portal (OKTA-197201)
- Autodesk BIM 360 (OKTA-194354)
- buildpulse (OKTA-196661)
- Business Insider PRIME (OKTA-196625)
- Drift (OKTA-192116)
- Forum: Business Online Banking (OKTA-195330)
- HigherGear - (OKTA-196158)
- HomeDepot Vendor Portal (OKTA-190428)
- HP DaaS (OKTA-196207)
- Insperity Premier (OKTA-191066)
- Kayak (OKTA-74699)
- TrendKite (OKTA-197199)
- WealthEngine (OKTA-198240)
- Zywave Home (OKTA-193830)
Weekly Updates
2018.12.1: Update 1 started deployment on
December 17
Fixes
General Fixes
OKTA-155477
AD-mastered users logging into Okta with a temporary password were not asked to create a new password.
OKTA-177142
Inbound delegated authentication failed in application when the application username and Okta username were different.
OKTA-182115
As a result of multiple redirects, URLs became too long when a SAML app was used in conjunction with IWA and multifactor authentication.
OKTA-188067
When adding a user to the source user group, if the target user group did not exist, group push mappings did not display an error.
OKTA-189754
The Sign On policy did not show a warning after reaching the limit of 20 rules per policy in the UI. The limit has now been increased to 50 before showing the warning.
OKTA-190684
The OpenID Connect Client ID Token settings form was missing a link to the reference documentation about the groups claim, also the the Sign On mode tab was missing a link to the profile mappings.
OKTA-191321
In some cases, the LDAP search filter did not allow using "<" and ">" simultaneously.
OKTA-191398
The System Log did not include hostname in the Debug Context for Windows events.
OKTA-195890
IdP Discovery routing rules with an application condition and without a user identifier condition were not routing to social IdPs.
OKTA-195916
Resetting the password for one account while a different user was signed into another account in the same browser generated a successful System Log event for the wrong account, and the UI showed a failure message although password reset was successful.
OKTA-196579
The WebEx app did not update sessionType attributes for users.
OKTA-199133
The System Log did not report enrollment failures that occurred when the relevant Device Trust setting was not enabled in the Okta Admin Console.
OKTA-200176
The Application Usage report returned a server error instead of a bad request message when an invalid date was entered to generate the report.
App Integration Fixes
The following SAML app was not working correctly and is now fixed
- IntraLinks (OKTA-198125)
The following SWA apps were not working correctly and are now fixed
- Crunchbase (OKTA-198994)
- Dashlane Business (OKTA-199046)
- Shopify (OKTA-200163)
- Thycotic Force (OKTA-198995)
Applications
New Integrations
The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:
- OfficeSpace Software: For configuration information, see the OfficeSpace Software Okta - SCIM configuration guide.
SAML for the following Okta Verified applications
- Expiration Reminder (OKTA-200470)
- RecruitBot (OKTA-196618)
SWA for the following Okta Verified applications
- Haivision Support (OKTA-191530)
- ONE by AOL: Video (OKTA-196063)
2018.12.2: Update 2 started deployment on
January 7
Fixes
General Fixes
OKTA-71278
The Identity Providers list was missing the Action column header and had alignment issues.
OKTA-154988
Missing fields were not highlighted in the error message displayed when adding a new SAML identity provider.
OKTA-189636
Username changes in Okta for AD-Mastered users were not correctly pushed to the JIRA On-Prem app.
OKTA-190763
Users who had been locked out and then deactivated were still listed as locked out on the Reset Password and Unlock People pages, as well as on dashboard notifications.
OKTA-191917
When the Agentless Desktop SSO flow failed, the FromURI parameter was missing, causing a launched app not to load.
OKTA-193120
Incremental imports did not properly terminate users due to time zone differences.
OKTA-194696
Group membership updates that failed due to the Org2Org rate limit were not retried.
OKTA-197806
For orgs with the EA feature, Advanced Schema for Box enabled, assigning a group to Box sometimes failed.
OKTA-201633
The users/${userId}/factors/catalog endpoint returned email as a supported factor type although Email Authentication had not been enabled for the org in their MFA setting.
OKTA-201799
When searching for a group containing a space character, the text box selection to continue typing was lost and required users to click on the text box again to type next character.
App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Aha (OKTA-200921)
-
Amazon DE (OKTA-200178)
-
CarGurus (OKTA-201462)
-
Cintellate by SAI Global (OKTA-201461)
-
GFI Mail Essential Online (OKTA-199274)
-
GTA Travel (OKTA-200126)
-
Gusto (OKTA-199737)
-
Handshake (OKTA-201464)
-
HP Connected (OKTA-200425)
-
MyViverae by Viverae (OKTA-200739)
-
Papertrail (OKTA-199505)
-
Sauce Labs (OKTA-199066)
-
SeamlessWeb (OKTA-201041)
-
The San Diego Union-Tribune (OKTA-201415)
Applications
Application Updates
The following partner-built provisioning integration apps are now Generally Available in the OIN as partner-built:
- Retool: For configuration information, see Retool's Okta Specific Guide.
- Wrike: For configuration information, see Wrike & Okta, User Provisioning.
- Drift: For configuration information, see Drift's Okta SCIM Configuration Guide.
- OfficeSpace Software: For configuration information, see the OfficeSpace SoftwareOkta - SCIM configuration guide.
New Integrations
The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:
- 4me: For configuration information, see 4me's OKTA configuration instructions.
- Tableau Online: For configuration information, see Tableau Online's Automate User Management through an External Identity Provider.
- CyberArk SCIM Server: For configuration information, see Configuring Provisioning for CyberArk SCIM.
- Workpath: For configuration information, see Workpath's Okta Configuration Guide.
SAML for the following Okta Verified applications
-
Abacus (OKTA-201459)
-
Envoy Global (OKTA-201924)
-
Firstbird (OKTA-202087)
-
Five9 Plus Adapter for Salesforce (OKTA-198492)
-
Imagineer WebVision (OKTA-202327)
-
International Relocation Center (OKTA-200829)
-
iObeya (OKTA-198510)
-
SevenRooms (OKTA-199302)
-
Splash (OKTA-201453)
-
Wootric (OKTA-198958)
-
Zoom SAML (OKTA-200668)
SWA for the following Okta Verified applications
-
Anexia Engine (OKTA-197187)
-
Bloomberg (OKTA-198566)
-
CAPPS Enterprise Portal (OKTA-190371)
-
FHLBank of Dallas (OKTA-189796)
-
Information Management Network (OKTA-199265)
-
Morningstar UK (OKTA-199264)
-
NET-ENTERPRISES.FR (OKTA-190878)
-
PostNL Digital Postage Stamp (OKTA-198257)
-
Quip (OKTA-191534)
-
SonicWall Capture Security Center (OKTA-198693)
-
TxDMV webDEALER (OKTA-192030)
-
Vantiv IQ (OKTA-193087)
Mobile application for use with Okta Mobility Management (OMM) (Android and iOS)
-
LogicMonitor (OKTA-193723)
2018.47 and 2018.48 Production release began deployment on December 3
Group Push mappings status enhancement
When you delete a group, the Group Push mappings associated with the group are disabled and the mapping status will show as an error. You can then either deactivate or delete the mappings. For information about Group Push, see Using Group Push.
Enhanced IdP Discovery routing rule warnings
When you create a rule for an active Identity Provider, you can choose whether to activate the rule and apply it immediately, or else create it in an inactive state. Conversely, when you create a rule for an inactive Identity Provider, the rule cannot be activated and is automatically created in an inactive state. :
When you deactivate an Identity Provider with active routing rules, Okta displays a warning that the rules will be deactivated. :
For more information about Identity Providers, see Identity Providers.
Network zone country code for Kosovo
When configuring network zones, admins can now set Kosovo as a country using country code XK in order to ensure that IP addresses from Kosovo are more accurately defined.
New System Log event for invalid app-to-app mappings
If an app-to-app mapping includes an invalid expression, profile sync job creates a new System Log event to capture the failure, skips evaluating the expression, and processes the rest of the mapping. :
BambooHR integration update
The BambooHR integration now supports OpenID Connect (OIDC). For configuration information, see the BambooHR Provisioning Guide.
2018.46 began deployment on November 26
Okta plugin, version 5.24.1 for Chrome
The Okta browser plugin for Chrome is updated to version 5.24.1. This version includes the following bug fix:
- App icons did not load in Okta plugin for Google Chrome when the CDN was disabled.
For version history, see Okta Browser Plugin Version History.
2018.45 began deployment on November 12
Okta plugin, version 5.24.0 for Chrome and Firefox
The Okta browser plugin for Chrome and Firefox browsers is updated to version 5.24.0. This version includes an update to the end user plugin settings (available in Early Access) and back-end product enhancements. For version history, see Okta Browser Plugin Version History.
New RingCentral attribute
Job Title has been added to the list of RingCentral custom attributes that can be added via Schema Discovery. For more information about RingCentral provisioning, see the following provisioning guides:
Custom Okta attributes supported in the Microsoft SharePoint (On-Premises) app SAML assertion
For SharePoint (On-Premises) app, Expression Language evaluation for Application Attributes now supports sending any OKTA user attributes, including custom OKTA user attributes. For more information, see Adding the SharePoint (On-Premises) App in Okta.
Clearing unconfirmed users
During standard imports, users are sometimes mistakenly imported from 3rd-party apps. The Clear Unconfirmed Users button allows admins to clear all unconfirmed users within an import queue. See Import users.
2018.44 began deployment on November 5
Report data start date
When generating reports, the earliest start date you can select is now 13 months prior to the current date. For details about Okta reports, see Reports.
New Microsoft Office 365 app integration
Okta has made a new app integration, Microsoft Power BI, available for the Microsoft Office 365 app. You can enable it on the General tab of your org's Microsoft Office 365 app instance. For details, see Enable a Microsoft Office 365 application.
2018.42 began deployment on October 22
Region codes for Network Zones
Region codes for China have been updated due to a recent change in the universal ISO standard. To prevent region codes from displaying incorrectly, update your network zone region codes accordingly.
Warning added to unlinking groups UI
Unlinking between an Okta group and the pushed group in downstream application cannot be reversed. A notification has been added to warn the admins that unlinking a group in this way cannot be undone.
2018.41 began deployment on October 15
User Locked Out email changes
User Locked Out emails are sent to admins in batches and contain a list of all users who are locked out. The email shows users locked out since the previous email was sent. Previously each admin received one email for each locked out user in real time.
Multifactor Authentication single page UI
Administration for multifactor authentication is streamlined with a new single page design that improves navigation and usability for enabling and configuring authentication factors. For more information, see Multifactor Authentication.
Improved People page filter and Profile page details
We've added more detail to the user state labels on the People page. :
And now provide the action required for users in a pending state on the User Profile page. :
Configure App Approval Workflow
This feature enables an administrator to configure a workflow for a self-service app that requires approval. It enables an end user to request access to an app and an approver to approve or deny the request. For more information, see Access Request Workflow > Configure the App Approval Workflow.
Per-App Password Policy
The policy for randomly generated passwords for Password Sync can now be defined by Okta, on a per-app basis.
If Okta's randomly generated password for Password Sync does not meet the password requirements of a specific app, Okta can, upon request, change that app's password policy. This functionality is now available for all orgs.
User sessions deleted after password reset
Okta now deletes all users' sessions after a successful password reset as part of the forgot password flow.
Additional options for activation email lifetime
Admins can configure activation emails with lifetimes of 1, 2, or 4 hours. For more information on the General security options, see General Security.
2018.40 began deployment on October 8
There were no new features in this release. For new apps and bug fixes delivered in this release, select the appropriate tab.
2018.39 began deployment on October 1
There were no new features in this release. For new apps and bug fixes delivered in this release, select the appropriate tab.
2018.38 began deployment on September 24
Access to the self-service menu for an org
Only a Super Admin can view the self-service menu (Applications > Self Service) for an organization. In the past, both org admins and super admins could access this menu. There is no change to the options on the menu. For more information on roles and permissions, see Administrators.
2018.37 began deployment on September 17
Username passed to target orgs
In an Identity Provider Discovery flow, the username entered as the identifier in the first screen is passed to other Okta orgs. End users do not need to re-enter a username when signing in to any other Okta org to which they are redirected. For more information, see Identity Provider Discovery.
Support for Norwegian language as Beta
Support for the Norwegian (Bokmål) language for the end user experience is now available to all customers in Beta format. You can select the default language preference for your entire org, and your end users can select a different language preference for their own experience. For more information, see Configure the Display Language.
2018.36 began deployment on September 10
Ability to download CSV report containing admin data
Super org admins can now download a CSV file containing a list of all admins and their permissions, using the Download CSV button on the Administrator page. For details, see Administrators.
Support for JWTs signed with private keys
Requests to the /token and /authorize endpoints will now accept JWTs signed with a private key. For more information, see the OIDC documentation for the token endpoint and the authorize endpoint.
Admin email notifications default to off
These email notification types are off by default for admins in new orgs:
- User Deprovision
- App user import status
- User lockouts
Each admin can individually opt in at Administrator > Settings > Account. Admins in existing orgs will be unaffected. For details, see Account Settings. This feature is available for new orgs only.
New device notification email
When enabled, end users will receive a new device notification email when signing in to Okta from a new or unrecognized device. This feature is now generally available to all orgs. For more information about email notifications, refer to the New or Unknown Device Notification Emails section in General Security.
Changes to where an application username is configured
Okta is consolidating where app usernames are configured. Instead of being able to change the app username in the Profile Editor and the app's Sign On tab, you will be able to edit the Okta to App username mappings only on the app's Sign On tab.
Note: The following apps will not be changing their behavior: Active Directory, LDAP and SAML Identify Provider.
Profile Editor - Before
For the Okta to App flow, you can no longer override username mappings in the Profile Editor.
Profile Editor - After
Username mappings on the Sign On tab
The userName mapping in the app's Sign On tab will be the source of truth for the Okta to App flow. Updating the userName mapping on Create only or Create and Update will also be controlled from the app's Sign On tab. :
Send admin emails as BCC
Super Admins and Org Admins can send all admin emails as BCC so that recipients' email addresses are hidden. For more information, see Global notifications options.
Manage the Okta loading animation for custom apps
You can now disable the default Okta loading animation (interstitial page) that appears when users are redirected to custom applications. End users are shown a blank interstitial page, instead. This allows you to present a more branded end user experience. For more information, see Customizing the Interstitial page>.
Access Request Workflow for App Self-Service
This feature streamlines the App Self-Service UI with the Access Request Workflow UI and allows admins to write a note to the end user about the app instance. See Access Request Workflow and Self Service Registration for more details.
Manage Apps at the Instance level
You can now assign Apps to App Admins at the instance level. This allows for more granular access control. For details, see Administrators.
Customizable email alert template
We have added a new, customizable email template that alerts your end users when someone connects to their Okta account from a new device. This feature protects against silent access to an end user's account. For more about Okta email templates, see Email and SMS Options. This feature is Generally Available for new orgs only.
U2F Activation and Enrollment
The Multifactor Factor Types UI has been updated to include U2F activation and enrollment for end users. For more information about U2F enrollment, refer to the Factor Types Configuration section in Multifactor Authentication.
2018.35 began deployment on September 4
Use Adaptive MFA with the VMware Horizon View, Pulse Connect Secure, BeyondTrust PowerBroker Password Safe, and Check Point apps
You can integrate Adaptive MFA with your VMware Horizon View , Pulse Connect Secure, BeyondTrust PowerBroker Password Safe, and Check Point clients. Follow these links for more information and complete setup instructions.
The SSR form now supports enum data types
The Self Service Registration (SSR) form now supports enum data types of string, numbers, and integers. For more information, see Okta Self-Service Registration.
2018.34 began deployment on August 27
Deactivation Emails improvement
Admins now receive an email listing all users deactivated during 30 minute periods instead of individual emails for each deactivation.
New Microsoft Office 365 app integration
Okta has made a new app integration, Microsoft Forms, available for the Microsoft Office 365 app. You can enable it on the General tab of your org's Microsoft Office 365 app instance. For details, see Enable a Microsoft Office 365 application.
2018.33 began deployment on August 20
Radius agent, version 2.7.4
This version contains security enhancements. For version history information, see Okta RADIUS Server Agent Version History.
Okta On-prem MFA agent, version 1.3.8
This version contains security enhancements. For version history information, see Okta On-Prem MFA Agent Version History.
2018.32 began deployment on August 13
System Log enhancement
The System Log now reports when requests are denied due to a blacklisted network zone. :
For more details about the System Log, see Reports.
MFA System Log events
The Factor Type for MFA events is moved from the Actor's details to the Event's details in the System Log. :
For more details about the System Log, see Reports.
Nine supported languages
Okta has added the following nine supported languages for Email and SMS Customization: Czech, Greek, Hungarian, Indonesian, Malaysian, Polish, Romanian, Turkish, and Ukrainian. See Supported display languages.
BambooHR integration enhancement
BambooHR now retrieves additional attributes such as department and division for pre-start users.
For more information about BambooHR provisioning, see the BambooHR Provisioning Guide.
New device notification emails
An enhancement to the device fingerprint feature has been made so that end users may receive a new device notification email when signing in via an embedded browser. Sign in via embedded browsers can take place in applications such as Microsoft Outlook on Mac OS or Windows and mobile apps. For more information about email notifications see New or Unknown Device Notification Emails.
Attribute mapping overrides
Admins can now recover the default values of mappings that had been overridden during individual app assignments. This feature also clearly displays default EL expressions, and simplifies overrides with Override and Reset buttons. For more information, see Attribute Mapping Overrides.
Google custom schemas
When enabled, Okta imports Google custom schemas which you can then map as additional custom properties. Note: In order to have permission to pull custom schema information from Google, Okta requires an additional OAuth scope. This requires you to reauthenticate your app instance in order use this functionality.
For more information about Google schema discovery, see the G Suite Provisioning Guide.
Add custom attribute: enumerated list
When you create a custom attribute, you can enter a list of enum values. For example, you can create a Shirt size attribute with a list of values including: small, medium, large. For details, see Create Custom Attributes.
Support for Salesforce Community and Portal
This feature allows you to create instances of the Salesforce.com app that can integrate with either a Salesforce Customer Portal or a Salesforce Customer Community. For more details, see the Salesforce Provisioning Guide.
Custom email domain
You can configure a custom domain so that email Okta sends to your end users appears to come from an address that you specify instead of the default Okta sender noreply@okta.com. This allows you to present a more branded experience to your end users. For details, see Configure a Custom Email Domain.
Okta Mobile Fingerprint/Touch ID and Face ID authentication
Okta Mobile supports fingerprint authentication on Android devices and Touch ID/Face ID authentication on iOS devices. For details, see Lock/Unlock the Okta Mobile App. :
Voice Call as a Factor
Voice Call Factor authentication is now available as an MFA factor. With this feature enabled, end users will receive a phone call that audibly provides a 5 digit verification code to be entered upon login. This factor can be enabled either on its own or with other factors enabled. For more information about voice call as a factor, see Multifactor Authentication. :
User interface updates to Group member page
The Group member page (Directory > Groups) has the following enhancements:
- The Manage People button is now the Add Members button.
- The Search bar is relocated to the right side of the screen.
- The managed column is now the Added By column to indicate who added the new group member.
Additionally, when searching for a user name, if the number of search results exceeds the page limit, you are prompted to refine your search.
EA Feature Manager
Super Admins have the ability to enable select Early Access (EA) features to which their organization is entitled. There is no need to contact Support to request access to these new features. EA features that require additional configuration will still require assistance from Support to be enabled.
You can also track availability of EA features on the Product Roadmap available in the Okta Help Center.
2018.30 and 2018.31 began deployment on August 6
Application Usage report enhancement
In addition to filtering by application, Okta's Application Usage report has an option to include report data from All applications. If you select this option, the data is only available to download as a CSV file (in unaggregated format).
For more details, see Reports.
Group Push enhancements
Group Push now supports the ability to link to existing groups in Zendesk. You can centrally manage these apps in Okta. While this option is currently only available for certain apps, Okta will periodically add this functionality to more and more provisioning-enabled apps. This feature is now GA. For details, see Using Group Push.
System Log enhancement
The System Log now reports when a user has been imported, updated, and deleted through real time sync.
The OIN Manager
The OIN Manager is an Okta portal through which independent software vendor (ISV) partners can submit SSO and provisioning apps to Okta. Once approved, these integrations are included into the Okta Integration Network (OIN).
2018.29 began deployment on July 23
Adaptive MFA available for Sophos VPN
You can integrate Adaptive MFA with your Sophos VPN clients. For more information, see Configure Sophos UTM to Interoperate with Okta via RADIUS.
Group membership rules limit increase
We have increased the default number of group membership rules allowed per org from 100 to 2000. For details about Group rules, see About Groups.
IP whitelist download file available
If your server policy is set up to deny access to external IP addresses and websites, you must configure a whitelist to enable access as required. The IP whitelist information can be obtained programmatically and can be downloaded in JSON format here: IP whitelist file. To view the current IP ranges, download the .json file. To maintain a history, save successive versions of the file. For more information about Okta IP whitelisting, see Configuring Firewall Whitelisting.
Reports update
Okta continues to optimize performance in generating reports with a focus on data reliability, quality and self service of report data delivery. To achieve this, certain reports are now delivered asynchronously as a CSV download. For more information about reports, see Reports. :
Active Directory agent, version 3.4.13
This release includes the following changes:
- The installer will not continue if it cannot use a TLS 1.2 connection to connect to the Okta service. For Windows 2008 R2 TLS 1.2 is disabled by default and needs to be enabled through the registry. For details, see TLS 1.2 registry edits.
