Okta Classic Engine release notes (Production)

Some text on the Reset Password for a user page in the Admin Console wasn't translated. (OKTA-613937)

WebEx replaced the API used to retrieve session types with a REST API, which requires the integration to use OAuth for authentication. (OKTA-701227)

Clicking Sync Entitlements on the Governance tab displayed an error. (OKTA-720049)

Sometimes, concurrent Agentless Desktop SSO JIT operations for a user broke app assignments, which required admin intervention to correct. (OKTA-722648)

When admins manually confirmed users imported from a SCIM app, they were assigned apps that they weren't authorized to access. (OKTA-724859)

Opening a profile in a new tab from the Profile Editor displayed a list of profiles instead. (OKTA-725640)

The System Log didn't record the Network Zone of the IP at the time of global sign-on policy evaluation. (OKTA-727200)

Sometimes, when users who hadn't enrolled in On-Prem MFA attempted to sign in using an RSA SecurID passcode in the New PIN Mode, the passcode verification failed. (OKTA-727554)

Processing GeneralizedTime attributes while confirming new users imported from LDAP to Okta resulted in an error. (OKTA-728398)

Users could reuse their temporary password. (OKTA-729189)

When the display language was set to Japanese, some role permissions weren’t translated on the Admin role assignments screen. (OKTA-730832)

When the display language was set to Japanese, some text on the Administrators pages wasn’t translated. (OKTA-730834)

Some customers signing in to Okta-hosted custom domains with the first or second-generation Sign-In Widget received communications from Monotype Imaging Inc. about licensing for the Proxima Nova font. (OKTA-731216)

When an admin clicked Show more on the Administrator assignment by role page, additional admins with the super admin role didn’t appear. (OKTA-731416)

Some Group Push operations for ServiceNow failed due to timing out. (OKTA-731707)

Workday writeback operations failed when area codes were included in the request. (OKTA-733361)

The End User Browser Plugins pane on the Downloads page used an outdated icon for Chromium Edge. (OKTA-733813)

The security.breached_credential.detected System Log event had a typo. (OKTA-736552)

The Okta RADIUS Server Agent was updated for a security fix. Upgrade to version 2.22.0. (OKTA-737441)

Sometimes, Group Assignments involving the Everyone group failed because of a non-performant query. (OKTA-742083)

Full imports for OIG-enabled apps sometimes caused users to be unexpectedly deprovisioned. (OKTA-742996)

The help links on the Downloads page weren’t localized. (OKTA-614688)

Admins without the View agents permission could see the Agents page. (OKTA-651508)

Setting the locale to Japanese resulted in some issues when working with CSV directories. An error string appeared when scheduling weekly imports and there was insufficient space to enter which hour the import should be performed. (OKTA-656418)

Group Push failed for Samanage when group names contained spaces. (OKTA-668498)

Password reset token expiration time was not localized for some orgs. (OKTA-673386)

Self-service unlock with email didn't work if a user's AD account was locked but their Okta account was unlocked. (OKTA-720267)

The notification email contained the modified IP address when X-Forwarded-For Header was modified. (OKTA-722815)

The oauth2/instrospect endpoint hit rate limits without logging it in the System Log. (OKTA-726680)

During JIT reactivation through IdP, group app assignment reconciliation wasn't processed asynchronously, which caused an unexpected delay in the sign-in process. (OKTA-729103)

Attempting to unassign a Google Workspace license from a user who didn't have that license resulted in an error message. (