- Increased the minimum .NET version supported to 4.5.2. If the installer does not detect .NET 4.5.2 or higher, it will be installed.
For version history, see Active Directory Agent Version History.
2018.28 began deployment on July 16
U2F as MFA Factor
U2F is available as an MFA factor. See Factor Types for more information about different MFA types, including U2F. :
Okta plugin, version 5.19.0 for all supported browsers
The Okta browser plugin for the Chrome, Firefox, Internet Explorer, and Safari browsers was updated to version 5.19.0 in release 2018.24. This version provides support for the Okta Account Chooser. For version history, see Browser Plugin Version History.
Per-App Password Policy
Policy for randomly generated password for Password Sync (password push to provisioning apps) can now be defined per app regardless of the password complexity rules required by the org. Per app password policy configuration is controlled by Okta and is not available to Okta admins at this time. This feature is available for new orgs only.
System Log enhancement
The Okta System Log and Events APIs filter out any password information that customers might have included in query parameters. This filter is part of our on-going optimizations to scrub sensitive data from logs. Okta always recommends that customers use POST requests, and never use sensitive data in HTTP GET parameters. :
2018.26 and 2018.27 began deployment on July 9
Multiple attribute support
Setting multiple enum value attributes on the end user Profile Settings page is now supported. :
Revised schema for Saleforce
New Salesforce app instances now come with a reduced set of base attributes:
- username
- firstName
- lastName
- profile
Attributes that used to be in the base schema are moved to custom:
- title
- communityNickname
- mobilePhone
- phone
- street
- city
- state
- postalCode
- employeeNumber
- companyName
- division
- department
- managerId
- role
- salesforceGroups
- featureLicenses
- publicGroups
This change allows admins more fine-grained control over which attributes Okta will sync in the downstream SFDC instance.
For information about Salesforce provisioning, see Okta's Salesforce Provisioning Guide.
Custom expression support for Confluence attribute mapping
Okta supports custom expressions when mapping attributes from Okta to Confluence. For more information about Confluence provisioning, see the Confluence Provisioning Guide.
:
Google schema discovery enhancement
- Support for custom properties to push and import to/from Google.
- Support for multi-value fields (arrays) for Google Schema Discovery.
For more information about Google schema discovery, see the G Suite Provisioning Guide.
Note: Boolean properties for multi-value fields are not supported by Okta Universal Directory. They are ignored during schema import and are not visible in the Profile Editor.
:
MFA Factors - new confirmation dialog
A confirmation notification is now displayed after resetting or enrolling in a factor. :
Use Adaptive MFA on an F5 BigIP APM
You can integrate Adaptive MFA with your F5 BigIP APM Edge clients. For complete installation and usage information, see Configure the F5 BigIP APM to Interoperate with Okta via RADIUS.
Improved messaging for authorization server changes
New message notifications appear when an Authorization Server is activated, deactivated, or deleted. :
Email address used in Request Access to Apps option no longer editable
To address a security vulnerability, end users' primary email address is now populated automatically in the Request Access to Apps dialog box and the Your email field is no longer editable. The dialog box displays when end users click Request an app in the footer of their Okta org. :
2018.25 began deployment on June 25
All admins unsubscribed from Trust incidents and updates email
All admins are being unsubscribed from receiving email notifications for Known Issues and System Outages which is now renamed to Trust incidents and updates. To receive these notifications, go to Settings > Account > Email Notifications. For details, see Email Notifications.
Admin Email Notifications name change
In Settings > Account, under Email Notifications, the Known Issues and System Outages option is renamed to Trust incidents and updates. All new Super admins will be subscribed by default. For details, see Email Notifications.
Admin Email Notifications for deactivated users
Some admins can select whether they want to receive emails when a user is deactivated. The admin roles that have this option are: Super Admin, Org Admin, App Admin and Mobile Admin. For details, see Email Notifications.
System Log enhancement
The following events are added to System Log:
- The feature for supporting multiple network zones is disabled for an org (IWA SSO only). :
- When synchronizing users with a directory, users will be skipped if they match default filter rules. :
2018.24 began deployment on June 18
Scope Selector enhanced
Downloads page reorganization
The Okta Downloads page contains a new section, MFA Plugins and Agents that replaces the Okta On-Prem MFA Agents section.
Remove the restriction on usernames in email address format
By default, Okta requires user names to be formatted as email addresses in Okta Universal Directory. Using the Format Restriction control in the Profile Editor, Administrators can remove the email format constraint from the Username attribute in Okta UD or replace it with a specific set of characters that are allowed. This provides additional control over the format for Okta usernames for all users in an Okta org. For more information see Manage profiles.
Switch between multiple Okta accounts using the Okta browser plugin
End users can now switch between multiple Okta accounts easily through the Okta browser plugin. This feature prompts signed-in end users to trust or reject subsequent Okta accounts the first time they access those accounts allowing them full control to choose seamlessly between accounts. For details, see Switch between multiple Okta accounts using the plugin.
CRL download enhancements
End-users can reset the Okta browser plugin
If there's a problem with the Okta browser plugin, an error message with a Refresh Plugin button now displays allowing end users to refresh the plugin cache. For more, see About the Okta Browser Plugin.
2018.23 began deployment on June 11
Improved organization of Okta email templates
The list of Okta-provided email templates is reorganized by template type. This makes it easier for admins to find and evaluate Okta-provided email templates in Settings > Email & SMS. For more information about Okta email templates, see Email and SMS. :
Updated error message
Error message text has been modified when assigning non-email formatted values for username attribute.
New System Log event
The System Log contains an entry when a user cannot be unlocked automatically by the nightly batch job due to a read-only event. :
Multiple network zones
Authentication whitelisting and blacklisting (explicitly permitting or denying access) based on network zones is now Generally Available (GA). Network zones are sets of IP address ranges. You can use this feature in policies, application sign on rules, and VPN notifications. This expands the use of Gateway IP Addresses. This feature is now GA for all orgs.
Custom email templates in multiple languages
Custom email templates allow you to send custom Okta-generated email messages to end users in multiple languages. See Customize an email template.
Radius Agent, version 2.7.3
This version disables CDN during install and contains bug fixes. For history, see Okta RADIUS Server Agent Version History.
On-Prem MFA agent, version 1.3.7
This version disables CDN during install. For history, see On-Prem MFA Agent Version History.
Okta Verify Auto-Push authentication
Okta Verify Auto-Push makes Multifactor Authentication (MFA) even easier. Now, when end users land on the MFA challenge page (with Okta Verify with Push enabled), the challenge is sent automatically with no need to click Send Push. To set up this feature, end users select Send Push Automatically on the authentication screen. For more information, see Okta Verify with Push Authentication. :
Cloud access security broker for SAML apps
Support for a cloud access security broker (CASB) is available for all SAML apps. For more information, see the CASB Configuration Guide.
Dynamic translation for custom email templates
When you customize an Okta-generated email template through the Add Translation dialog box, the text in the body of the template updates automatically into the language you select in the Language list. The Generally Available version of this feature includes updated labels and other minor UI improvements. See Supported display languages.
2018.21 and 2018.22 began deployment on June 5
Litmos support for SHA2
The Litmos integration is updated to support SHA2 cryptographic hash algorithm which utilizes the new Litmos SAML endpoint splogin. If you are currently using the Litmos SAML integration, Okta highly recommends that you review the steps outlined in the migration section of the Litmos Configuration Guide and switch to SHA2 at your earliest convenience. :
Use Adaptive MFA on a Fortinet appliance
You can extend Adaptive MFA to your Fortinet appliance. For complete installation and usage information, see Configure the Fortinet Appliance to Interoperate with Okta via RADIUS.
System Log events for new device notification emails
New device notification email events now appear in the System Log. :
U2F-compliant factor enrollment improvements
We've improved the user experience for U2F-compliant factor enrollment by making the following changes:
- U2F instructions are updated to remove references to specific browsers such as Chrome and Firefox
- Error messages now include more descriptive text
For more information, see MFA Factor Types. :
2018.20 began deployment on May 29
There were no new Production features in this release.
2018.19 began deployment on May 14
Update (May 23, 2018): Rate Limit Notifications
Added the following enhancements to support Rate Limit notifications:
-
Notification banners within Okta for Super administrators when the Rate Limit warning and violation thresholds have been reached within the last 24 hours.
-
Automatic email notifications to Super administrators when the Rate Limit warning and violation thresholds have been reached within the last 24 hours.
-
An Email Notifications setting available in Settings > Account for the Super administrator to turn the email notification on or off. This setting is turned on by default.
-
Syslog entries that track discrete rate limit events for warnings and violations, and that can be queried independently or jointly. This provides you with a full picture of organizational as well as individual client trends.
For example, the following query shows both warnings and violations:
eventType eq "system.org.rate_limit.warning" OR eventType eq "system.org.rate_limit.violation"
Both the notification banner and the email notification contain a link to the query above.
For more information, refer to Rate Limiting at Okta.
Simplified Convert Assignments screen
The Convert Assignments screen is populated only when there are assignments to convert. When there are no assignments to convert it presents a message. .
Agent version and TLS 1.2 compliance status, and other Downloads page enhancements
The Downloads page includes the following changes:
- The agent status is highlighted at the top of the page, indicating whether or not agents are up-to-date.
- Agent status information appears after the first agent of that type is configured.
- For the AD, SSO IWA, On-Prem MFA, Provisioning, and LDAP agents, there is now a status message indicating whether the agent is up-to-date or a new version is available.
- The Connected Agents table displays the host name, the version of the agent that is currently running, whether the agent is TLS 1.2 compliant.
- The AD Password Sync and RADIUS agents information includes a link to the System Log to view the agent version, if applicable.
- The Admin Downloads section moved to the top of the page and similar agents are grouped (for example, all AD agents are together).
- A link to a CSV file containing this information is added to the right-hand sidebar.
ID tokens enhancement
ID tokens can now be retrieved using a Refresh Token.
2018.18 began deployment on May 7
IWA Token Processing: Redirect to custom error page now available for all existing orgs
If Okta fails to process an IWA token, you can now redirect end users to a custom error page. This option is useful if you embed Okta into your solution and want to control end-to-end branding to enhance end user experience. For more information, see Login Error Page.
Note: This feature is now Generally Available for all orgs.
RADIUS app for RADIUS users
Workday integration enhancement
You can deactivate Workday mastered users on their last day worked, even if the period of time between that day and the termination exceeds a specified Pre-Start interval. See the Workday Provisioning Guide for more information.
Workday app enhancements
The Workday integration now connects to the latest Human Resources API (v29) and uses the Maintain Contact Information Workday API for email and telephone write back, a more secure web service that some customers prefer. Additionally Okta has improved the pre-start interval functionality by only processing new users being created and ignoring updates within the pre-start interval. There are also some performance enhancements when performing an import from Workday. See the Workday Configuration Guide for details.
This feature is Generally Available for new orgs only.
Configure Advanced API Access for Office 365
You can configure Advanced API Access for Office 365 instances by using the admin consent option on the Sign On tab.
Admins needs to leave this checked to complete OAuth authentication flow with O365, which is required for signing into applications such as Yammer, Teams, and CRM. For more information, see Admin Consent for Advanced API Access.
Workday integration update
Okta has updated its Workday integration: Workday Real Time Sync (RTS) can now run concurrently with regular imports. Refer to Workday Provisioning Guide to learn more about Workday RTS.
2018.16 and 2018.17 began deployment on May 1
Org admin shown as Actor for Device Trust Registration Task revocation
If the org admin revokes the Device Trust certificate through the admin console, the Sys Log for Device Trust Certificate Revocation now identifies the admin. As before, if the certificate is implicitly revoked due to user deactivation, the Actor continues to be shown as Okta System. For details, see Revoke and remove Device Trust certificates.
Citrix NetScaler integration
The Citrix NetScaler Gateway now integrates with Okta via RADIUS, in addition to SAML and OAuth. For detailed information, see the Citrix Netscaler Gateway Radius Configuration Guide.
Password reset available before activation
Password Reset is available for users who are not yet active. This is to enable users who may have lost their original activation email to request a password reset.
Double quotation marks supported in email logins
Email addresses enclosed in double quotation marks are supported for Okta logins.
Improved page labels
The Account tab on the Customization page is renamed General. For details about options on this tab, see Customization.
New documentation links for Windows Credential Provider and ADFS integration
Direct links to the documentation for the Okta Windows Credential Provider and the Active Directory Federation Services (ADFS) Plugin are available in the sidebar.
2018.15 began deployment on April 16
New AD Password Sync agent, version 1.3.6
This Generally Available agent update contains the following fixes:
- Locate the correct user when searching for a SamAccountName that is duplicated in a forest
- Include the User-Agent in the header of the request
For history, see AD Password Sync Agent Version History.
New Okta Plugin 5.17.1 for Chrome
This release fixes an issue where the screen appeared blank. For version history see Browser Plugin Version History.
Retry available for text message for forgotten password
The Forgotten Password Text Message screen offers an option to resend the code to enter for SMS or call again for Voice call. For more information about password reset functionality, see End User Password Reset.
PagerDuty uses API v2
The PagerDuty app now implements v2 of the PagerDuty API. PagerDuty API v1 is going to be deprecated on April 24, 2018. The change of API should be transparent to customers. For more information, see https://v2.developer.pagerduty.com/. For more information about PagerDuty provisioning, see the PagerDuty Provisioning Guide.
New OPP agent, version 1.2.3
This version provides internal fixes to the installer, including a fix which allows the installer to work behind a firewall.
For history, see On Premises Provisioning Agent and SDK Version History.
2018.14 began deployment on April 9
Okta email templates have a new look and feel
These newly-designed email templates are applied to standard (uncustomized) email templates, as well as to customized templates that have been Reset to Default. Previously-customized email templates that have not been Reset to Default are unchanged.
Configure the Okta browser plugin to work with a custom end user portal
You can configure the Okta browser plugin to behave on your custom end user portal exactly as it behaves in the Okta end user dashboard. For details, see Configure your custom end user portals to leverage the Okta browser plugin.
IWA Token Processing: Redirect to custom error page
If Okta fails to process an IWA token, you can now redirect end users to a custom error page. This option is useful if you embed Okta into your solution and want to control end-to-end branding to enhance end user experience. For more information, see Login Error Page.
Note: This feature is Generally Available for new orgs.
Exempt specified URLs from login form inspection
You can now set the SkipUrls registry key to prevent the Okta Internet Explorer browser plugin from inspecting the pages of specified URLs for the presence of login and change password forms. This allows pages to load faster. For details, see Exempt specified URLs from login form inspection.
Empty names replaced with the login name
When both first and last name attributes are empty, the login name is displayed in the following UI pages:
- User Picker in App Approver picker
- New Group
- Convert individual user back to group in app
- Exclusive user list in group rule
- App User assignment
- API token review
- Yubikey UI
- Spotlight search
First and last names can be null if they are removed in the Profile Editor or changed with the Users API.
IWA agent, version 1.11.5
This Generally Available release provides the following:
- To improve the security of IWA integrations, we now default to the TLS 1.2 security protocol in orgs running .NET Framework 4.5 or later. Orgs running earlier versions of the .NET Framework continue to use TLS 1.0.
- Fixed an issue that caused an error when accessing the Box desktop app with SSO.
- Internal fixes to the installer.
For history, see IWA Agent Version History.
LDAP agent, version 5.4.6
This Generally Available release provides internal fixes to the installer. For history, see LDAP Agent Version History.
The Okta plugin has been updated to version 5.17.0 for Chrome and Edge
This release provides performance and security enhancements. For version history, see Browser Plugin Version History.
Content of new device/browser email notifications improved
Email notifications sent to users after the detection of a new device or browser at login have improved messaging and now specify Unknown browser and Unknown OS instead of just Unknown.
2018.13 began deployment on April 2
Configure the Palo Alto Networks VPN to Interoperate with Okta
Okta and Palo Alto Networks interoperate through either RADIUS or SAML 2.0. For each Palo Alto gateway, you can assign one or more authentication providers. Each authentication profile maps to an authentication server, which can be RADIUS, TACAS+, LDAP, etc. Using RADIUS, Okta's agent translates RADIUS authentication requests from the VPN into Okta API calls. For more information, see Configure the Palo Alto Networks VPN to Interoperate with Okta via RADIUS.
System Log improvement – Client ID tracked
The Client ID field is now populated in the Client Section of the System Log.
System Log for the Hipchat and Confluence apps
System Log entries are now added for the Hipchat and Confluence apps. For details, see the Hipchat and Confluence sections in Provisioning Integration Error Events.
Microsoft Office 365 app, the default for the Admin Consent
When setting up an Microsoft Office 365 app, the checkbox for Admin Consent on SSO tab is now unchecked by default. For more information on Admin Consent, see Admin Consent for Advanced API Access.
Okta Verify iPad icons updated
Updated app icons for Okta Verify are available for iPad users.
Okta ADFS Plugin, version 1.4.0
The Okta ADFS (Active Directory Federaton Services) Plugin version 1.4.0 is available. This version supports load balanced ADFS servers.
2018.12 began deployment on March 26
Improved App Integration Wizard guidance for group attribute statements
The Learn More link in the Attributes Statements (optional) section of the SAML Settings page points to improved information.
Support for AD Agent Installer proxy credentials
In environments where internet traffic is required to go through a proxy, the sign-in flow for the AD agent installer uses the proxy settings specified within the installer. If no proxy settings are specified, the machine defaults are used. Previously,admins had to open up a hole in their data center firewall during installation.
For more information about the AD agent see Okta Active Directory Agent.
Cornerstone OnDemand Provisioning Guide available
An in-product link to the Provisioning Guide for Cornerstone app is added, replacing in-product help text.
New IWA agent, version 1.10.4
This release provides the following:
To improve the security of IWA integrations, we now default to the TLS1.2 security protocol in orgs running .NET Framework 4.5 or later. Orgs running earlier versions of the .NET Framework continue to use TLS1.
For history, see SSO IWA Web App version history.
New On-Prem MFA agent, version 1.3.4
This new version supports TLS 1.2.
For history, see On-Prem MFA Agent Version History.
2018.11 began deployment on March 20
Enhanced Custom Email Templates UI
Labels and messages in the Customize an email template feature are updated to improve usability.
Microsoft Office 365 admin consent flow improved
The Microsoft Office 365 (O365) admin consent flow is now optional and is selected by default on the Sign On tab for the O365 app. Admins needs to leave this checked to complete OAuth authentication flow with O365, which is required for signing into applications such as Yammer, Teams, and CRM. For more information, see Admin Consent for Advanced API Access.
Improved scopes descriptions
The default scopes included with OAuth Custom Authorization Servers have improved display names and descriptions.
Radius Agent version 2.7.1
This new version supports TLS 1.2. For history, see Okta RADIUS Server Agent Version History.
2018.10 began deployment on March 12
Social Login usability improvements - scopes picker
When configuring scopes for Identity Providers, whenever a comma, tab, or return is typed, scopes are tokenized. For example, typing "Profile, Email" in the Scopes field in the screenshot below, will result in two scopes, Profile and Email.
For more information, see User Consent for OAuth 2.0 and OpenID Connect Flows.
Okta base attributes First Name, Last Name now optional
Okta has defined 31 default base attributes for all users in an org. These base attributes are generally fixed and cannot be modified or removed. There are now two exceptions: First Name and Last Name. These two attributes can now be marked as required or optional for Okta-mastered users only. For details, see Profile Editor.
New parameter for authentication with Okta Verify with Auto-Push
An enhancement was made for our platform customers using the auto-push feature for Okta Verify. As a result, all product users will need to re-affirm their Okta Verify Auto-Push preference (check the Send Push Automatically checkbox) if it was checked previously. Following this, Okta Verify with Auto-Push will behave as it did originally. For more information about this new parameter, see https://developer.okta.com/docs/api/resources/authn.html#request-parameters-for-verify-push-factor.
The Okta plugin for the IE browser has been updated to version 5.16.1.
This release provides the following:
- Improved IE performance when Browser Help Object (BHO) logging is enabled
- An option to opt out of cert pinning through the registry
- Iimprovements and bug fixes
For version history, see Browser Plugin Version History.
System Log enhancements
- System Log events are added for the ExactTarget, GitHub, Google, Gotomeeting, Rightscale, Roambi, Samanage, SendWordNow, ServiceNow2, ServiceNow, Smartsheet, SugarCRM, VeevaVault, WebEx, Yammer, and Zendesk provisioning integrations. Previously, the log events were only available using the Okta API. For details, see Provisioning Integration Error Events.
- System Log events are added for the Huddle, Jive45, Litmos, Lotus Domino, MoveIt DMZ, Msbpos, NetSuite, Org2Org, PagerDuty, Postini provisioning integrations. For details, see Provisioning Integration Error Events.
External ID for the Zendesk app
We have added new external Id attribute to the Zendesk provisioning app.
Customize email attribute in Netsuite
You can now customize the email SAML attribute for the Netsuite app to map to an email or username attribute.
Custom user management not supported for RADIUS apps
The Enable on-premises provisioning configuration option is removed from RADIUS apps, as it is not supported.
Configure the Cisco ASA VPN to Interoperate with Okta
Okta and Cisco ASA interoperate through either RADIUS or SAML 2.0. For each Cisco ASA appliance, you can configure AAA Server groups which can be RADIUS, TACAS+, LDAP, etc. Using RADIUS, Okta's agent translates RADIUS authentication requests from the VPN into Okta API calls. For more information, see Configure the Cisco ASA VPN to Interoperate with Okta via RADIUS.
Okta Sign-in Widget 2.7.0
Version 2.7.0 of the Okta Sign-In Widget is available. New features include :
- Voice call as an option for Unlock Account
- Display of multiple MFA responses
- Display a warning for beta registrations
For more information, see Okta Sign-In Widget.
The Okta Integration Network (OIN)
The Okta Application Network (OAN) includes more than 5,000 pre-integrated business and consumer apps. As Okta expands beyond SSO and Provisioning, we are extending the network to include new integration types, and updating the catalog name to the Okta Integration Network (OIN). As part of this rebranding, we have changed the UI and documentation to reflect this change—managing and adding your apps and integrations remain the same.
The OIN now includes the following new integrations in addition to previous SSO and Provisioning options:
- F5 BIG-IP APM
- Sumo Logic Okta Activity Log Integration
- ServiceNow - Okta Orchestration Activity Pack
- Splunk Add-on for Okta
- QRadar Device Support Module (DSM)
For details about these new integrations, search and click the Learn More button.
Note: This feature is now Generally Available for all orgs.
Profile Master and User Life Cycle Management enhancements
The flow of an end user's identity throughout the different stages of access is known as a user's lifecycle. This release contains several enhancements to define the options that manage this cycle clearly.
- Simplified Import settings: Using a profile master necessitates a clear distinction between new and imported end users to prevent conflicts. Feedback from our users prompted improvements with matching rules, auto-confirmation and auto-activation settings.
- New lifecycle settings: When an end user is deactivated in a profile mastered app, admins can now set whether they are deactivated, suspended, or remain an active user in Okta.
See Profile Mastering and Life Cycle for more details.
Note: This feature is now Generally Available for all orgs.
API Access Management
Secure your APIs with API Access Management, Okta's implementation of the OAuth 2.0 authorization framework. API Access Management uses the Okta Identity platform to enable powerful control over access to your APIs. API Access Management can be controlled by Okta admins as well as by a rich set of APIs for client, user, and policy management. For details on features available from the Admin console, see API Access Management.
Use scopes in Rules
We've improved the text and flow of the Add Rules dialog that is part of the Early Access API Management functionality. For details see, Create Rules for Each Access Policy.
API Access Management Admin
The API Access Management Admin role has the following permissions:
- Create and edit Authorization Servers, Scopes, Claim, and access policies
- Create and edit OAuth/OIDC Client apps
- Assign users and groups to OAuth/OIDC client apps
- View user profiles when assigning users/clients for token preview
For more information, see API Access Management.
Animated transition
An animated transition page now appears when users click app integrations to log into apps:
2018.09 began deployment on March 6.
Production 2018.09 and 2018.08 are combined.
Social Login improvements
Integrating Social Login with Okta is improved with redesigned screens, prepopulated IdP username value, and expanded entry options for scopes. :
System Log changes related to Authorization Servers
The following message changes apply to either the Okta Org Authorization Server or a Custom Authorization Server including default (which requires API Access Management), or both, as indicated in each section.
Simplified Failure Messages from [/authorize]
The existing messages app.oauth2.authorize_failure, app.oauth2.as.authorize_failure and app.oauth2.as.authorize.scope_denied_failure replace these messages:
- app.oauth2.authorize.access_denied
- app.oauth2.authorize.invalid_client_id
- app.oauth2.authorize.invalid_cache_key
- app.oauth2.authorize.no_existing_session
- app.oauth2.authorize.login_failed
- app.oauth2.authorize.mismatched_user_in_cache_and_session
- app.oauth2.authorize.user_not_assigned
- app.oauth2.authorize.scope_denied
- app.oauth2.as.authorize.warn_failure
- app.oauth2.as.authorize.scope_denied
Details about the nature of the failure are included, so no information has been lost with this simplification.
These System Log changes affect responses from requests that involve either the Okta Org Authorization Server or a Custom Authorization Server including default.
Simplified Failure Messages from [/token]
Instead of supplying two different messages for token grant failures on /token, the existing message app.oauth2.as.authorize.token.grant_failure replaces these messages:
- app.oauth2.as.token.grant.warn_failure
- app.oauth2.as.token.grant.scope_denied_failure
This System Log change affects responses from requests that involve a Custom Authorization Server including default.
Simplified Success Messages from [/token]
Instead of supplying a different message for ID token and access token generation, there's just one message for each. The ID token or access token minted is included in the message as it was previously.
- The existing message app.oauth2.authorize.implicit_success replaces:
- app.oauth2.authorize.implicit.id_token_success
- app.oauth2.authorize.implicit.access_token_success
- The existing message app.oauth2.as.authorize.implicit_success replaces:
- app.oauth2.as.authorize.implicit.id_token_success
- app.oauth2.as.authorize.implicit.access_token_success
The _success messages weren't being written to the System Log previously, but are now.
These System Log changes affect responses from requests that involve either the Okta Org Authorization Server or a Custom Authorization Server including default.
Simplified Messages from [/token]
Instead of supplying a different message for ID token and access token generation, there's just one message for each. The ID token or access token minted is included in the message as it was previously.
- The existing message app.oauth2.authorize.implicit replaces:
- app.oauth2.authorize.implicit.id_token
- app.oauth2.authorize.implicit.access_token
- The existing message app.oauth2.as.authorize.implicit
replaces:
- app.oauth2.as.authorize.implicit.id_token
- app.oauth2.as.authorize.implicit.access_token
These System Log changes affect responses from requests that involve either the Okta Org Authorization Server or a Custom Authorization Server, including default.
System Log for the GoodData app
System Log entries are now added for the GoodData app. For details, see the GoodData section in Provisioning Integration Error Events
Update second email address in Master User Profile
Admins can update the second email address on a master user profile when Attribute Mapping is enabled.
Multiple MFA requirements display improvements
The Okta Sign On screen display is improved to display all factors when multiple Multifactor Authentication factors are required.
CSV header size limits increased
The header size limit for CSV imports is increased from 1000 to 50,000 characters.
2018.07 began deployment on February 26
System Log enhancements
The System Log tracks the following items:
- User authentication via IDP. :
- Country code for SMS and voices. :
- System Log events are added for the Clarizen, CrashPlanPro, Docusign, and Egnyte provisioning integrations. For details, see Provisioning Integration Error Events.
Improved error tracking
Added validation to API token creation when the maximum character length is exceeded
2018.06 began deployment on February 12
OpenID Connect scopes list available
When creating or updating a rule in the Custom Authorization Server's policy, there is a button to add all default OpenID Connect scopes to the rule condition quickly.
For more information, see Create Rules for Each Access Policy.
OAuth 2.0 Client Grant types reorganized
Grant types for OAuth 2.0 clients are reorganized for convenience on the General Settings page for an app and in the app creation screen in the developer console. For information on grant types, see App Wizard - Procedures.
Unlock an account by Voice Call
The Okta Sign In page supports unlocking an account with a Voice Call.
2018.04 and 2018.05 began deployment on February 6
System Log Enhancements
-
The System Log tracks mass password expiry events. :
-
The System Log tracks events when a user account is unlocked by an Admin, when the primary email for an account is updated, and when behaviors are detected.
:
:
:
Publish metadata for custom scopes
When defining custom scopes for an Authorization Server, you can choose whether the metadata for these scopes is included in the public metadata. For more information, see Create Scopes.
:
:
Authorization Server Policy Rule improvements
Information and error messages are improved for the Access Token Lifetime and Refresh Token Lifetime setting in a policy rule. :
Okta's Privacy Policy update
Okta's Privacy Policy, available at https://okta.okta.com/privacy/, was updated on January 18, 2018 in order to comply with new, forthcoming requirements promulgated by Google, and to disclose more precisely the manner in which Okta interoperates with Google's G Suite after the OAuth authentication flow is successfully completed by the admin.
2018.03 began deployment on January 22
Password Policy Soft Lock
The password policy soft lock feature provides the option to lock Active Directory (AD) mastered users in Okta with password policies. To ensure that users are locked in Okta before they are locked out of their windows accounts, Admins must set a lockout count in Okta that is lower than the lockout count specified in the AD policy.
This feature does not change the current behavior for any organizations. Consequently, when this feature is enabled, the default invalid password lockout count for Active Directory password policies is reset to zero (0). Admins must specify a new lockout count to use this feature which s tracked in the System Log as a policy update event.
Some legacy customers might have non-zero values set in the invalid password lockout count in Okta. When these values are reset to zero with this feature, a System Log event is created to show the old and new values and inform Admins that the lockout is disabled.
For more information, see Group Password Policies.
Import Lockout Status from AD
Lockout status from AD is not imported automatically. To receive these imports, contact Okta Support. Any legacy users who already receive these imports will continue to receive them.
Rollout
This feature is becoming Generally Available and will be enabled in a phased manner across all cells. The feature will be enabled for the majority of customers in Preview and US Cell 1 by January 19th and for the remainder of customers in all other cells by February 2nd.
Amazon Web Services (AWS) Redshift SAML integration
We have a new integration into Amazon Web Services (AWS) Redshift. This integration allows admins to provide end users a mechanism to securely login to their Redshift databases through SAML.
Improved workflow for creating OAuth 2.0 services
The button for creating OAuth 2.0 Services (Client Credentials apps) is moved from the applications list into the Add Application Wizard. For more information, see Add OAuth 2.0 Client Application. :
Improved workflow for OAuth 2.0 token preview
During OAuth Token Preview, selections for response type are not visible when the grant type is not IMPLICIT. For more information on token preview, see Test Your Authorization Server Configuration.
Specification for login initiated by available for all grant types
The General tab on the app instance screen for OAuth 2.0 clients now displays the Login initiated by dropdown for all grant types with App Only as the default. :
System Log enhancements
System Log entries were enhanced to include events when users were unassigned from group membership. :
Admin Managed tabs improved
Admin Managed tabs are not created if there are no apps to display in the tab. For more information, see Manage dashboard tabs for end users.
2018.01 and 2018.02 began deployment on January 16
Create user and expire password
When admins create a new user they can choose whether to have that user create a password on first sign in or create a password for the user which must be changed on their next sign in. For details, see Add People.
User and AppUser profile schemas
Added support to allow updates to User and AppUser profile schemas. See App User Schema API documentation for more information.
Netsuite Custom attribute support
The following User Profile properties have been added to our Netsuite integration:
location, class, notes, salutation, homePhone, officePhone, fax
To use these properties, you can either create a new app instance, or contact Okta Support to manually migrate the User Profile template. For more information about our Netsuite integration, see the Netsuite Provisioning Guide.
Placeholder text used in default Sign In page settings
In Settings > Customization, fields in the Sign In page section now contain default placeholder text instead of default editable text. This enhancement makes it easier to distinguish fields that contain Okta's default text from fields that contain custom, admin-provided text. Placeholder text disappears when you enter custom text in the field. For more information, see Customize Sign In Page headings, links, labels, and placeholders.
Authorization Server screen enhancements
Explanatory text on the Authorization Server are expanded, and also include a direct link to the Authentication Guide topic on the Developer site.
Improved error messages
Error messages for permission errors for the password reset dialog are more descriptive and user-friendly.
SHA-256 Signed Certificates for new SAML 2.0 apps
All new SAML 2.0 apps are bootstrapped with SHA-256 signed public certificates. Existing SAML 2.0 apps are unchanged.
UltiPro Integration Update
We have added email and phone writeback functionality for UltiPro international employees. For more information about UltiPro provisioning, see UltiPro User Import and Provisioning.
2018 Application Integrations and Updates
2018.48 (combines 2018.47 and 2018.48)
Application Update
The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
- Pivotal Tracker: For configuration information, see Tracker SCIM Documentation.
New Application Integrations
New SCIM integration applications
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:
- Retool: For configuration information, see Retool's SCIM User Provisioning - Okta Specific Guide.
- VidCruiter: For configuration information, see VidCruiter's Configuring SCIM with Okta.
SAML for the following Okta Verified applications
-
Freshdesk (OKTA-191125)
-
Numeracy (OKTA-197992)
-
Retool (OKTA-197113)
-
Saba (OKTA-193973)
SWA for the following Okta Verified applications
-
CALXA (OKTA-191701)
-
Dashlane Business (OKTA-188394)
-
FannieMae DUS Disclose (OKTA-193513)
-
Hillgate Travel (OKTA-191141)
-
Jack Henry and Associates (IPAY) (OKTA-194266)
-
Moody's (OKTA-193598)
-
MyToll (OKTA-190867)
-
Ncrunch (OKTA-190531)
-
Nmbrs (OKTA-188157)
-
PrintMail (OKTA-194265)
-
Retargeter (OKTA-191730)
2018.46
Application Update
We have updated our Zoom integration to support a new attribute, User Type. This allows customers to set the User Type per user being provisioned from Okta to Zoom to be either Basic, Pro, or Corp.
For users who have set up the Zoom integration and enabled Provisioning before November 8, 2018, follow the migration steps detailed in Zoom's Configuring Okta With Zoom if you want to use the new attribute.
New Application Integrations
New SCIM integration applications
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:
- Pivotal Tracker: For configuration information, see Pivotal Tracker''s Configuration Guide (note you will need to request access to this document.)
-
SpringCM: For configuration information, see SpringCM's Okta SCIM and SAML Integration.
SAML for the following Okta Verified applications
-
Cerner (OKTA-194709)
-
Coralgix (OKTA-195349)
-
Digify (OKTA-193483)
-
eLeaP (OKTA-194168)
-
Mimecast - Admin (OKTA-193270)
-
Mobile Locker (OKTA-194895)
-
SaaSLicense (OKTA-195120)
-
Synthetix (OKTA-189127)
SWA for the following Okta Verified application
-
Star Station (OKTA-187650)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
Aha! (OKTA-189385)
-
CorpTrav (OKTA-191634)
-
SAP Jam (SuccessFactors) (OKTA-189112)
-
Speco Technologies (OKTA-195019)
2018.45
New Application Integrations
New SCIM integration applications
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:
- Brivo Onair: For configuration information, see Brivo Onair's Identity Connector Integration Guide.
-
Rhombus Systems: For configuration information, see Rhombus Systems' How to Configure SCIM 2.0 with Okta.
SAML for the following Okta Verified applications
-
Abstract (OKTA-192943)
-
Clubhouse (OKTA-194685)
-
ExpenseNet (OKTA-194122)
SWA for the following Okta Verified application
-
Lead Apparel (OKTA-187687)
2018.44
New Application Integrations
New SCIM integration applications
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:
- Cerner: For configuration information, see Cerner's Publishing Identity Data Using Okta (note that you need a Cerner account to access this documentation).
- Atlassian Cloud: For configuration information, see Atlassian Cloud's Configure User Provisioning with Okta.
- WorkRamp: For configuration information, see WorkRamp's SCIM Configuration Guide.
- AlertMedia: For configuration information, see AlertMedia's How to Configure User Provisioning with Okta (SCIM) (note that you need an AlertMedia account to access this documentation).
SAML for the following Okta Verified applications
-
Aha! (OKTA-193716)
-
Drift (OKTA-193719)
-
Halo Communications (OKTA-192603)
-
Socialbakers (OKTA-193252)
-
UltiPro (OKTA-193804)
SWA for the following Okta Verified applications
-
Abbvie (OKTA-189416)
-
Air Canada Travel Agency (OKTA-189703)
-
Asteron Life (OKTA-185986)
-
ChathamDirect (OKTA-189336)
-
Cloud Conformity (OKTA-189068)
-
Entoro Investor Login (OKTA-187239)
-
NoMachine: Workbench (OKTA-185837)
-
Plivo (OKTA-187847)
-
Sabre Vacations Travel Agency Login (OKTA-186555)
-
XactAnalysis (OKTA-188418)
2018.42
Application Updates
- The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
- Figma: For configuration information, Figma's Configure Okta Provisioning.
New Application Integrations
New SCIM integration application
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:
- Federated Directory: For configuration information, see Federated Directory's Integrate with Okta.
SAML for the following Okta Verified applications
- Pigeonhole Live (OKTA-191208)
- Slab (OKTA-190334)
- Sunlight (OKTA-190547)
- Twic (OKTA-190548)
SWA for the following Okta Verified applications
- Amazon IT (OKTA-186022)
- AudaExpress (OKTA-187178)
- Citizens Business Bank Online Banking (OKTA-187670)
- Federal Mogul ePresentment for Corporation Statements & Invoices (OKTA-186329)
- WooBoard (OKTA-187152)
Mobile application for use with Okta Mobility Management (OMM) (Android and iOS)
- Corporate Travel Management (OKTA-190328)
2018.41
Application Update
The Solarwinds SWA integration application has been enhanced to support custom login URL's.
New Application Integrations
New SCIM integration applications
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access
- Tehama: For configuration information, see Tehama's instructions to Create a SCIM-based connected application.
- TextExpander: For configuration information, see the TextExpander Okta SCIM Configuration guide.
- Keeper Password Manager and Digital Vault: For configuration information, see Keeper Password Manager and Digital Vault's Configuring SCIM with Okta.
- Netskope: For configuration information, see Netskope's Provisioning Users and User Groups using OKTA.
SAML for the following Okta Verified applications
-
HubSpot (OKTA-190126)
-
Tines (OKTA-190101)
SWA for the following Okta Verified applications
-
Alamy (OKTA-189545)
-
Citrix Netscaler Gateway (OKTA-185234)
-
HiPay (OKTA-186563)
-
Invisalign (OKTA-186776)
-
LowesLink (OKTA-185180)
-
Meritain (OKTA-186927)
-
Mimecast - Admin (OKTA-185382)
-
Sabre Cruises (OKTA-186554)
2018.40
Application Update
The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
- Zinc: For configuration information, see Zinc's Setting up AD Sync with OKTA.
New Application Integrations
New SCIM integration applications
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:
- Forecast: For configuration information, see Forcecast's Single Sign-On and user provisioning with Okta.
-
Emburse: For configuration information, see the Emburse-Okta SCIM Configuration guide.
SAML for the following Okta Verified applications
- Carbon Black - PSC (OKTA-187929)
- MyWorkDrive (OKTA-189557)
- Seed (OKTA-188581)
SWA for the following Okta Verified applications
-
Air Canada: Corporate Rewards Agent Login (OKTA-185502)
- CommInsure: Adviser (OKTA-185985)
- OnePath Advisor (OKTA-185989)
- Risk Control (OKTA-185533)
- Scribble Maps (OKTA-185677)
Mobile application for use with Okta Mobility Management (OMM) (Android and iOS)
- HighGround (OKTA-184805)
2018.39
New Application Integrations
New SCIM integration application
The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:
- Figma: For configuration information, see Figma's Configure Okta Provisioning.
SAML for the following Okta Verified applications
-
Automox (OKTA-189108)
-
Instructure Bridge (OKTA-185486)
SWA for the following Okta Verified applications
-
ABD Insurance and Financial Services (OKTA-183836)
-
Deluxe-Strategic Sourcing (OKTA-186091)
-
GoCompare (OKTA-185231)
-
Google Discover (OKTA-184419)
-
New Voice Media (OKTA-184604)
-
Nitro Cloud (OKTA-186292)
-
Salesforce (force.com) (OKTA-184354)
-
Zlife (OKTA-185988)
2018.38
New Application Integrations
SAML for the following Okta Verified application
-
Figma (OKTA-186594)
SWA for the following Okta Verified applications
-
Boardvantage Meetx/Director (OKTA-183845)
-
McMaster-Carr (OKTA-185177)
-
MyWave Connect (OKTA-183859)
-
Orgill (OKTA-185331)
-
RapidAPI (OKTA-185363)
-
Smallpdf (OKTA-184134)
2018.37
Application Updates
- The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
- 1Password Business: For configuration information, see Connect Okta to the 1Password SCIM bridge.
- Workplace by Facebook now supports Force Authentication. For more information see the Workplace by Facebook SAML setup instructions.
New Application Integrations
New SCIM integration application
The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:
- Databricks: For configuration information, see the Okta Databricks Configuration Guide.
SAML for the following Okta Verified applications
-
Avid Secure (OKTA-181718)
-
MyAcademy (OKTA-187155)
-
TopBox (OKTA-179620)
-
Workplace by Facebook (OKTA-185097)
SAML for the following Community Created application
-
Appsulate (OKTA-187156)
SWA for the following Okta Verified applications
-
Brandify (OKTA-183379)
-
G Adventures Sherpa Agency (OKTA-183941)
-
GAMMIS (OKTA-182914)
-
IBM Partner World (OKTA-182930)
-
MIBOR (OKTA-187007)
-
TechPortal (OKTA-182900)
-
Zerto: DRaaS Service Portal (OKTA-180711)
2018.36
Application Updates
- The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
- ScreenSteps: For configuration information, see ScreenSteps' Configuring SCIM with Okta.
- 15Five now supports the following Provisioning feature (in addition to the other provisioning features that it already supports):
- Group Push
Users who have set-up the 15Five integration and enabled Provisioning before August 27, 2018, must follow the steps detailed in the 15Five Configuration Guide if they want to use the new features.
New Application Integrations
New SCIM integration application
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:
- OpenEye Web Services: For configuration information, see OpenEye Web Services' Configuring Okta Provisioning
- Sharpr: For configuration information, see How to Configure Provisioning for Sharpr.
SAML for the following Okta Verified applications
-
Emburse (OKTA-185748)
-
TestingBot (OKTA-185998)
SWA for the following Okta Verified applications
-
Akamai Enterprise Application Access (OKTA-180151)
-
Creditntell (OKTA-180856)
-
Essendant Solutions Central (OKTA-181089)
-
Exact Online (OKTA-167861)
-
Pure Storage Partners (OKTA-180445)
-
Wombat Security Awareness (OKTA-182578)
Mobile application for use with Okta Mobility Management (OMM) (Android and iOS)
-
Zendesk (OKTA-181154)
2018.35
New Application Integrations
New SCIM integration application
The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:
- Meta Networks: For configuration information, see Meta Networks' How to Configure SCIM 2.0 For Meta Networks.
SAML for the following Okta Verified applications
-
DailyPay (OKTA-184138)
-
Fastly SAML (OKTA-184539)
-
Mimeo (OKTA-184146)
-
ProMaster (by Inlogik) (OKTA-184149)
-
Recruiterbox (OKTA-184536)
-
StatusHub Hub SAML (OKTA-180233)
-
TeamViewer (OKTA-183668)
SWA for the following Okta Verified applications
-
EveryoneSocial (OKTA-181223)
-
Hermes Investment Management: EOS (OKTA-179402)
-
IRMLS Indiana Regional MLS - Safemls (OKTA-181470)
-
NatureBridge (OKTA-183752)
-
Polygon (OKTA-183237)
2018.34
New Application Integrations
New SCIM integration application
The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:
- H5mag: For configuration information, see H5mag's Okta Single-Sign-On Integration Guide.
SAML for the following Okta Verified application
-
Content Insights (OKTA-168880)
SWA for the following Okta Verified applications
-
Adobe Enterprise (OKTA-178641)
-
Amazon Video Partner (OKTA-177266)
-
MassMutual Not-for-Profit Workplace Retirement (OKTA-178022)
-
Nuance (OKTA-180548)
-
Primeiro Pay (OKTA-181176)
2018.33
New Application Integrations
SAML for the following Okta Verified applications
- Dovetale (OKTA-183038)
- People.ai (OKTA-180849)
- Workteam (OKTA-182091)
SAML for the following Community Created application
- Imprima iRoom (OKTA-181903)
SWA for the following Okta Verified applications
- Apple Business Manager (OKTA-179326)
- Centrelink (OKTA-180192)
- Decision Lender (OKTA-179129)
- Emburse (OKTA-183553)
- Mobile Health Consumer, Inc.(OKTA-180025)
- MY TELE2 FOR BUSINESS (OKTA-178240)
- United Intranet (OKTA-179628)
2018.32
Application Updates
Fuze now supports the following Provisioning features (in addition to the other Provisioning features that it already supports):
- Importing Users
- Profile Mastering
Users who have set up the Fuze integration and enabled Provisioning before August 1, 2018, need to follow the migration steps detailed in the Fuze Configuration Guide if they want to use these new features.
New Application Integrations
New SCIM
The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:
- Amazon Chime: For configuration information, see Amazon Chime's Connect to Okta SSO instructions.
SAML for the following Okta Verified applications
- 4me (OKTA-180242)
- SendSafely (OKTA-180234)
SWA for the following Okta Verified applications
- AIA (OKTA-179070)
- AirVantage (OKTA-177125)
- Clearview (OKTA-179071)
- Fiscal Unattended Portal (OKTA-178318)
- Looker (OKTA-174927)
- LucidPress (OKTA-177037)
- Thycotic Force (OKTA-181148)
- Vyond: GoAnimate (OKTA-177036)
Mobile application for use with Okta Mobility Management (OMM) (Android and iOS)
- LinkedIn Learning (OKTA-177771)
2018.31 (combines app integrations from 2018.30 and 2018.31 releases)
Application Updates
Namely now supports the following Provisioning features (this is in addition to the Profile Master feature that it already supports):
- Create users
- Update user attributes
For users that have set-up the Namely integration and enabled Provisioning before July 23, 2018, they have to follow the migration steps detailed in the Namely Configuration Guide if they want to use the new features.
New Application Integrations
SAML for the following Okta Verified applications
-
Carbonite Endpoint Protection (OKTA-179619)
-
CipherCloud (OKTA-178258)
-
Omnilert (OKTA-178842)
SWA for the following Okta Verified applications
-
Air Canada Travel Agency (OKTA-176497)
-
Deep Social (OKTA-175548)
-
FastMail (OKTA-173347)
-
FPI Portfolio (OKTA-177374)
-
GTA Travel (OKTA-175171)
-
Health Wise Global (OKTA-175660)
-
IBM Partner World (OKTA-178902)
-
iTunes Podcasts Connect (OKTA-177007)
-
JumpCloud (OKTA-176802)
-
Pinnacle Financial Partners (OKTA-174891)
-
Profitstars (OKTA-179309)
-
Quick Base (OKTA-179540)
-
Revenue NSW (OKTA-179226)
-
SkyKick (OKTA-177199)
-
StiPP (OKTA-177420)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
Dialpad (OKTA-174331)
-
SwiftKey (OKTA-177039)
2018.29
Application Updates
The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
- ScaleFT: For configuration information, see ScaleFT's Okta SCIM Configuration Guide.
New Application Integrations
New SCIM
The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:
- Quick Base. For configuration information, see Configure Okta Provisioning for Quick Base.
SAML for the following Okta Verified applications
-
CloudSaver (OKTA-178376)
-
Fuel Cycle (OKTA-177763)
-
IMIchat (OKTA-172672)
-
Luminate Secure Access Cloud (OKTA-177980)
-
PitchBook (OKTA-178524)
-
Spoke (www.askspoke.com) (OKTA-176635)
-
Ultimo (OKTA-176636)
-
Symsys (OKTA-178538)
SWA for the following Okta Verified applications
-
FrameIO (OKTA-175531)
-
Grove (OKTA-176622)
-
GTA Travel (OKTA-175171)
-
My NS Business (OKTA-176453)
-
Track My Backflow (OKTA-175785)
-
Wire (OKTA-173345)
Mobile application for use with Okta Mobility Management (OMM) (Android and iOS)
-
Microsoft Dynamics CRM Online (OKTA-175795)
2018.28
Application Updates
The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
- ProsperWorks: For configuration information, see the ProsperWorks SCIM Setup Guide.
New Application Integrations
New SCIM
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:
- Telmediq: For configuration information, see the Telmediq Provisioning Guide.
- CGR Foundation: For configuration information, see Configuring SCIM2 with Okta.
SAML for the following Okta Verified applications
-
eFront (OKTA-176299)
-
Federated Directory (OKTA-177196)
-
Process Plan (OKTA-176823)
-
Torii (OKTA-176916)
2018.27 (combines app integrations from 2018.26 and 2018.27 releases)
Application Updates
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:
- ScaleFT: For configuration information, see ScaleFT's Okta SCIM Configuration Guide.
- ScreenSteps: For configuration information, see ScreenSteps' Configuring SCIM with Okta.
- ProsperWorks: For configuration information, see the ProsperWorks SCIM Setup Guide.
- Wrike: For configuration information, see Wrike & Okta: User Provisioning.
The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
- Robin: For configuration information, see Robin's SCIM provisioning using Okta's connector app.
- CloudRepo: For configuration information, see the OKTA and CloudRepo Integration Guide.
- Elements.cloud: For configuration information, see Elements.cloud's Configuring User Provisioning with OKTA.
- Comeet: For configuration information, see Comeet's Okta SSO integration instructions.
New Application Integrations
SAML for the following Okta Verified applications
-
Autotask Endpoint Backup (OKTA-175184)
-
Beneplace G3 (OKTA-173834)
-
Egress (OKTA-174618)
-
Forter (OKTA-174571)
-
getSayDo (OKTA-173822)
-
Mind Tools (OKTA-172557)
-
MockFlow (OKTA-170692)
-
ProsperWorks (OKTA-172832)
-
StatusHub (OKTA-174984)
-
Tiled (OKTA-173560)
SWA for the following Okta Verified applications
-
BeValuedUk (OKTA-175212)
-
Cylance Partner (OKTA-173385)
-
Explorer for ArcGIS (OKTA-166173)
-
MRI Software (OKTA-177190)
-
Symsys Selmore (OKTA-174360)
-
Telmediq (OKTA-177265)
2018.25
Application Updates
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:
-
Mavenlink: For configuration information, see the Mavenlink OKTA SCIM Application Configuration Guide.
-
Guru: For configuration information, see Guru's SCIM Configuration Guide.
-
Zoom: For configuration information, see Zoom's Okta Configuration Guide.
The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
-
LeanKit: For configuration information, see Configuring Provisioning for LeanKit.
We removed support for provisioning for the imeetcentral app.
New Application Integrations
SAML for the following Okta Verified applications
-
Nvoicepay (OKTA-172287)
-
Sigma (OKTA-174900)
-
TrackVia (OKTA-171562)
SWA for the following Okta Verified applications
-
Carrick Capital Partner (OKTA-173141)
-
Cisco (OKTA-173291)
2018.24
Application Updates
The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:
-
ScreenSteps. For configuration information, see Configuring SCIM with Okta.
We support SHA2 for the following integration:
-
Litmos (OKTA-169369)
New Application Integrations
SAML for the following Okta Verified applications
-
AppDynamics v4.5+ (with SAML Encryption) (OKTA-172601)
-
Mambu (OKTA-171083)
SWA for the following Okta Verified applications
-
Hippo CMMS (OKTA-173145)
-
TruQu (OKTA-172875)
2018.23
Application Updates
The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
-
Academy LMS by Praetorian Digital. For configuration information, see Configuring Provisioning for Academy LMS.
New Application Integrations
SAML for the following Okta Verified applications
-
Paladin (OKTA-172501)
-
Talkdesk (OKTA-170361)
SWA for the following Okta Verified applications
-
Cadence (OKTA-172519)
-
Guidewire Community (OKTA-171779)
-
Ipreo (OKTA-170892)
-
Mimecast Secure Messaging (OKTA-166261)
-
Portico Property Management (OKTA-171052)
-
Quadient Cloud (OKTA-166195)
-
SecureWorks (OKTA-172818)
-
WebAdvisor (OKTA-167409)
-
Wells Fargo (Commercial Electronic Office) (OKTA-172565)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
Namely (OKTA-171365)
-
VMware Horizon View VDI (OKTA-171494)
Mobile applications for use with Okta Mobility Management (OMM) (Android
-
Cadence (OKTA-171772)
2018.22
Application Updates
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:
-
1Password Business. For configuration information, see Automate provisioning with Okta in 1Password Business.
-
Comeet. For configuration information, see Comeet's Okta SSO integration instructions.
New Application Integrations
SAML for the following Okta Verified applications
-
Built.io Flow (OKTA-170655)
-
Collective Health Employer Portal (OKTA-170658)
-
FOSSA (OKTA-170095)
-
Guru (OKTA-170656)
-
iDeals VDR (OKTA-166918)
-
Korbyt (OKTA-171463)
-
Marvelapp (OKTA-170657)
-
OpenEye Web Services (OKTA-167710)
SWA for the following Okta Verified applications
-
1Password Business (OKTA-172516)
-
Amazon DE (OKTA-167431)
-
Benchmarking (OKTA-168838)
-
Dell Boomi (OKTA-171444)
-
DocsCorp Support (OKTA-168878)
-
Granite Group Advisors Education (OKTA-167734)
-
HP Channel Services Network (OKTA-170175)
-
HP Express Decision Portal (OKTA-166576)
-
IBM MaaS360 (OKTA-167146)
-
ITSupport247 (OKTA-167960)
-
Kronos: SaaShr Payroll (OKTA-169641)
-
LA Times (OKTA-166855)
-
Qlikid (OKTA-171593)
-
Rabobank Internetbankieren (OKTA-171384)
-
Rippe and Kingston LMS (OKTA-168601)
-
SAP Fiori Client (OKTA-170853)
-
ShowClix Organizer Login (OKTA-168649)
-
Spot.IM (OKTA-170306)
-
WebEx (Cisco) (OKTA-165568)
-
WorkFusion Forum (OKTA-168914)
-
xpenditure (OKTA-171605)
-
Yodeck (OKTA-170597)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
G Suite (OKTA-170627)
-
Palo Alto Networks - GlobalProtect (OKTA-170860)
-
Zoho One (OKTA-171114)
Mobile applications for use with Okta Mobility Management (OMM) (Android
-
Confluence On-Premise SAML (OKTA-168082)
2018.20
Application Updates
The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:
- Peakon. For configuration information, see Peakon's Set up user provisioning with Okta.
New Application Integrations
SAML for the following Okta Verified applications
-
LaunchDarkly (OKTA-169378)
-
Saleshood (OKTA-169149)
SWA for the following Okta Verified applications
-
EOLIS (OKTA-166337)
-
HP Partner First Portal (OKTA-166039)
-
HSB Connect (OKTA-167254)
-
Pandora (OKTA-162880)
-
Samsara (OKTA-166084)
2018.19
Application Updates
The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:
- Fuze. For configuration information, see the Fuze-Okta Provisioning Integration guide.
The following partner-built provisioning integration app is now available in the OIN as partner-built Okta Verified:
- Honey. For configuration information, see Honey's How To Configure SSO And User Provisioning Through Okta.
New Application Integrations
SAML for the following Okta Verified applications
-
BeyondTrust (OKTA-166383)
-
Fivetran (OKTA-168577)
-
SmartDraw (OKTA-168214)
SWA for the following Okta Verified applications
-
Collector (OKTA-168887)
-
Collector for ArcGIS (OKTA-166172)
-
ManageEngine ServiceDesk Plus (OKTA-164522)
-
Onfido (OKTA-168265)
-
Survey123 For ArcGIS (OKTA-166171)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
G Suite (OKTA-165929)
-
SAP Fiori Client (OKTA-166524)
Mobile application for use with Okta Mobility Management (OMM) (Android)
-
OrgWiki (OKTA-166365)
2018.18
Application Updates
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:
-
8x8. For configuration information see the 8x8 SCIM Configuration Guide.
-
Zinc. For configuration information see Zinc's Setting up AD Sync with OKTA documentation.
New Application Integrations
SAML for the following Okta Verified applications
-
Amazon Web Services Redshift (OKTA-165274)
-
Duo Admin Panel (encrypted assertions) (OKTA-167692)
-
Enplug (OKTA-166192)
-
Everlaw (OKTA-167870)
-
SecurityCompass (OKTA-164352)
-
Verkada (OKTA-167421)
-
Xton Access Manager (OKTA-167253)
-
Yodeck (OKTA-166898)
SWA for the following Okta Verified applications
-
Amadeus Selling Platform Connect (OKTA-164289)
-
Amazon JP (OKTA-165793)
-
Braze (OKTA-165681)
-
Cognito Forms (OKTA-165816)
-
Fiserv ServicePoint (OKTA-164827)
-
MasterControl (OKTA-164742)
-
Mercado Pago Chile (OKTA-164690)
-
MileIq (OKTA-166676)
-
Percipio (OKTA-164973)
-
Stampli (OKTA-166043)
-
StormWind Studios (OKTA-163355)
-
The Library (OKTA-165278)
-
Trafalgar (OKTA-164559)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
Condeco Desk Booking v2 (OKTA-165976)
-
InFlight Mobile (OKTA-165974)
-
InVironMobile (OKTA-165975)
-
INX (OKTA-165973)
-
ProsperWorks (OKTA-165092)
2018.17 (combines app integrations from 2018.16 and 2018.17 releases)
Application Updates
The following partner-built provisioning integration apps are now available in the OIN as Okta Verified:
- Dialpad. For configuration details, see the Dialpad Okta SAML & SCIM Configuration Guide.
- Vivantio ITSM. For configuration details, see the Vivantio ITSM Okta Provisioning Guide.
New Application Integrations
SAML for the following Okta Verified applications
-
Braze (OKTA-164730)
-
EZRentOut (OKTA-165985)
-
Peakon (OKTA-164574)
-
Podbean (OKTA-165001)
-
ReadCube (OKTA-165511)
-
ScreenSteps (OKTA-166666)
-
Shareworks (OKTA-166193)
-
Visual Paradigm Online (OKTA-164575)
-
Ziflow (OKTA-165510)
SWA for the following Okta Verified applications
-
Columbia Bank: Columbia Connect Login (OKTA-164598)
-
DemandCaster (OKTA-162686)
-
eNett (OKTA-161969)
-
Helpshift (OKTA-164347)
-
Meditta Customer Portal (OKTA-164125)
-
Mood Mix (OKTA-163389)
-
MT Bank: Web InfoPLUS Login (OKTA-163923)
-
Registro.br (OKTA-163594)
-
The Alabama Department of Revenue Motor Vehicle Division (OKTA-164095)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
Dialpad (OKTA-162928)
-
Sequr (OKTA-165140)
2018.15
New Application Integrations
SAML for the following Okta Verified applications
-
CGR Foundation (OKTA-163834)
-
SimpleLegal (OKTA-162488)
-
TradeShift (OKTA-163383)
SAML for the following Community Created application
-
ArcGIS Online (OKTA-163206)
SWA for the following Okta Verified applications
-
Alacriti: OrbiPay Payments (OKTA-162622)
-
Ascensus (OKTA-158493)
-
Bendigo Bank (OKTA-162125)
-
Boxed (OKTA-161706)
-
Colorado CDOT Maps (OKTA-162497)
-
Join Handshake (OKTA-162160)
-
Okta Ice: Gourmet Ice Cream (OKTA-163277)
2018.14
Application Updates
The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:
- Vivantio ITSM. For configuration details, see the Vivantio Okta Provisioning Configuration Guide.
New Application Integrations
SAML for the following Okta Verified applications
-
Givitas (OKTA-163560)
-
SSOGEN (OKTA-163382)
-
Zoom (OKTA-161971)
SAML for the following Community Created application
-
Appsulate (OKTA-162836)
SWA for the following Okta Verified applications
-
Aurilo (OKTA-160566)
-
CBS Helpdesk (OKTA-161425)
-
Creditsafe (OKTA-163255)
-
ESET: License Administrator (OKTA-157798)
-
FamilySearch (OKTA-160772)
-
MYOB Essentials (OKTA-160212)
-
Northpass (OKTA-161830)
-
StatusHub (OKTA-161879)
-
WEXOnline Client Login (OKTA-161332)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
Impraise SAML (OKTA-163703)
-
Nexus Payables (OKTA-162012)
2018.13
New Application Integrations
SAML for the following Okta Verified applications
-
IrisPR (OKTA-161401)
-
LCVista (OKTA-161816)
-
LeanKit (OKTA-161594)
-
LeaseEagle (OKTA-161705)
SWA for the following Okta Verified applications
-
AccessNS (OKTA-161378)
-
AirTriQ (OKTA-159849)
-
Circulation (OKTA-160516)
-
EduServices (OKTA-163277)
-
Fido SSP (OKTA-159156)
-
Go365 (OKTA-160329)
-
Kaseya Virtual System Administrator (OKTA-160565)
-
Kids A-Z Kids Login (OKTA-160556)
-
LumApps (OKTA-160612)
-
Veritas Support (OKTA-160843)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
G Suite (OKTA-160751)
Mobile applications for use with Okta Mobility Management (OMM) (Only iOS)
-
VTS (OKTA-161423)
2018.12
New Partner-Built Provisioning apps
The following partner-built provisioning integration apps are now available in the OIN as Okta Verified:
- Hootsuite. For configuration details, see the Hootsuite Okta SCIM Configuration Guide.
- MyPolicies. For configuration details, see the MyPolicies + Okta SCIM Employee Provisioning guide.
- Lumpy. For configuration details, see the Okta + Lumity: SCIM Provisioning guide.
- Teamable: For configuration details, see the Configuring provisioning for Teamable guide.
The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:
- Airtable. For configuration details, see Airtable's Okta provisioning configuration options guide.
- Appenate. For configuration details, see the Appenate Configuration Guide (note you will need to login to Appenate for access to this doc).
- Atipicia. For configuration details, see Atipicia's Okta user provisioning integration guide.
- Biztera. For configuration details, see Biztera's Configuring Okta Provisioning guide.
- Dialpad. For configuration details, see DIALPAD + OKTA | SAML & SCIM INSTRUCTIONS.
- ProLease. For configuration details, see the ProLease SCIM Setup Guide.
- StarLeaf. For configuration details, see the Starleaf Okta Integration.
- Twebcast. For configuration details, see Setup user provisioning for Twebcast with Okta.
- Vable. For configuration details, see OKTA users provisioning for Vable platform.
- DocSend. For configuration details, see DocSend's Okta SCIM Integration.
- Kudos. For configuration details, see the Kudos Okta SCIM 1.1 configuration guide.
- LearnCore. For configuration details, see LearnCore's SCIM Integration Documentation.
- SchoolKeep. For configuration details, see SchoolKeep's Configuring Okta Provisioning.
- Sequr. For configuration details, see the Sequr + Okta : Employee Provisioning Integration guide.
- Velpic. For configuration details, see Configuring the Velpic App from the OKTA Application Network for SCIM.
- Workboard. For configuration details, see Configuring Provisioning for Workboard.
- Zugata. For configuration details, see Zugata's Sync Users with Okta - SCIM.
- Expensify. For configuration details, see Expensify's Deactivating users with Okta guide.
- ClearStory. For configuration details, see ClearStory's Okta User Provisioning guide.Or Provision
- Cloud Repo. For configuration details, see the OKTA and CloudRepo Integration Guide
- Civis Platform. For configuration details, see Configuring Provisioning for Civis Platform
- Rollbar. For configuration details, see the Rollbar's Okta Configuration guide.
New Application Integrations
SAML for the following Okta Verified applications
-
Duo Admin Panel (OKTA-157272)
-
Supermood (OKTA-161747)
-
T&E Express (OKTA-161402)
-
TalentWall (OKTA-161809)
SWA for the following Okta Verified applications
-
Allinial Global (OKTA-159690)
-
AnswerForce (OKTA-159091)
-
InstaMed Online for Providers (OKTA-159927)
-
Jive (OKTA-158828)
-
Lucky Mobile OneView (OKTA-159151)
-
OpenX Community (OKTA-159626)
-
Rogers SSP (OKTA-159155)
-
Update OIN App (OKTA-162277)
-
Virgin Mobile OneView (OKTA-159150)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
Impraise (OKTA-160452)
-
Microsoft Flow (OKTA-158687)
-
Microsoft Planner (OKTA-158691)
-
Microsoft Power BI (OKTA-158690)
-
Microsoft StaffHub (OKTA-158688)
-
Microsoft Sway (OKTA-158686)
-
Microsoft Visio Viewer (OKTA-158846)
-
Names & Faces (OKTA-160449)
-
Office 365 Message Encryption Viewer (OKTA-158847)
-
Office Delve (OKTA-158685)
2018.11
New Application Integrations
SAML for the following Okta Verified applications
-
iLobby (OKTA-160231)
-
PROLEAZ (OKTA-159605)
-
Samepage (OKTA-159604)
-
Sonar (OKTA-160236)
SWA for the following Okta Verified applications
-
InstartLogic (OKTA-159557)
-
iNSYNQ (OKTA-156377)
-
San Diego Tribune (OKTA-158974)
2018.10
New Application Integrations
SAML for the following Okta Verified applications
-
Bersin (OKTA-158347)
-
CA Technologies Continuous Delivery Director (OKTA-159230)
-
TeamViewer (OKTA-158486)
SWA for the following Okta Verified applications
-
Comcast Business (OKTA-158584)
-
First Republic Bank: Corporate Online Sign In (OKTA-158497)
-
First Tennessee Digital Banking (OKTA-157454)
-
Oakland Public Library Catalog (OKTA-158490)
-
Twenty20 Stock (OKTA-158185)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
Nine (OKTA-158954)
-
Sonos (OKTA-158254)
2018.09 (combines app integrations from 2018.09 and 2018.08 releases)
Application Integration Updates
- Provisioning is enabled for the Teamable Partner-Built application (OKTA-159394). For details, see the Teamable Provisioning Configuration Guide for details.
- Provisioning is enabled for the Lumity Partner-Built application (OKTA-159171). For details, see the Lumity Provisioning Configuration Guide for details
New Application Integrations
SAML for the following Okta Verified applications
-
AlertOps (OKTA-158941)
-
Atiim (OKTA-156758)
-
Honey (OKTA-159100)
-
Oktopost (OKTA-158746)
-
PathSavvy (OKTA-159590)
-
Sapling (OKTA-157436)
-
Templafy (OKTA-158476)
-
TextExpander (OKTA-154028)
-
TraceGains (OKTA-157106)
SWA for the following Okta Verified applications
-
AppNexus: Customer Support Portal (OKTA-158053)
-
Associated Bank (OKTA-157218)
-
Bizequity (OKTA-158244)
-
ECP (OKTA-155556)
-
Guidewire Live (OKTA-157445)
-
Humana Military (OKTA-158412)
-
ISOnet (OKTA-158232)
-
Jetstar AgentHub (OKTA-156973)
-
Parker: PHconnect Login (OKTA-158386)
-
Quay (OKTA-156972)
-
VocabularySpellingCity (OKTA-157236)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
Microsoft Dynamics CRM Online (OKTA-157274)
-
OpenVPN Connect (OKTA-157442)
-
Pocket (OKTA-157815)
-
Virtru (Google Login) (OKTA-157353)
2018.07
New Application Integrations
SAML for the following Okta Verified applications
-
CultureHQ (OKTA-156714)
-
Databook (OKTA-157722)
-
InstaCheckin (OKTA-157452)
-
PlanGrid (OKTA-156180)
SWA for the following Okta Verified applications
-
Burgiss: Cash Management (OKTA-154713)
-
DataServ (OKTA-157609)
2018.06
Application Integration Updates
The following new partner built provisioning integrations are are now available in the OIN:
-
Air table: See the Airtable Okta Configuration Guide for details.
-
Appenate: See the Appenate Okta Configuration Guide for details. Note: You need a Appenate account to access this documentation.
-
Atipicia: See the Atipica SCIM Configuration Guide for details.
-
BHS: See the BHS Provisioning Configuration Guide for details.
-
Biztera: See the Biztera Okta Provisioning Configuration Guide for details.
-
Dialed: See the Dialpad and Okta: SAML and SCIM Instructions for details.
-
ProLease: See the ProLease SCIM Setup Guide for details.
-
StarLeaf: See the StarLeaf Okta Configuration Guide for details.
-
Webcast: See the Webcast SCIM Guide for details.
-
DocSend: See the DocSend Okta SCIM Integration Guide for details.
-
Kudos: See Configuring Provisioning for Kudos for details. Link TBD
-
LearnCore: See LearnCore Okta SCIM Integration Documentation for details.
-
SchoolKeep: See Configuring Okta Provisioning for details.
-
Sequa: See Sequa and Okta: Employee Provisioning Integration for details.
-
Velpic: See Configuring the Velpic App from the OKTA Application Network for SCIM for details.
-
Workboard: See Configuring Provisioning for Workboard for details.
New Application Integrations
SAML for the following Okta Verified applications
-
R and D Manage (OKTA-156454)
-
Sharpr (OKTA-156588)
-
Stackla (OKTA-156474)
SWA for the following Okta Verified applications
-
ABN AMRO (OKTA-156308)
-
Everest 7.0 (OKTA-155695)
-
Express VPN: Affiliates (OKTA-156499)
-
Instapage (OKTA-156197)
-
OUI.sncf (OKTA-156191)
-
Phone2Action (OKTA-156595)
-
Sling TV (OKTA-156708)
-
State of Wisconsin DWD: Insurer Reports (OKTA-152447)
-
WordPress.com (OKTA-156182)
2018.05 (combines app integrations from 2018.04 and 2018.05 releases)
New Application Integrations
SAML for the following Okta Verified applications
-
Civis Platform (OKTA-155135)
-
ContractWorks (OKTA-153656)
-
Givitas (OKTA-155684)
-
Iggy (OKTA-155258)
-
ITProTV (OKTA-155248)
-
Pritunl (OKTA-154499)
-
PurchaseControl (OKTA-152586)
-
Supermood (OKTA-148675)
-
Wordpress by MiniOrange (OKTA-151125)
SWA for the following Okta Verified applications
-
BootcampSpot v2 (OKTA-153220)
-
Crimson Hexagon (OKTA-155976)
-
Delivery Slip (OKTA-155537)
-
EverBank (OKTA-152736)
-
Franklin Synergy Bank (OKTA-152727)
-
Haaretz (OKTA-154551)
-
Leaseplan FleetReporting NL (OKTA-152941)
-
LinkPoint Connect Cloud Edition (OKTA-155230)
-
MassBio (OKTA-155241)
-
Milestone XProtect Smart Client (OKTA-153239)
-
Rapt Brand Fonts (OKTA-152869)
-
ReadyRefresh (OKTA-154418)
-
Salesgenie (OKTA-155096)
-
TPG (OKTA-154455)
-
Vertafore Agency Platform (OKTA-153643)
-
XpertHR (OKTA-155946)
-
Zoho Wiki (OKTA-154570)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
Gboard (OKTA-154398)
-
NMBRS (OKTA-154804)
2018.03
New Application Integrations
SAML for the following Okta Verified application
-
Arxspan (OKTA-154479)
SWA for the following Okta Verified applications
-
Booking (OKTA-153126)
-
FHA Connection (OKTA-153897)
-
United Fire Group (OKTA-151261)
-
Wayfair (OKTA-152399)
Mobile application for use with Okta Mobility Management (OMM) (Android and iOS)
-
Expensewatch (OKTA-154005)
2018.02 (combines app integrations from 2018.01 and 2018.02 releases)
New Application Integrations
SAML for the following Okta Verified applications
-
Plex Apps (OKTA-153104)
-
Spoke (OKTA-153512)
-
Trustwave SWG Cloud (OKTA-153108)
-
Zoho One (OKTA-153517)
SWA for the following Okta Verified applications
-
Addepar (OKTA-151872)
-
Adobe Stock (OKTA-152449)
-
ANZ Internet Banking Australia (OKTA-152515)
-
Ascensus (OKTA-151756)
-
CAI: Capital (OKTA-152732)
-
Carval: User Portal (OKTA-149880)
-
Health Plans (OKTA-153613)
-
Indiana Association of Realtors (OKTA-152450)
-
Instant Payroll (OKTA-152081)
-
Intuit Developer (OKTA-151109)
-
Kentik (OKTA-152102)
-
MIBOR (OKTA-143980)
-
MyShaw (OKTA-149352)
-
SAFE Credit Union (OKTA-152425)
-
UFG Agent (OKTA-151261)
-
VIA Rail (OKTA-152013)
-
Visionplanner (OKTA-152186)
Mobile application for use with Okta Mobility Management (OMM) (Android)
-
Astea (OKTA-152017)
Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)
-
Moo.do (OKTA-152690)
-
Square (OKTA-152355)
-
UltiPro (OKTA-151970)
2018 Bug Fixes
2018.48 Bug fixes (combines 2018.47 and 2018.48)
- OKTA-168628 – Self assignment of a Federation Broker Mode app failed without any error message to the user.
- OKTA-187446 – The error message when adding an empty dynamic zone contained minor grammatical mistakes.
- OKTA-188556 – The Android for Work app appeared on Okta end user dashboard even though the app was configured in the Okta Admin console not to display.
- OKTA-189358 – Two Authentication of user via MFA and Evaluation of sign-on policy events were generated in the System Log for each user login.
- OKTA-189803 – When configuring policy assignment for Factor Enrollment, Sign-On, and Password policies, Group searches did not return more than 10 results.
- OKTA-191151 – Norwegian translations in Okta plugin had minor inconsistencies.
- OKTA-192504 – AD-mastered users were able to edit the Secondary Email attribute even when it was set to Read-Only.
- OKTA-193456 – Some Sign-On policies using a behavior rule did not display the correctly used rule in the System Log event.
- OKTA-193955 – User Profile labels were sometimes displayed in languages other than English when an admin tried to view the profile.
- OKTA-194153 – The UTF-8 encoding of the SCIM Server URL in the SCIM App Template was not RFC compliant.
- OKTA-194195 – When all MFA factors in an app Sign-On policy were set to optional, a new user after successfully enrolling in a factor was redirected to the app instead of the enrollment page to enroll in multiple MFA factors.
- OKTA-195093 –If an app had more than 20 instances that appeared above the option to select All <app name> Instances, it was not possible to select that option.
- OKTA-195582 – The interstitial page had an invalid HTML.
- OKTA-195906 – Saving custom email templates for MFA Factor Enrollment and MFA Factor Reset did not display an error when one or more required fields were missing.
- OKTA-197175 – Self service registration error messages displayed in the sign-in widget were not correctly localized.
- OKTA-197256 – The French translation of registration.error.minLength was incorrect.
2018.48 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Amplitude (OKTA-197221)
-
AvaTax Admin Console (OKTA-196830)
-
Benelogic (OKTA-197354)
-
ChannelAdvisor Forum (OKTA-196813)
-
Circulation (OKTA-196990)
-
DNSPod (OKTA-196832)
-
EVA Air (OKTA-197596)
-
Lynda.com (OKTA-196839)
-
National Car Rental (OKTA-73276)
-
Okta Org2Org (OKTA-197198)
-
Salesforce: Marketing Cloud (OKTA-196079)
-
SAM.gov (OKTA-197595)
-
Seek (AU) - Employer (OKTA-196831)
-
Swiftype (OKTA-197936)
-
viewfinity (OKTA-197594)
2018.46 Bug fixes
- OKTA-187113 – Emails sent to test a custom email template incorrectly used the default template instead.
- OKTA-188863 – After modifying metadata for a SAML app, URL metadata for the new Identity Provider Certificate in the SAML Setup instructions for the app was not updated.
- OKTA-190755 – On some Windows machines, attempts to open a document through Microsoft SharePoint failed with the error message: This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.
- OKTA-191466 – For orgs that had configured and enabled iOS Device Trust, users on Okta Mobile on iOS accessing a SAML application (with ForceAuthn flag enabled ) were not able to complete the flow.
- OKTA-192955 – In some cases, when the Application Username Format was changed for an app on the Sign On tab, the username did not update accordingly in the app.
-
OKTA-197844H - In some cases, user imports failed with a Resource not found error.
- OKTA-197850H - App icons did not load in Okta Plugin for Google Chrome when the CDN was disabled.
2018.46 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Carta (OKTA-195136)
-
CBT Nuggets (OKTA-194884)
-
CH Robinson Navisphere 2.0 (OKTA-193943)
-
eDataSource (OKTA-192665)
-
General Motors GlobalConnect (OKTA-196112)
-
IBM Workspace (OKTA-194887)
-
Inspectlet (OKTA-196109)
-
MassMutual Retirement Access (OKTA-194881)
-
MidFirst Bank iManage Personal Banking (OKTA-194622)
-
Olapic (OKTA-196110)
-
PaloAlto Networks Support (OKTA-196076)
-
Rackspace Admin Control Panel (OKTA-194888)
-
Rubicon Project (OKTA-196217)
-
Safeware (OKTA-194880)
-
SonicWall (OKTA-195177)
-
UPS CampusShip (OKTA-194141)
-
Walmart (OKTA-196204)
2018.45 Bug fixes
- OKTA-150759 – System Log events for the iOS Device Trust did not display CredentialType value.
- OKTA-182989 – Admins could access the deprecated System Log V1 UI by directly pasting the URL in the browser.
- OKTA-191057 – Temporary passwords generated by an admin password reset included hard-to-distinguish characters that could be confusing to users.
- OKTA-189249 – IdP Discovery rule with a Sharepoint On-Premise app condition was not routing properly on SP-initiated login flows.
- OKTA-189512 – Mobile admins did not receive an email notification if a user was deprovisioned from Android For Work or Google apps.
- OKTA-192009 – Enrolling in Okta Verify using SMS on mobile devices resulted in a message Okta Verify Not Detected instead of a message to open the app or to download the app from the relevant app store.
- OKTA-194096 – The MFA Usage report incorrectly listed Okta Verify as an enrolled factor for a user even when the factor was reset and was no longer enrolled for the user.
- OKTA-194735 – The Device Trust message displayed while adding an app sign-on rule did not reflect correct platform names.
- OKTA-194899 – The set of roles allowed access to system log information by the [Events API](/docs/api/resources/events) did not match the set of roles allowed access by the [System Log API](/docs/api/resources/system_log).
2018.45 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
CGarchitect (OKTA-194273)
-
Check Point (OKTA-194916)
-
Google AdWords (OKTA-195109)
-
IBM Partner World (OKTA-194275)
-
Intouch Tech Data (OKTA-194276)
-
Leaseplan FleetReporting NL (OKTA-194272)
-
Santander (OKTA-194277)
-
ShowingTime (OKTA-194896)
The following SAML apps was not working correctly and is now fixed
-
FCm Travel Solutions Client Portal (OKTA-195584)
2018.44 Bug fixes (combines 2018.43 and 2018.44)
- OKTA-141857 – Some SAML Capable Apps reports incorrectly prompted to convert the app to SAML, even when the app was already using SAML 1.1 or SAML 2.0.
- OKTA-151933 – A race condition caused Group Push Mappings to be re-associated with a deleted Group Push Mapping Rule. This caused the mappings to be hidden from the Group Push UI and prevented changes to Group Push Mappings in case modifications are needed to address failures.
- OKTA-165757 – Changed user attributes in Active Directory sometimes were not properly updated in Okta.
- OKTA-168628 – Self service was not disabled for an implicit app instance, resulting in an error in the logs.
- OKTA-179336 – App Embed Link in the General tab of the Application page was greyed out in Firefox browsers and could not be copied.
- OKTA-182143 – Save and Add Another group in the Group Push UI did not work the first time.
- OKTA-184312 – API integration for a SCIM app failed when the app had no users.
- OKTA-185043 – Custom Authorization Server dialog was too large and hid the Add button when more than 30 clients were added to access policies at a time.
- OKTA-186068 – When looking up System Log entries for a six-month period, an incorrect date error was displayed even when the selected From date was six months away from the To date.
- OKTA-188600 – In some cases, when app provisioning failed, retrying tasks either in bulk or individually on the Task page failed.
- OKTA-190204 – When the MFA for admins feature was enabled, upon signing into support.okta.com, admins were redirected to the Okta admin console instead of support.okta.com.
- OKTA-190313 – In some cases, end users signing into Okta using Integrated Windows Authentication were displayed an incomplete technical contact email address.
- OKTA-190610 – When the MFA for admins feature was enabled and a sign-on policy prevented admins from signing in to Okta, admins configured to be allowed temporary access were still locked out.
- OKTA-191811, OKTA-194143 – When specifying a regex for user matches in an IdP discovery routing rule, the following error was returned: We found some errors. Please review the form and make corrections.
- OKTA-193127 – Running Application Usage reports sometimes failed with a timeout error.
- OKTA-193871 – Pushing the Exchange ActiveSync mail profile to OMM-managed iOS devices failed for AD-mastered users in orgs with Delegated Authentication configured.
- OKTA-194116 – A PUT call did not remove the postalAddress value from the user profile as expected.
- OKTA-194502 – In the System Log, the client IP address displayed did not correctly match the client geo-location when the Dynamic Zones feature is enabled.
- OKTA-194909 – Provisioning a user to Office 365 through User Sync or Universal Sync failed with the error: Got exception Unable to create the DirSync response object ProvisionResponse.
- OKTA-196801H - Attempt to match an imported user to an existing Okta user using the option "Existing Okta user I specify" did not retrieve the desired account even when it existed in Okta.
- OKTA-196665H - Attempt to edit an inactive group rule returned an internal server error.
- OKTA-196612H - Some end users signing into Okta received password hints in another language even when the display language was English.
2018.44 App Integration Fixes (combines 2018.43 and 2018.44)
The following SWA apps were not working correctly and are now fixed
-
ADP Payline (AU) (OKTA-192607)
-
AliMed (OKTA-192595)
-
Amazon Marketing Services (AMS) (OKTA-194123)
-
Blue Sky Factory (OKTA-192127)
-
Cisco (OKTA-188488)
-
Google Analytics (OKTA-192899)
-
Google Data Studio (OKTA-192135)
-
IBM Cloud (OKTA-192612)
-
Jell (OKTA-192132)
-
LumApps (OKTA-187691)
-
MyCitrix (OKTA-193111)
-
Norex (OKTA-192594)
-
Ravti (OKTA-190349)
-
Salesforce - Marketing Cloud (OKTA-194482)
-
SignNow (OKTA-190434)
2018.42 Bug fixes
- OKTA-151397 – Group admins were erroneously able to view users who were outside the Active Directory groups being managed by them.
- OKTA-174550 – The incorrect password error message displayed for AD-mastered users and Okta-mastered users was inconsistent.
- OKTA-175568 – Messages that were sent to devices using the Factors API sometimes returned a 500 error if the message could not be sent.
- OKTA-176446 – Attempts to complete new user activation using JIT failed for users in a state of Pending Activation.
- OKTA-183303 – The Managed column on the Group Assignment page incorrectly appeared to be sortable/clickable.
- OKTA-184763 – Workday to Okta imports failed for users with Organizations that had a null Organization_Type_Reference.
- OKTA-187876 – Yubikey reports that included deleted users were not fully viewable, and displayed the following error message: Error, Service is in Read Only Mode.
- OKTA-189519 – In rare cases, a custom domain could not be removed using the Restore to Default link.
- OKTA-191750 – When setting up Admin Email Notifications, changing the Notification Preferences For dropdown option from Global Enablement to My Preference failed.
2018.42 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
- A Cloud Guru (OKTA-187786)
- ADP Workforce Now (Employee) (OKTA-191089)
- Amazon Marketing Services (AMS) (OKTA-192124)
- Backblaze (OKTA-191414)
- Dun & Bradstreet (OKTA-189723)
- Fusebill (OKTA-189915)
- Instagram (OKTA-192593)
- MURAL (OKTA-192126)
- StatusCake (OKTA-192416)
- TravelCube Pacific (OKTA-190067)
- Zerto: DRaaS Service Portal (OKTA-189985)
The following SAML app was not working correctly and is now fixed
- Atlassian Cloud (OKTA-188779)
2018.41 Bug fixes
- OKTA-183216 – When a device enrollment operation failed, the error message was incorrect.
- OKTA-186779 – For the AWS app, credentials verification failed when adding multiple accounts IDs belonging to China AWS region.
- OKTA-188601 – When a user account was deactivated in a provisioned app then imported to Okta and then to AD, the user account was not deprovisioned as expected.
- OKTA- 191753 – System Log query parameters prior to the allowed time range returned an unknown error (HTTP status code 500).
2018.41 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Akamai Enterprise Application Access (OKTA-187781)
-
Cisco (OKTA-188488)
-
Cisco Partner Login (OKTA-188281)
-
Integral Ad Science (OKTA-189258)
-
Juice (OKTA-187782)
-
Mapbox (OKTA-188752)
-
MURAL (OKTA-189084)
-
Pingdom (OKTA-190166)
-
PleaseReview (OKTA-187779)
-
Tumblr (OKTA-189894)
-
Verizon Wireless Business (OKTA-189357)
The following SAML app was not working correctly and is now fixed
-
Saba (OKTA-164211)
2018.40 Bug fixes
- OKTA-178657 – When multiple attempts were simultaneously made to update a user's phone number for SMS or voice factors, the user was unable to enroll the phone number.
- OKTA-181134 – For Dropbox for Business app, group memberships were not imported while importing users and groups.
- OKTA-182512 – Okta was incorrectly pushing to the SCIM app memberships for users who were not previously provisioned to the app.
- OKTA-182770 – On updating Jira apps on Atlassian Cloud, the API rate limit of Atlassian often prevented pushing groups from Okta to Atlassian.
- OKTA-185451 – When an app admin with permission to administer a specific app attempted to save the app settings using the API Endpoint {{url}}/api/v1/apps/{{AppID}} failed with an insufficient permissions error message.
- OKTA-185620 – The Microsoft Forms app integration on the enduser dashboard did not log in the user automatically when the sign on mode was SWA.
- OKTA-190057 – If Device Trust certificate issuance, enrollment, or renewal failed while the Okta service was in Read Only mode, the failure was not logged in the System Log.
2018.40 App Integration Fixes
The following SWA apps were not working correctly and are now fixed:
-
Datadog (OKTA-185125)
-
Glassdoor (OKTA-189125)
-
Prezi (OKTA-188694)
-
Salesforce: Marketing Cloud (OKTA-189073)
-
Ascensus: Partner Login (OKTA-184944)
2018.39 Bug Fixes
- OKTA-124052 – Profile sync from Okta to third-party apps failed instead of ignoring users not already provisioned to the third-party app.
- OKTA-180603 – The Variable Name for enumerated attributes was not displayed in the user profile.
- OKTA-182976 – Admins could not see all Microsoft Office 365 apps assigned to a user when previewing the end user Dashboard on the Customization page.
- OKTA-184730 – When setting up AWS GovCloud with multiple accounts, testing the API credentials or saving provisioning configuration failed with an invalid client token ID error.
- OKTA-188112 – When multiple attempts were simultaneously made to update a user's phone number for SMS or voice, an HTTP 500 error occurred intermittently.
- OKTA-188212 – Links to Device Trust version history documents on the Settings > Downloads page were broken.
- OKTA-188697 – The Norwegian language was listed as Bokmål instead of Norsk Bokmål in the Display Language options.
- OKTA-188880 – Admins could not change the username format for OIDC apps in the Profile Mappings editor.
- OKTA-189139 – In some Preview orgs, Symantec VIP settings were not displayed in Internet Explorer 10 and 11 when configuring the factor for MFA.
2018.39 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
ADP Portal (Admin) (OKTA-188716)
-
Comcast Business (OKTA-188339)
-
eWallet ADP (OKTA-188414)
-
OneSignal (OKTA-188704)
-
Visionplanner (OKTA-188355)
-
VMware Partner Network (OKTA-188299)
-
Wrike (OKTA-188554)
2018.38 Bug Fixes
- OKTA-167649 – When configuring an LDAP instance, the text description of when to use the User Attribute field was not clear.
- OKTA-175504 – Kosovo was missing from the Country dropdown list when setting up a phone number for MFA.
- OKTA-179460 – In the Org2Org app, when a user was not activated in the target system, pushing user updates failed.
- OKTA-180472 – The System Log displayed duplicate entries to Org admins for enrolling and auto-activating MFA factors.
- OKTA-181897 – The error message on the Add Person pop-up was not descriptive enough.
- OKTA-184400 – The Activation email link failed for imported AD users, displaying an error message about a non-existent security question.
- OKTA-184613 – When the App admin was assigned an app that included the "|" character in its name, app search did not work.
- OKTA-184982 – The Multifactor page displayed UI elements such as the Edit button to Read Only admins.
- OKTA-185195 – SP-initiated logins for SAML 2.0 apps were not logged in the System Log when access was denied by an App Sign On policy.
- OKTA-185215 – For self service registration, password policy descriptions and error messages were not localized correctly, and defaulted to English.
- OKTA-186200 – Help Desk and Read Only admins received a blank pop-up screen when trying to activate or deactivate an MFA factor type on the Multifactor page.
- OKTA-186269 – The RSA SecurID username format dropdown did not display AD-related options.
- OKTA-186780 – The Reset Password page did not accept some usernames that were not in email format.
- OKTA-187597 – The Feedback button on the admin dashboard directed users to a wrong path.
- OKTA-187720 – If a company name contained the "&" character, the name was only displayed up to the "&" character on the New Account Registration page.
- OKTA-187875 – The download buttons on the Download page were inactive for some admins during maintenance.
2018.38 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Dealer Daily Lexus (OKTA-188063)
-
IRMLS Indiana Regional MLS - Safemls (OKTA-186105)
-
Procore (OKTA-187722)
2018.37 Bug Fixes
- OKTA-172556 – Technical Contact on the Account Pending Activation page did not appear when staged users tried to log in to Okta.
-
OKTA-185863H – After CLOUD_DESKTOP_SSO was enabled, in certain situations the Allowed Network Zone list in the admin UI was duplicated multiple times. Once the list became too large, IWA began to fail and users were prompted to login.
- OKTA-185863 – Users could not enroll their phone number for Self Service as they were prompted with the error message "Password or factor verification has expired" even when the session was just created.
- OKTA-186848 – Okta Verify push notifications were not displayed immediately on Android devices when the device screen was turned off.
- OKTA-187067 – Subscribed admins did not receive the deactivation email when a user with assigned apps was deactivated through the Okta Admin UI.
-
OKTA-187726H – externalName and externalNamespace fields were missing from the Add Profile Attribute dialog for OIN SCIM apps.
2018.37 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Cisco WebEx Meeting Center (OKTA-185731)
-
D2L (OKTA-184842)
-
DeltaSkymiles (OKTA-185635)
-
Kamer van Koophandel (OKTA-187153)
-
Moodlerooms (OKTA-186579)
-
mySonitrol (OKTA-185824)
-
myATT (OKTA-185885)
2018.36 Bug Fixes
- OKTA-83725 – The Zendesk app removed the admin role of an admin user required for Zendesk API access.
- OKTA-166236– The Sign In page did not render properly when the user agent was empty.
- OKTA-173065 – On the admin dashboard, the warning dialog displayed active buttons to Read-only admins.
- OKTA-175981 – API Token link reference for the On-Prem MFA Agent was linking to /admin/access/rsa-securid page instead of /admin/access/on-prem page.
- OKTA-181650 – Deprovisioning users from the Workplace by Facebook app failed due to an API rescheduling error if the user's manager could not be imported from AD.
- OKTA-184540 – Changing the list of Network Zones enabled for Desktop SSO did not generate a System Log event as expected.
- OKTA-184731 – In Chromebooks, when IdP Discovery was enabled, users were unable to login to certain IDPs.
- OKTA-185632 – Mapping from a user's primary email to their username was not enforced when the user's primary email was changed by an admin.
- OKTA-185819 – Bulk activate option for onboarding on the People page has been restored. This affects Preview orgs only.
2018.36 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Apple Store for Business (OKTA-185638)
-
Codility (OKTA-186038)
-
Factual (OKTA-185681)
-
ManageEngine ServiceDesk Plus (OKTA-185481)
-
MURAL (OKTA-185636)
-
Okta Help Center (OKTA-185639)
-
PR Newswire (OKTA-186572)
-
Siteimprove (OKTA-185464)
The following SAML app was not working correctly and is now fixed
-
LogMeIn Central/Pro (OKTA-180957)
2018.35 Bug Fixes
- OKTA-163542 – Newly imported Okta users were sometimes not added to an Okta push group in Slack.
- OKTA-169041 – In the Office 365 app, if a user had no licenses assigned, deleting that user during de-provisioning failed.
- OKTA-178599 – JIT Delegated Authentication failed in some cases when Okta was in safe mode.
- OKTA-180070 – In Browser Plugin settings, Enable Okta toolbar for group dropdown had no group selected by default on new orgs causing on-the-fly functionality to fail.
- OKTA-180348 – Linked Object property names were incorrectly allowed to begin with a digit or contain characters other than digits, ASCII letters, and underscores.
- OKTA-180375 – If an externally-mastered user was created by an API and an email factor was required, when the user's email address was updated in the externally-mastered source, the previous email address was still active and authentication codes could still be sent to it.
- OKTA-182523 – If a user had email and another factor enrolled for an app-level MFA policy, selecting email as a second factor in Okta Mobile on iOS 11.4.1 displayed 'L10N error' instead of a localized message.
- OKTA-182572 – Users were blocked when upgrading to Okta Verify Push if there was an app sign-on policy that prompted for MFA but no sign-on policy that prompted for MFA.
- OKTA-182744 – The device trust client could not be installed on domain-joined computers when IdP discovery was enabled and an IdP routing rule was configured.
- OKTA-183830 – When the Okta Sign-In Widget was set to use a language other than English, and configured with IdP Discovery, the Next button in the identity first login form was not translated.
- OKTA-186441H – Users and admins were prompted with an "500 Internal Server Error" whenever they tried to access ServiceNow UD.
- OKTA-186530H – For MS Office apps on iOS devices, the end user flow failed when an App Sign On rule to "Block EAS" was above a Device Trust rule.
- OKTA-187161H – SCIM connectors implemented with new created apps did not work on Preview.
2018.35 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Amazon UK (OKTA-183801)
-
Boxed (OKTA-183746)
-
Cisco Partner Login (OKTA-183727)
-
Insightly (OKTA-184701)
-
MIBOR (OKTA-183652)
-
My Jive (OKTA-184864)
-
QuickBooks (OKTA-184915)
-
SHI (OKTA-183447)
-
ThrivePass (OKTA-183453)
-
WorkFusion Forum (OKTA-184843)
The following SAML app was not working correctly and is now fixed
-
Micro Focus Connected MX (OKTA-184531)
2018.34 Bug Fixes
- OKTA-96203 – The Approvals inbox showed All tasks completed message instead of Nothing to show message when there were no completed tasks.
- OKTA-161648 – IWA authentication failed for users who had the same UPN across multiple AD domains.
- OKTA-177378 – For apps with Provisioning enabled, when the Update application username on field was set to Create Only, it reverted to Create and Update when the page was refreshed.
- OKTA-178803 – Clicking on the U2F factor Setup button for the first time on the end user Settings page displayed a message saying the factor was not supported by the browser but the flow worked normally upon second click.
- OKTA-179236 – If an API PUT request to update a user profile omitted a sensitive property, that sensitive property was not properly removed from the user profile.
- OKTA-179407 – Some error pages containing non-lower ASCII characters were not localized.
- OKTA-179766 – While setting up a phone number for Forgot Password Text Message, users with a Mauritian phone number received an invalid number message at the first attempt but were able to send code to verify the number on the second attempt.
- OKTA-181454 – When a user belonged to an MFA Enrollment policy where the Email factor was Required and the SMS factor was Optional, calling the /api/v1/authn/endpoint (Primary Authentication with Trusted Application) to authenticate the user for the first time resulted in the user being prompted to setup an Optional factor instead of receiving the Email OTP.
- OKTA-182947 – Enabling the Self-Service Registration feature with the Add to Sign-In widget checkbox selected displayed a horizontal scroll bar on the end user Sign In page.
- OKTA-183411 – Active app approval templates were not deactivated when Self Service for the app was disabled.
- OKTA-183667 – Attempts to delete a Group Rule resulted in a 500 error.
- OKTA-183882 – Deactivated admins received user locked out emails.
- OKTA-184762 – IdP Discovery stopped the processing of policy rules for a policy if a rule was being evaluated without a user and the rule contained a user attribute condition.
2018.34 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Air Canada Travel Agency (OKTA-182036)
-
AmeriHome Correspondent Connect (OKTA-182918)
-
BetterLesson (OKTA-182740)
-
CitiManager (OKTA-182916)
-
Citrix XenApp (OKTA-182034)
-
Cloudability (OKTA-182781)
-
Critical Mention (OKTA-183368)
-
FileWave (OKTA-183176)
-
Hulu (OKTA-183663)
-
MailGun (OKTA-183490)
-
MedBridge (OKTA-184387)
-
MyRackspace Portal (OKTA-183616)
-
New York Times (OKTA-183479)
-
ProfitStars (OKTA-182311)
-
Verizon Wireless Business (OKTA-182929)
-
Virgin Pulse (OKTA-182902)
-
Yardi (OKTA-182913)
-
ZeroFox (OKTA-182915)
The following SAML app was not working correctly and is now fixed
-
NetDocuments (OKTA-181142)
2018.33 Bug Fixes
- OKTA-165796 – When the user had both Okta Verify with Push enabled and Duo Security, ignoring auto Push from Okta Verify to switch to Duo Security displayed an error message.
- OKTA-174349 – Applications configured as Administrator sets username and password prevented users from enabling Auto-launch option for that app.
- OKTA-177385 – Okta Expession Language was incorrectly treating the character "_" as a single wildcard character.
- OKTA-177768 – IdP Discovery policy routing rule did not display disabled app instances.
- OKTA-178568 – If an SMS factor was used within 30 seconds of the factor being auto-activated, authentication would fail without displaying an error.
- OKTA-179126 – IdP Discovery policy inactive rules could be re-activated if pointed to an inactive IdP.
- OKTA-179325 – AD-mastered users, who were logging into Okta for the first time and had not used their enrolled MFA factors to log in, were unable to add their phone number for SMS and Voice Call self-service password recovery options on the Welcome page.
- OKTA-165507 – The System Log displayed an incorrect time calculation when the selection included a daylight savings time change.
- OKTA-184793H – With Device Trust enabled and only modern auth client application configured for the Office 365 app, some iOS users whose devices were managed by AirWatch were unable to access O365 from native apps.
2018.33 App Integration Fixes
The following SWA app was not working correctly and is now fixed
- Pantheon (OKTA-181500)
2018.32 Bug Fixes
- OKTA-159579 – The San Diego Union-Tribune app had a different login URL in Okta Plugin for Microsoft Edge.
- OKTA-172164 – Invalid EL expressions for attributes and claims in API AM, OIDC, and SAML displayed a 500 error, rather than causing an exception and returning an appropriate error.
- OKTA-173204 – AD-mastered users were unable to edit their Mobile Phone configured with ALM in Okta even when the User Permission for the attribute was set to Read-Write.
- OKTA-174211 – Custom domains and Okta-hosted custom sign-in pages rendered a blank page in Internet Explorer when the domain was added to Compatibility View.
- OKTA-176335 – When configuring a Custom Domain and a Custom Email Sender using the same custom subdomain, the admin was directed to place both CNAME and TXT records to be the same subdomain host, violating RFC 1034 Sec. 3.6.2.
- OKTA-178982 – When assigning apps to a group, next page returned a 500 error if an admin didn't have rights to view all apps.
- OKTA-180364 – Ambiguous dialog box was displayed after a successful MFA transaction.
- OKTA-180642 – Changing the Okta username format from the Active Directory > Settings page in Okta failed to also update existing users' usernames.
- OKTA-182574 – Applying admin-managed tabs to all users did not send emails upon success or failure due to NPEs.
- OKTA-180932 – In rare cases, a del-Auth user appeared to be active when locked out and vice versa.
2018.32 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
- 451Research (OKTA-179132)
- BB&T (OKTA-180836)
- BioCentury (OKTA-181201)
- GoGoAir (OKTA-180854)
- Hosting (OKTA-180837)
- Kentik (OKTA-180843)
- MIBOR (OKTA-181155)
- Morgan Stanley ClientServ (OKTA-180844)
- My Atlassian (OKTA-179519)
- Sailthru (OKTA-180418)
- UMR (OKTA-177842)
- US Bank - Pivot (OKTA-181941)
- VerticalResponse (OKTA-180437)
- Wayfair (OKTA-180840)
- WebEx Premium (OKTA-180841)
- Zappos (OKTA-180842)
The following SAML app was not working correctly and is now fixed
- Illumio ASP (OKTA-182517)
2018.31 Bug Fixes (combines 2018.30 and 2018.31 releases)
- OKTA-165762 – AD profile attributes did not write back to UltiPro-mastered user profiles.
- OKTA-166150 – End user names did not display correctly in Dashboard > Tasks if the user account did not include user first and last names.
- OKTA-167437 – Some profile attributes for User Sync provisioning type for Office 365 could only be mapped using group app assignment (scope: Group) as opposed to user app assignment (scope: Personal).
- OKTA-167701, OKTA-170446 – In some cases, the user's manager attribute did not provision to Office 365 when the user's manager DN changed in AD.
- OKTA-170588 – The Timeout for API Calls threshold for Okta On-Premise Provisioning timed out before the set threshold.
- OKTA-170844 – Users received a blank page when logging into the Jonas Premier app using the Okta dashboard.
- OKTA-173525 – SAML docs were sometimes populated with incorrect Signature Algorithm certificates.
- OKTA-175838 – Group admins were unable to create API tokens because the Security tab was missing from the Okta admin dashboard.
- OKTA-178335 – Removed System Logs for granting refresh tokens in token requests with the refresh token grant type. This applies to both API Access Management and OpenID Connect.
- OKTA-178359 – Some group rules did not trigger after users were imported into Okta.
- OKTA-178522 – IDP Discovery routing rules deemed domains containing the special character "-" as invalid.
- OKTA-178978 – Provisioning sometimes failed during Okta service maintenance.
- OKTA-181649H – New users that were mastered in Google Suite, Workday, or Salesforce and subsequently provisioned from Okta into Active Directory, were not enabled in AD when AD password policy required more than 16 characters long passwords.
2018.31 App Integration Fixes (combines 2018.30 and 2018.31 releases)
The following SWA apps were not working correctly and are now fixed
-
Admin America Participant (OKTA-179417)
-
AI Insight (OKTA-179419)
-
Amadeus Selling Platform Connect (OKTA-177982)
-
Ambassador (OKTA-179233)
-
BNY Mellon - Connect Portal (OKTA-179106)
-
Pond5 (OKTA-180160)
-
PPM Roadmap (OKTA-179413)
-
S&P Capital IQ (OKTA-178570)
-
Spectrum Time Warner Cable (OKTA-179415)
-
Staples NetXpress New Zealand (OKTA-179414)
-
Sysomos (OKTA-179340)
-
The Courier Mail (OKTA-179225)
-
The Economist (OKTA-179108)
-
WebStudy (OKTA-179412)
-
Zeplin (OKTA-179714)
The following SAML apps were not working correctly and are now fixed
-
Fuel Cycle (OKTA-179998)
-
Illumio ASP (OKTA-179985)
-
Spoke (www.askspoke.com) (OKTA-179597)
2018.29 Bug Fixes
- OKTA-90737 – The Permission set for user assignments was not showing up for the Replicon app. For existing Replicon app instances please contact Okta support to upgrade to latest schema.
- OKTA-119389H – Imported users for the Org2Org app had mismatched username and email values.
- OKTA-166720 – Allow administrators to consent for Advanced API Access setting was not saved for O365 app's API credentials, in cases where WS-Fed was used and set to MANUAL on the Sign On tab.
- OKTA-173411 – Reveal Password did not show the password for SWA apps when the user is logged in by external social login providers.
- OKTA-173928 – When the Do not display application icon to users option was unchecked on the General tab of an On-Prem SAML app, the On-Prem settings on the Provisioning tab disappeared.
- OKTA-174179 – Not all SuccessFactors user attributes were imported into Okta.
- OKTA-176035 – Users that were deleted from a Group that was managed by a rule, still showed up in the Group.
- OKTA-177400 – The Zendesk provisioning API failed and returned a 403 Forbidden error for some customers.
- OKTA-178619 – The API Access Management authorization server token preview resulted in an error when previewing a token for client credentials grant type.
- OKTA-179489H – Admin password reset functionality was disabled for LDA- mastered users when the Group Password Policy feature was enabled.
- OKTA-180446H – Setting up provisioning or imports for a new G Suite app instance failed. Testing API credentials for any existing G Suite instances returned a 503 Service unavailable error.
2018.29 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
FedEx Canada (OKTA-177987)
-
MIBOR (OKTA-178869)
-
NatureBox (OKTA-177974)
-
VoterVoice (OKTA-177979)
-
WebEx (Cisco) (OKTA-178499)
2018.28 Bug Fixes
- OKTA-131104 – For customers with G Suite, duplicate email accounts were configured in Gmail after Android users enrolled their device in OMM (work profile).
- OKTA-159102 – When a user launched an iOS app that uses Okta to log in, the Okta widget displayed Please enter a password as soon as it was tapped.
- OKTA-163843 – Okta unnecessarily provided information about specific browsers on all browsers when end users set up a Security Key (U2F) making the instructions confusing on some browsers.
- OKTA-166582 – When multiple SMS requests for MFA were sent within a 30 second window, the error message returned was SMS recently sent instead of Too many requests.
- OKTA-168180 – The AD Domain or AD Agent fields were missing in AD agent connect and disconnect System Log events.
- OKTA-168338 – The okta-signin-widget did not include the accept-language header when making an API call.
- OKTA-175427H – The IDP Discovery page did not redirect the user to the IDP defined in the Routing Rule on an SP initiated flow.
- OKTA-176556 – During Self Service Registration some user accounts defaulted to Staged instead of Pending user action status as expected.
- OKTA-177435 – Category name in the app list showed L10N_ERROR as a category.
- OKTA-178668 – The Delegated Authentication page did not load properly.
2018.28 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Apple Store (OKTA-177813)
-
Atlassian Cloud (OKTA-175339)
-
EdgeCast (OKTA-175363)
-
Qualtrics (OKTA-178233)
-
SallieMae (OKTA-173895)
-
UMR (OKTA-177991)
-
Unicorn HRO Customer Center (OKTA-177995)
-
UsabilityHub (OKTA-177376)
-
WebEx Premium (OKTA-173896)
2018.27 Bug Fixes
- OKTA-124352 – It was possible to select an inactive PIV IdP for certificate-based login.
- OKTA-146511 – Attempting to activate Okta Verify by an email link or code after having already attempted activation by SMS link resulted in a 500 error instead of a proper error message.
- OKTA-156179 – The Workplace by Facebook Manager field was only updated following reassignment changes in AD/Okta, not for other changes.
- OKTA-156459 – User reactivation failed for customers using the Graph API provisioning for the Microsoft Office 365 app.
- OKTA-160214 – Attempts to enable provisioning for the JIRA On-Prem app failed with a 500 error.
- OKTA-164208 – Network Zones were not displayed properly under Security -> Delegated Authentication -> Network Zones in IE.
- OKTA-165596 – The Send Push Automatically checkbox was deselected when reopening a new IE browser with Update KB4096040 in Windows 7Pro-32Bit.
- OKTA-165636 – The Help Desk Admin role could incorrectly click the Groups link without receiving an error. However, when clicking on any of the groups listed, the admin would receive a 403 error.
- OKTA-165849 – RSA SecurID MFA enrollment in Okta carried over the FOB token into the PIN field (at the Enter a new PIN having from 4 to 8 digits prompt).
- OKTA-166847 – The Okta plugin continued to fill out forms with stored values for User/Name and Password fields beyond the initial login.
- OKTA-167553 – The text on the interstitial page appeared jumbled when using Firefox browser version 59.0.2.
- OKTA-167623 – Upgrading the IWA agent caused the Network Zones under IWA Settings to be cleared.
- OKTA-168428 – Some users who were deactivated in Okta were not deactivated in Workplace by Facebook.
- OKTA-168629 – Calls to API AM /authorize with an invalid okta_key parameter resulted in a 500 error.
- OKTA-168648 – No error was shown when user activation failed due to a session timeout.
- OKTA-169454 – Desktop - Windows traffic from Microsoft BITS/7.5 (Microsoft Background Intelligent Transfer Service) was incorrectly filtered as non-Windows traffic by Office365 Client Access Policies.
- OKTA-171775 – Admins given the right to only administer one specific app (specific-app admin role) were unable to access the Provisioning tab for that app.
- OKTA-172284 – The SuccessFactors personal email attribute was removed by an Okta Push operation.
- OKTA-172556 – The IWA pending account activation page did not show the Technical Contact email address.
- OKTA-174625 – Users could not be assigned the Silver Partner role in Salesforce.
- OKTA-175748 – Clicking OIDC default scopes in an Authorization Server (AS) policy rule, incorrectly added all scopes for a custom AS.
- OKTA-175919 – For orgs with subdomain names containing mixed cases, the banner prompting users to grant access to apps continued to display even after the user trusts the domain.
- OKTA-175991 – A 500 error was returned when adding more than one hundred network zones.
- OKTA-176329 – The ContactDirSyncMapping event was not recorded in the System Log.
- OKTA-176736 – The enum attribute did not display a zero value correctly in edit mode (Admin > Directory > Profile Editor > Profile > Edit Custom Attribute).
- OKTA-177400H – Zendesk Provisioning threw a 403 error after performing a Cloudfare migration.
2018.27 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Amazon DE (OKTA-175408)
-
CareFirst (OKTA-174918)
-
CB Insights (OKTA-175570)
-
Comcast Business (OKTA-176072)
-
CrowdStrike Support Portal (OKTA-176089)
-
GoDaddy (OKTA-175683)
-
IBM Cloud (OKTA-175745)
-
Kaspersky CompanyAccount (OKTA-174914)
-
MB Program Info (OKTA-173889)
-
Nielsen Answers (OKTA-176091)
-
NOW - NetApp (OKTA-173891)
-
OneHealthPort (OKTA-175767)
-
OpenTable (OKTA-173892)
-
Operative.One (OKTA-174243)
-
Peapod (OKTA-173890)
-
Proposify (OKTA-175784)
-
PsPrint (OKTA-173894)
-
Qlik (OKTA-175675)
-
SAP Support Portal (OKTA-176093)
-
Seeking Alpha (OKTA-173893)
-
ST Math (OKTA-175125)
-
trafalgar (OKTA-174916)
The following SAML apps were not working correctly and are now fixed
-
Clarizen (OKTA-175553)
-
SkyHigh (OKTA-175513)
2018.25 Bug Fixes
- OKTA-159705 – Okta did not accept Thawte issued certificates.
- OKTA-162707 – The RADIUS log sometimes showed a NoHttpResponseException entry that was not a real error.
- OKTA-167438 – When users changed their secondary email address, this event did not display in the System Log.
- OKTA-167602 – When a user was deprovisioned from Box, and the file volume was high, the user deactivation failed because the associated file transfer timed out.
- OKTA-171890 – In some cases, when using combined values across groups with the O365 app assigned, removing the last group from a user also removed the O365 license.
- OKTA-171950 – If the redirect_uri limit was exceeded, an HTTP 500 error was returned.
- OKTA-172843H – Custom reports for Workday incremental imports sometimes failed, resulting in null custom attribute values.
- OKTA-174277 – Self-service registration returned an Internal Server Error for users reseting a password using the API activation token.
- OKTA-174659 – Okta to AD Push Groups operations for groups starting with "#" failed to link to AD groups.
- OKTA-175160 – When activating or deactivating the email factor, an event was not generated consistently in the MFA usage report.
- OKTA-175583H – Assigning a new version of an app binary file (.ipa) for a native app failed.
2018.25 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Absolute Console (OKTA-173828)
-
Alaska Air Group Credit Union (OKTA-173897)
-
America First Credit Union (OKTA-173877)
-
Benefit Administrator - Ameritas (OKTA-173898)
-
Commission Junction (OKTA-173899)
-
DealerRater (OKTA-173885)
-
Eden (OKTA-174921)
-
Fedex United Kingdom (OKTA-172898)
-
HM Revenue and Customs (HMRC) (OKTA-174740)
-
Hype Machine (OKTA-173886)
-
Jungle Disk (OKTA-173887)
-
McAfee Consumer (OKTA-173888)
-
MetLife Business Insurance (OKTA-174318)
-
MURAL (OKTA-174638)
-
Quickbooks (OKTA-174037)
-
SnapLogic (OKTA-174915)
-
SonicWall (OKTA-173831)
-
UltiPro (OKTA-172729)
The following SAML app was not working correctly and is now fixed
-
Netskope (OKTA-170729)
2018.24 Bug Fixes
- OKTA-132768 – Pre-activated end users who requested a password reset were not automatically sent an email from Okta advising them to contact their administrator, as expected. (Note: This issue is fixed. It was documented as a feature enhancement in error in 2018.17 release notes.)
- OKTA-156213 – RDP failed to connect to Windows Server 2016.
- OKTA-168217 – When using a voice call factor twice within a 30-second time period, the error message incorrectly displayed a internal server error instead of a Too Many Requests error.
- OKTA-168223 – The System Log did not display OpenID Connect App assignment and un-assignment events.
- OKTA-171665 – When authenticating with U2F, the login screen did not have the option Do not challenge me on this device for the next ....
- OKTA-171675 – When a group associated with the self-service registration policy was deleted, any subsequent attempts to make changes to the registration policy received a This group does not exist error message.
- OKTA-171680, OKTA-171750 – It was possible to create access policy rules that set refresh token inactivity expiration times to Unlimited.
- OKTA-172619 – In some real time sync configurations, Okta was showing duplicate users from Workday in the import tab.
2018.24 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Activist Insight (OKTA-172889)
-
Bloomberg (OKTA-173419)
-
CloudHealth (OKTA-172894)
-
Crunchbase (OKTA-173424)
-
eBay (OKTA-172962)
-
Instagram (OKTA-173825)
-
Jitterbit (OKTA-172563)
-
MoneyGram U.S. (OKTA-172893)
-
The Alabama Department of Revenue Motor Vehicle Division (OKTA-168849)
-
Tracker.com (OKTA-172886)
-
WOW! (OKTA-172888)
2018.23 Bug Fixes
- OKTA-162610 – Device notification emails defaulted to the Pacific Time Zone in the message regardless of the user profile time zone setting.
- OKTA-162740 – Notification emails triggered when changing an admin's email address were not sent from the configured custom domain.
- OKTA-168452 – When using the Apple Search Ads app on the MSEdge browser, the Okta Plugin did not match the URL correctly.
- OKTA-170357 – When signing keys could not be generated for a new Authorization Server, the error message was not clear.
- OKTA-171394 – When an AD user was deactivated then reactivated from Okta, the user was reactivated in Okta but not in AD as expected.
- OKTA-172487 – Mappings from user.getInternalProperty("id") to the app Username attribute did not save correctly.
- OKTA-173166 – The Reports page did not display the Account Unlock counts in the SMS Usage Report.
2018.23 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
AirWatch Admin Portal (OKTA-169991)
-
Apple MyAccess (OKTA-168961)
-
Apple MyAccess (OKTA-168961)
-
Capriccio Fuzion (OKTA-168950)
-
Capriccio Fuzion (OKTA-168950)
-
CloudFlare (OKTA-172484)
-
InMobi (OKTA-171429)
-
NetXpress (OKTA-172464)
-
WeightWatchers (OKTA-172465)
2018.22 Bug Fixes
- OKTA-93349 – Super Admins were able to change the role of other Super Admins without notifying the affected party.
- OKTA-127830 – Default password policy settings were sometimes incorrectly applied when creating a user with a password.
- OKTA-139641 – The MFA Usage report did not display the date/time in the Last Enrolled tab.
- OKTA-158993 – Some users were prompted for MFA on a device after already selecting Do not challenge me on this device again on that device.
- OKTA-159102 – The Okta login page on iOS displayed a Please enter a password error as soon as users clicked on the password field.
- OKTA-159505 – Some attributes were missing in the RADIUS end user Client IP attributes list.
- OKTA-159631 – The Slack desktop application request for MFA sometimes went into a loop when users configured it to prompt for MFA on every sign-on.
- OKTA-165633 – Password sync was available for Workplace by Facebook which does not support it.
- OKTA-167565 – The password fields were missing from the Okta Welcome page, causing users to be unable to register their accounts.
- OKTA-169341 – Existing users were not prompted to enroll a Security Question and Answer when enabling Self-Service Account Unlock with recovery Security Question enabled.
- OKTA-171056 – Some OAuth 2.0/OIDC refresh tokens would expire early.
- OKTA-171385 – Saving User profiles with App Mastered Numerical Attributes containing a value resulted in a 403 response.
- OKTA-171533 – When more than 20 OIDC apps were added to an org, no more than 20 appeared in the Clients dropdown of the Token Preview screen.
- OKTA-171670 – The Sharepoint on-premises application was not respecting custom interstitial URL settings for the org.
- OKTA-171896 – The JetBrains OIN app was not added to the Okta Dashboard when the account was created on the fly.
2018.22 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Akamai EdgeControl (OKTA-170641)
-
American Airlines (OKTA-170444)
-
AppLovin (OKTA-171070)
-
Confluence (Atlassian) (OKTA-171922)
-
CoStar (OKTA-170333)
-
DocSend (OKTA-171575)
-
Email On Acid (OKTA-172478)
-
Freshdesk (OKTA-170270)
-
Goldman Sachs Research (OKTA-169178)
-
Hightail (OKTA-171579)
-
NGP VAN (OKTA-171573)
-
SmartyStreets (OKTA-171843)
-
Stampli (OKTA-170087)
-
United Airlines (OKTA-170452)
-
YouCanBook.me (OKTA-171900)
The following SAML app was not working correctly and is now fixed
-
Sisense (OKTA-170701)
2018.20 Bug Fixes
- OKTA-159522 – The Application report for the Radius app did not display all users assigned to the app.
- OKTA-161741 – The Billing Contact information in Account Settings could not be edited. This occurred only for Developer Paid editions.
- OKTA-162503 – The Okta Chrome browser plugin caused a DOM exception to appear in the Dev Console when debugging applications on pages that contained sandboxed iFrames.
- OKTA-162664 – Simultaneous updates made by multiple admins to change user membership on Okta mastered groups were overwritten by the last update.
- OKTA-163173 – Group Push: Pushing app Groups to Jive that already exist or already existed in Jive displayed a L10N_ERROR[app.api.error.update.group] error message.
- OKTA-163381 – When imported groups had names or descriptions with 1023 characters or longer, running an import from ServiceNow into Okta failed with a data exception and did not complete the import.
- OKTA-164390 – Group Search queries with underscores returned incorrect results.
- OKTA-166755 – Importing users from Kaleo OIN app through a CSV file failed.
- OKTA-167278 – Events returned from the /logs endpoint when using the until parameter were previously delayed by up to 1 second. To improve the performance of our System Log, queries to the /logs endpoint that include an until parameter may now return results that are delayed up to 10 seconds. When making requests with an until value that is near real-time, ensure that you allow enough of a buffer as to not miss events (e.g. 20s).
- OKTA-169479 – Using the Okta Plugin negatively impacted browser performance in some cases when working with pages that contained many forms.
- OKTA-172049H – A deleted user account could not be recreated.
2018.20 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Authorize.Net Merchants (OKTA-169901)
-
Choice Strategies (OKTA-168607)
-
SAP BusinessObjects (OKTA-169481)
-
Windows Dev Center (OKTA-169230)
2018.19 Bug Fixes
- OKTA-154726 – Email as an authentication factor produced an error at enrollment for international users.
- OKTA-157884 – Delays were experienced when deleting users. As a result of the fix, one will notice a period of time between when the deletion was initiated and when it completes. During the period, the user will still be visible, but the deletion cannot be reversed.
- OKTA-163626 – During an import into Okta, an event was fired stating that an Okta-mastered group was removed. This event is incorrect, Okta-mastered groups should not be removed during an import and no events should have been fired.
- OKTA-166669 – A secondary domain could not be registered on a fresh install of AD Agent 3.4.12. This issue is fixed by AD Agent release 3.5.0.
- OKTA-167483 – OAuth 2.0 and OIDC requests made with redirect URLs that contained underscores in the domain name would result in an error.
- OKTA-168285 – Group rules only worked when first activated, and subsequently only when they were deactivated and reactivated.
- OKTA-170869H – After an Okta user was deleted in a Preview org, attempts to create an account with same username failed with an 'already exists' error.
2018.19 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
iCloud (OKTA-168778)
-
S&P Capital IQ (OKTA-169177)
-
The Hive Community (OKTA-166736)
2018.18 Bug Fixes
- OKTA-137758 – If the configured default IdP was set to inactive, Okta still used the inactive IdP as the primary endpoint for user authentications.
- OKTA-159216 – When setting up a SAML 2.0 App using the App Integration Wizard, the username defined in the Sign-On tab was overwritten by the default username under the General tab.
- OKTA-162620 – The French translation had errors in the enrollment Password Recovery Security question.
- OKTA-162633 – The German translation had errors in the activation email template.
- OKTA-163276 – Roles were not populated while importing users in the Netsuite app if the user account does not have a location attribute present on it.
- OKTA-164970 – Manual imports from ServiceNow UD failed with following error: Error while downloading all users: could not deserialize the cpc user string. Errors found while setting values for the app user. appUserId=null, errors=com.saasure.framework.validation.util.SimpleErrors: 1 errors Error in object 'appUser': codes [invalidValueTypeForProperty.appUser,invalidValueTypeForProperty]; arguments [company]; default message [Unsupported data type value for given key]. This error means some user has an unknown (new or modified) value for a dropdown list property such as Department, Cost Center, etc. To resolve this issue, click Applications > More > Refresh Application Data, and run the import again.
- OKTA-165675 – The Greek translation had errors on the Okta login screen.
- OKTA-166113 – Users were prompted for MFA for clients in ADFS zones where MFA was not required.
- OKTA-166330 – Some ADFS logins failed and required the user to refresh the page to receive the MFA challenge.
- OKTA-169410H – After new mobile devices are enrolled into OMM, whenever a device reports back device info using update device status api or response to device info command, the update fails due to null pointer exception.
2018.18 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Apple Search Ads (OKTA-168085)
-
AppRiver (OKTA-166853)
-
BootcampSpot v2 (OKTA-168448)
-
Envoy (OKTA-168089)
-
Gaggle (OKTA-167422)
-
Oh My Green (OKTA-168122)
-
ServiceNow UD (OKTA-166665)
The following SAML app was not working correctly and is now fixed
-
Achievers.com (OKTA-167722)
2018.17 Bug Fixes
- OKTA-19371 – The SAML RelayState app path contained an extra forward slash.
- OKTA-134551 – The attribute msExchHideFromAddressLists was not synchronized correctly from Active Directory.
- OKTA-151741 – For customers using the EA feature Graph API provisioning for Microsoft Office 365, provisioning users to the Microsoft Office 365 app failed with the error Unrecognized field "odata.metadata" (Class com.saasure.application.office365.msgraphapi.objects.api.User), not marked as ignorable.
- OKTA-155207 – After an admin was unable to create a user profile in Microsoft Office 365 for a user, the user could not be assigned to the supporting group.
- OKTA-156396 – When uploading an unexpired IdP certificate in Microsoft Internet Explorer 11, the message this certificate is expired displayed. The certificate worked as expected.
- OKTA-156475 – The Okta Browser Plugin froze when authenticating without a session. This was fixed by removing an extra slash in the URL path.
- OKTA-158355 – There were minor grammatical errors in the sign in message.
- OKTA-159022 – After provisioning users to the AWS SAML app, users did not have the AWS app integration on their Dashboards.
- OKTA-159631 – Multifactor Authentication challenges were incorrectly repeated after a successful completion for the Slack Desktop app.
- OKTA-159745 – Group Push to the ServiceNow app failed for large groups containing thousands of users.
- OKTA-161715/OKTA-162648 – Using the Okta Plugin negatively impacted browser performance when working with forms that contained many password fields.
- OKTA-162796 – Setting the Sign On method to Users share a single username and password set by administrator caused a 400 bad request error on user assignment.
- OKTA-162952 – The Adobe Experience Manager app prompted for a new password suggestion instead of sign in information during a SP-initiated flow.
- OKTA-163013 – Internet Explorer did not display Group and Network Zone information in App level Sign On Rules section when editing.
- OKTA-163122 – Duplicate events were fired from a single profile push update.
- OKTA-163152 – When a user was removed from an Okta group and deactivated, then assigned to a different Okta group and reactivated, the reactivated user would still be a member of the OU associated to the original group in spite of the prior deletion from the group.
- OKTA-163408 – The footer on the Activation Failure page incorrectly displayed on two lines.
- OKTA-163411 – The Activation page was not correctly translated for the Japanese language.
- OKTA-165493 – A scheduled Group Push to the Slack app using a rule failed for large groups.
- OKTA-165624 – The welcome email for the Okta Developer Platform contained a broken link for an image.
- OKTA-165637 – Importing users from the Box app with no group memberships failed intermittently with a NullPointerException error.
- OKTA-165749 – The Multifactor page was blank in some customers' preview orgs.
- OKTA-166721 – The Edit button was not visible when customizing a SMS multifactor authentication factor in preview organizations.
- OKTA-166777 – On the Tasks page, provisioning tasks did not display correctly until the Filter button was clicked.
2018.17 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Adobe Licensing Website (OKTA-167246)
-
Apple ID (OKTA-167247)
-
Associated Bank (OKTA-166530)
-
In Honda (OKTA-165909)
-
iTunes Connect (OKTA-166342)
-
National Life Group Customers Login (OKTA-166528)
-
Premium Beat (OKTA-166550)
-
Ramp (OKTA-166533)
-
SchoolDude (OKTA-166531)
-
Societe Francaise du Radiotelephone (OKTA-167244)
-
SproutSocial (OKTA-167248)
2018.15 Bug Fixes
- OKTA-88738 – Read-only admins were able to access email template settings and admin notification functions.
- OKTA-146365 – The Duo multifactor authentication factor was enforced when the factor enrollment rule was set to first time user is challenged for MFA even though the sign-on policy was set to Do not prompt for MFA.
- OKTA-152483 – App admins assigned to the RADIUS app only could not edit Settings in the RADIUS app Sign On tab. Admins assigned to all apps were not affected.
- OKTA-160718 – Okta MFA did not work during sign on for the Airwatch Admin Portal SAML app on iOS Mobile only.
- OKTA-162352 – Users logging in through ADFS login received an error if the ADFS app was configured for MFA with the default policy and with all factors as optional.
- OKTA-163379 – Token Preview incorrectly showed Refresh Token as a grant type option, when it is not a valid grant type.
- OKTA-163525 – In the Advanced Sign-On Settings for the Dropbox app, the instructions for the Silent Provisioning option incorrectly stated that Dropbox support always needed to be contacted to verify your domain.
- OKTA-163584 – Repushing a group that contains a member that already exists in the Jira On-Prem or the Jira Cloud apps, resulted in an End of File exception.
- OKTA-163667 – When one deprovisioning task was manually cleared for a user, all tasks for that user were also cleared.
- OKTA-165355 – After customizing the end user dashboard, admins did not receive an email confirmation that changes were activated, as indicated in the screen text.
- OKTA-165473 – Reauthentication failed for the SAML apps if IWA was configured.
- OKTA-166715H – The URL to sign on to the Salesforce app with MFA exceeded the maximum character length.
2018.15 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Barracuda MSP Online Backup (OKTA-164607)
-
Commuter Check Direct (OKTA-164137)
-
Egencia DE (OKTA-165131)
-
Egencia Ireland (OKTA-164381)
-
Egencia UK (OKTA-165133)
-
FunctionFox (OKTA-164382)
-
HelpSpot Userscape (OKTA-164385)
-
Prey (OKTA-164614)
-
Spirit Airlines (OKTA-164383)
The following SAML app was not working correctly and is now fixed
-
Robin (OKTA-163897)
2018.14 Bug Fixes
- OKTA-116182 – Provisioning to Atlassian Jira failed if the Base URL on the General tab contained spaces in the Jira Cloud and Jira On-Prem apps in Okta.
- OKTA-156901 – Custom magnification levels were reset to the default 100% in Microsoft Internet Explorer 11 after clicking the Web Version link in the Okta toolbar.
- OKTA-159593 – Imports of over 6000 users from SuccessFactors to the SuccessFactors app in Okta failed.
- OKTA-159681 – The State (state), Supervisory Organization (supervisoryOrg) and Business Unit (businessUnit) attributes were not imported from Workday into Okta.
- OKTA-159692 – App sign on rules to deny access to modern auth clients were not enforced on Microsoft Windows 10 operating systems, build 16299.64 and above.
- OKTA-160653 – Unnecessary System Log events appeared with null worker references when processing group memberships during Workday import.
- OKTA-160881 – With Enhanced Group Push, existing group members from linked groups were not correctly mastered by Okta.
- OKTA-162107 – New Active Directory-mastered users were not prompted to enroll in voice call option for recovery during their first sign in.
- OKTA-162752 – Imports for the SuccessFactors app failed with a null pointer exception.
- OKTA-163222 – Enabling provisioning for the GoToMeeting app failed with an HTTP error 400.
2018.14 App Integration Fixes
The following SWA apps were not working correctly and are now fixed.
-
Amazon CA (OKTA-163946)
-
Creditsafe NL (OKTA-163690)
-
Creditsafe UK (OKTA-163692)
-
Financial Times (OKTA-163576)
-
FINRA IARD (OKTA-163579)
-
FullContact Developer Portal (OKTA-162151)
-
OPP (OKTA-163577)
-
SunTrust - Enterprise Spend Platform (OKTA-163940)
-
Travitor (OKTA-163968)
-
Unity Ads (OKTA-161838)
-
Wrike (OKTA-161802)
2018.13 Bug Fixes
- OKTA-105508 – When setting up SAML 2.0 apps, the SHA1 signing algorithm was displayed in the setup instructions during the app set up, but the SHA2 signing algorithm was displayed after the setup was complete.
- OKTA-152571 – IWA agent installation failed in some circumstances.
- OKTA-156049 – After creating an OAuth 2.0 Client with the Okta API that specifies a Client ID (client_id), the correct Client ID appears in the application list but an incorrect Client ID appeared on the Client Credentials screen.
- OKTA-157893 – Browser plugin dialog box images were not displayed correctly in the Firefox and Safari browsers for certain apps.
- OKTA-158334 – End users activated with Just In Time (JIT) provisioning received an incorrect list of multifactor authentication options when the end user was part of a group managed by group rules.
- OKTA-158918 – When changing a password, using the < and > characters caused an error with the message, The field must not contain HTML tags.
- OKTA-159012 – The Okta Usage report did not include authentication events for users who signed in to Okta exclusively through Okta Mobile.
- OKTA-159677 – In the AD Sync Password section on the Security > Delegated Authentication page, the Learn More link pointed to an invalid URL.
- OKTA-160505 – The View Logs link on User Profile pages (Directory > People > User) could not be accessed with the Internet Explorer browser.
- OKTA-160746 – On the Downloads page, the Version History link for the OPP Windows Agent pointed to an invalid URL.
- OKTA-162471 – For users provisioned as non-Okta-Mastered users, secondary emails were not available in Okta, as they were not mapped correctly into Okta.
- OKTA-164762H – After the initial password reset for new Workday-mastered users, users had to click the Home button a second time to see their apps, after entering the new password.
2018.13 App Integration Fixes
The following SWA apps were not working correctly and are now fixed.
-
Cisco Partner Login (OKTA-162618)
-
my.MYOB (OKTA-160213)
-
ProtonMail (OKTA-162274)
2018.12 Bug Fixes
- OKTA-136701 – Error messages when setting the minimum password age and password expires after parameters did not clarify that password expiration must be at least 1 day (24 hours) greater than minimum password age.
- OKTA-142177 – SP-initiated logins caused an error when MFA enrollment was required.
- OKTA-154419 – Reports available to an admin were not shown on the Reports page, if any usage statistics were unavailable.
- OKTA-158073 – Reactivating Zendesk app users with Okta usernames that were different from their email addresses failed.
- OKTA-159659 – Assignments for the Help Desk Admin, Mobile Admin, and API Access Management Admin were not recorded in the System Log.
- OKTA-161024 – Provisioning to the Rally app failed sporadically due to rate limiting concurrent updates.
- OKTA-161143 – During a group push in Active Directory, clicking the Push Group button and then clicking Save & add another button caused the Show More button to display multiple times.
- OKTA-162075 –The generated display name on the People page and the user profile was not used when a user's first and last names were null.
- OKTA-162476 – Logins via the Sign-In Widget (2.6.0) where the redirectURL parameter is utilized returned an HTTP 403 error to the user.
- OKTA-162682 – The Send push automatically check box did not remain checked when authenticating after logging out, then logging back into Okta for app sign on MFA and on Okta mobile.
2018.12 App Integration Fixes
The following SWA apps were not working correctly and are now fixed.
-
Aurea: Messaging Solutions (OKTA-161163)
-
BulkSMS.com (OKTA-161975)
-
Groupon Merchants (OKTA-161710)
-
JIRA Cloud (Atlassian) (OKTA-158210)
-
Netflix (OKTA-158630)
-
Thomson Reuters Westlaw (OKTA-161417)
-
Xactly (OKTA-159865)
-
Zoominfo (OKTA-161673)
2018.11 Bug Fixes
- OKTA-144982 – An incorrect error message was returned when a blank password was specified in a password reset request.
- OKTA-152324 – If administrators in an org with the Developer Console enabled used the Classic user interface instead, and had no apps assigned, they couldn't access their own user home page.
- OKTA-154829 – Apps with long embed links did not display the link properly.
- OKTA-156484 – The System Log Display Name for Target User was shown as unknown for the user.authentication.sso event.
- OKTA-157287 – Pushing an updated version of the iOS app in the Okta Private App store did not trigger an update on enrolled devices, and the app could not be updated manually.
- OKTA-157741 – Some Internet Explorer users intermittently received a 400 Bad Request error when accessing an app with Inbound SAML.
- OKTA-158406 – When performing a group push to a SCIM app, some removed users were still pushed as members.
- OKTA-159679 – After successfully pushing a group containing a user to the JIRAcloud app, updating the group membership second time removed the initial user from the group in JIRA and displayed an error java.io.EOFException in Okta.
- OKTA-159705 – Provisioning to third-party applications that use a SSL certificate issued by DigiCert Global Root G2 root certificate authority might fail.
- OKTA-160214 – Provisioning to third-party applications that use a SSL certificate issued by DigiCert Trusted Root G4 root certificate authority might fail.
- OKTA-161847 – Imports failed when some data (worker/employment/workerstatus) was missing when using Workday's Last Day Worked feature.
2018.11 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
3Rivers (OKTA-161181)
-
Archer (OKTA-160611)
-
Bannersnack (OKTA-159732)
-
Basecamp (OKTA-161375)
-
Cisco Partner Login (OKTA-159507)
-
Nearmap.com (AU) (OKTA-160555)
-
Sage People (OKTA-160582)
-
Stamps.com (OKTA-159856)
-
WooBox (OKTA-160394)
-
Workday Support (OKTA-160809)
The following SAML app was not working correctly and is now fixed
-
EmployeeReferrals.com (OKTA-159623)
2018.10 Bug Fixes
- OKTA-146499 – In the Chrome and IE browser with a low resolution screen, results dropped off the page during group assignment.
- OKTA-152222 – The Active Directory Federation Services (ADFS) app was not created with a default rule to prompt for factor with every sign-on.
- OKTA-155181 – Multifactor authentication with the Okta Windows Credential Provider did not load on servers with private IP addresses.
- OKTA-155395 – Pressing the Android icon during Okta Verify MFA enrollment while configuring Okta Mobile causes the app to become unresponsive
- OKTA-158142 – When reactivating users from Active Directory, users who had been assigned apps that were subsequently deleted could not be reactivated.
- OKTA-158227 – When selecting a state or region to define a geolocation zone, the names for selections within Israel were mislabeled.
- OKTA-159727 – In the Edge browser, adding MFA to a App Sign On Rule for the RADIUS application failed.
- OKTA-160585 – Authentication failed when users attempted to sign in to Microsoft Office 365 accounts using rich clients and a proxy that require a `Reason Phrase` in the HTTP response , for example Netskope.
2018.10 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Amazon UK (OKTA-159968)
-
BNY Mellon - Connect Portal (OKTA-159857)
-
Citrix RightSignature (OKTA-158953)
-
Consumer Reports (OKTA-159858)
-
Gleam (OKTA-159853)
-
GoToAssist (RemoteSupport/Service Desk/Monitoring) (OKTA-159120)
-
HRConnection by Zywave (OKTA-159076)
-
MyRouteOnline (OKTA-160408)
-
nCrypted Cloud (OKTA-159868)
-
OneSCM (OKTA-159854)
2018.09 Bug Fixes (combines 2018.08 and 2018.09 releases)
- OKTA-142230 – Under certain circumstances users could not sign on using the RADIUS app when a concurrent sign-on policy was specified for all sign ons.
- OKTA-151824 – When the email address of an Okta admin was changed, the subject of the confirming email incorrectly had the subject Notice of Pending email address change.
- OKTA-153216 – Successful password resets completed during an Okta Safe Mode event are valid after the safe mode ends.
- OKTA-153630 – After making a change to a password in some SWA apps, end users were not prompted to update the password for that app in Okta.
- OKTA-154808 – Some users could not access the self service page for an app and received the error: HTTP 500 Internal Server Error "com.saasure.framework.exception.RequestTimeoutException".
- OKTA-157116 – Some users could not sign in to the Microsoft Office 365 app, because the time stamp for the last password change was set to a date in the future.
- OKTA-157912 – Some users could not be provisioned to the Box app consistently and received a null error.
- OKTA-158144 – Some sign-ins failed or required multiple MFA login attempts when MFA step-up for App sign-on is enabled.
- OKTA-158215 – Some users could not be provisioned or were inaccurately provisioned to the PagerDuty app when multiple users in the org had common strings in their email addresses.
- OKTA-158353 – Errors on user profile updates and/or provisioning API credential validation while provisioning to CASB enabled Jive app
- OKTA-158557 – The Add App screen showed that a number of apps and categories were available, but none of them were actually available.
2018.09 App Integration Fixes (combines 2018.08 and 2018.09 releases)
The following SWA apps were not working correctly and are now fixed
-
Bank of American Fork (OKTA-158943)
-
Burgiss: Cash Management (OKTA-158715)
-
GE Customer Online Management System (OKTA-158047)
-
GoToTraining (OKTA-158246)
-
Helpscout (OKTA-158946)
-
Hertz Gold Plus Rewards (OKTA-158042)
-
KnowBe4 (OKTA-158554)
-
my529 (OKTA-158398)
-
Nomadesk (OKTA-158652)
-
One Nevada Credit Union (OKTA-158043)
-
RainKing (OKTA-138203)
-
Small Improvements (OKTA-158040)
-
Wizbii (OKTA-158041)
-
Zions Bank (OKTA-158211)
2018.07 Bug Fixes
- OKTA-139510 – The error message displayed when deleting a schema property did not accurately reflect the error condition.
- OKTA-148398 – The System Log showed inconsistencies when changing the Active Directory import schedule from the Settings screen of the Active Directory Integration.
- OKTA-150609 – Imports were failing from Samanage when enum constraints were dropped in Samanage.
- OKTA-151824 – After changing the email address for an Okta Admin or end user, the notification email was titled Notice of Pending email address change insead of Notice of email address change.
- OKTA-154851 – When editing a group rule to filter users based on the user's email address, the screen showed the user's second email address in the attribute. When saved, the correct attribute was used.
- OKTA-155395 – When configuring Okta Mobile, pressing the Android icon during Okta Verify MFA enrollment caused Okta Mobile to become unresponsive.
- OKTA-155549 – On the enduser dashboard, some apps were erroneously identified as bookmark apps.
- OKTA-155620 – Custom interstitial pages were not displayed when accessing the Worday app.
- OKTA-156450 – Changes to the user principal name attribute in Active Directory were not reflected in Okta when used for sign in.
- OKTA-156505 – You can now push the Slack display name. This requires enabling display name push in both your Slack tenant and provisioning settings.
- OKTA-156543 – In the Add Origin screen (Security > API > Trusted Origin), the placeholder text was unclear and now reads, Organization origin name.
- OKTA-157200 – List of user entries in People page was sorted incorrectly.
- OKTA-157378 – When an application was assigned for approval by a group and the group was subsequently deleted, any approver who was part of the deleted group received an error when attempting to approve any request on the Task page.
- OKTA-157749 – Long running operations in Slack caused a timeout on Okta's side
- OKTA-158144 – Sign ons failed or required multiple MFA sign on attempts when when MFA step-up for App sign on is enabled.
- OKTA-158330 – Setting the the proxy status to Any proxy in a dynamic network zone matched any IP addresses where the proxy type was null.
2018.07 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
AmeriHome (OKTA-152960)
-
ConceptShare (OKTA-157115)
-
Conservice (OKTA-156764)
-
HRConnection by Zywave (OKTA-156621)
-
Ramp (OKTA-156548)
2018.06 Bug Fixes
- OKTA-144300 – Some users could not sign in to Okta with Yubikey as a second MFA factor.
- OKTA-151766 – Apps assigned to the G Suite group were not assigned to users who were subsequently added to the group.
- OKTA-151780 – When users were reactivated in Active Directory, Microsoft Office 365 group licenses were not present after reactivation.
- OKTA-153118 – Users with Emoji characters in any of their properties were not filtered during imports from Slack.
2018.06 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
Criteo (OKTA-156911)
-
HRConnection by Zywave (OKTA-156621)
-
Lakeland Bank (OKTA-156309)
-
MyPayFlex (OKTA-155692)
-
Qualtrics (OKTA-156307)
-
Rise Vision (OKTA-155588)
-
Texas Capital Bank (OKTA-155686)
2018.05 Bug Fixes (combines 2018.04 and 2018.05 releases)
- OKTA-142217 – After an LDAP provisioning error, the agent required a reboot and the LDAP configuration could not be updated.
- OKTA-142973 – Just In Time (JIT) provisioning was automatically enabled after modifying LDAP integrations settings.
- OKTA-145619 – Updates to group membership in Okta were not transferred to the G Suite app
- OKTA-146142 – Terminology was inconsistent on the Okta Verify IOS lock screen.
- OKTA-147299 – Okta authentication with JIT failed when the user id contained some non-ASCII extended characters.
- OKTA-147446 – The Microsoft Office 365 app fails with the error *400 You must provide a required property: Parameter name: usageLocation" after assigning users to the app with the provisioning type "Licenses/Roles Management Only."
- OKTA-148246 – Active Directory attributes with a custom attribute name were not pushed from Okta to the Salesforce app.
- OKTA-150613 – Setting the OAuth 2.0 Client application label to the maximum length of 100 returned an error.
- OKTA-150817 – Some MFA prompts during sign in were incorrectly translated into Dutch.
- OKTA-151008 – The password requirements message was incorrectly translated into Portuguese.
- OKTA-151547 – Users were prompted for an additional multifactor authentication factor every time they clicked the *Admin* button if MFA for Admins was enabled.
- OKTA-154178 – When unlocking an account with email, the message was not fully localized for the Greek language.
- OKTA-155582 – Retrieving the list of searchable fields for the System Log caused an error.
2018.05 App Integration Fixes (combines 2018.04 and 2018.05 releases)
The following SWA apps were not working correctly and are now fixed
-
Alibaba Cloud (Aliyun) (OKTA-155251)
-
BatchGeo (OKTA-155250)
-
Carlson Wagonlit (OKTA-153912)
-
FINRA Web CRD (OKTA-155257)
-
Flonomics (OKTA-156082)
-
Forrester Research (OKTA-154089)
-
HRConnection by Zywave (OKTA-154688)
-
ISO PAAS (OKTA-155021)
-
J.Crew (OKTA-154970)
-
Optum Health Financial (OKTA-154972)
-
Public Service Credit Union (OKTA-155260)
-
SkillSurvey (OKTA-155619)
-
The Wall Street Journal (OKTA-155570)
-
Trade Me (OKTA-154702)
-
UPS CampusShip (OKTA-155427)
-
Wall Street Journal (OKTA-155472)
-
WorkflowMAX (OKTA-156305)
-
Zenni Optical (OKTA-155256)
The following SAML app was not working correctly and is now fixed
-
AWS Redshift (OKTA-155698)
2018.03 Bug Fixes
- OKTA-141778 – Some Workday provisioning events were not recorded in the System Log or in the App Assignment report.
- OKTA-144546 – Provisioning operations for the Rally app sometimes failed with concurrency conflict errors.
- OKTA-146471 – LDAP users without email addresses on an LDAP server could not be imported into Okta.
- OKTA-146784 – Users received a cryptic Network Error message when they entered invalid text in the domain field on the login screen.
- OKTA-147256 – Okta Verify did not show the time of the event when prompting the user to approve or deny unless the app was already open.
- OKTA-147764 – The VPN Required notification was not displayed when launching from the Okta Dashboard Launch pad.
- OKTA-150040 – System Log entries were missing when a user presses deny in Okta Verify push.
- OKTA-150846 – Users could not create OpenID Connect app instances under certain circumstances.
- OKTA-151817 – When performing a password sync, modules in which the user was enrolled were removed in the Litmos app.
- OKTA-153201 – Some events were not logged when an app is configured to use a custom error page.
- OKTA-153615 – Users could not bypass the MFA requirement when using the Okta Windows Credential Provider in some cases.
- OKTA-154044 – When performing a SP-initiated SAML login to the Salesforce app, the user was redirected to the Okta Dashboard instead of the Salesforce page if they authenticated by a smartcard or certificate.
- OKTA-154176 – The ResponseType was not validated in token preview when the GrantType is IMPLICIT.
- OKTA-154178 – The unlock account email message is updated for the Greek language during sign in.
- OKTA-155004 – Some error messages shown to end users were not localized.
2018.03 App Integration Fixes
The following SWA apps were not working correctly and are now fixed
-
AFS Analytics (OKTA-154699)
-
Avis (OKTA-153523)
-
Awesome Screenshot (OKTA-154700)
-
CalPERS (OKTA-154520)
-
Descartes MK Denial.com (OKTA-154514)
-
Instacart (OKTA-154696)
-
Truckstop.com (OKTA-153520)
-
Virgin America (OKTA-154692)
2018.02 Bug Fixes (combines 2018.01 and 2018.02 releases)
- OKTA-100304 – The security image was not displayed in the Microsoft Outlook desktop app.
- OKTA-131155 – Custom email domain validation failed when the name contained uppercase characters.
- OKTA-136392 – Approval tasks for the Android for Work app were counted, but not displayed.
- OKTA-143996 – The App Integration Wizard failed to upload logos.
- OKTA-144230 – The password field was not filled in for the MIBOR SWA app.
- OKTA-145574 – Unprovisioned users were not listed in some group listings.
- OKTA-148543 – When disconnecting a user profile from the Workday app, the screen prompts were unclear.
- OKTA-150747 – Admins could not delete a Network Zone after deleting an application Sign On policy.
- OKTA-151539 – Adding apps "on the fly" failed for the isaca.org and pmi.org.
- OKTA-151556 – Custom mappings for the Alias attribute were not respected when creating a new user in Salesforce.
- OKTA-151574 – Users could not sign in to the Ceridian HR/Payroll app with SWA.
- OKTA-151734 – The Roambi Business app failed with a verification error while setting up provisioning.
- OKTA-151757 – Users not assigned to the Microsoft Office 365 app received an error when accessing the app with an SP-initiated flow.
- OKTA-152395 – Social Authentication Redirect Callout flow sometimes returned invalid authorization codes.
- OKTA-152451 – When attempting to edit SAML settings in the App Integration Wizard, users received a blank page if the app was previously deactivated.
- OKTA-153219 – When creating a test SCIM app and configuring it with SCIM API and auth keys, users received a 500 error message.
2018.02 App Integration Fixes (combines 2018.01 and 2018.02 releases)
The following SWA apps were not working correctly and are now fixed
-
American Academy of Actuaries (OKTA-153597)
-
Boston Private Bank: Online Banking (OKTA-153117)
-
Bupa (OKTA-153521)
-
Ceridian eReports (OKTA-153211)
-
Disqus (OKTA-152553)
-
Fidelity 401k (OKTA-153072)
-
FINRA (OKTA-153210)
-
Forticloud (OKTA-153204)
-
LeadMailbox (OKTA-152191)
-
Microsoft Online Services Admin (OKTA-153207)
-
Orbitz (OKTA-153522)
-
Panopto (OKTA-153114)
-
RealSelf (OKTA-153115)
-
The Standard (StanCorp Financial Group) (OKTA-153480)
-
Ticketmaster (OKTA-153594)
-
Twilio (OKTA-153386)
-
Wells Fargo (OKTA-152639)
-
ZeroCater (OKTA-152950)
-
Zopim Dashboard (OKTA-152989)
The following SAML apps were not working correctly and are now fixed
-
Replicon (OKTA-151782)
-
SpringCM (OKTA-153352)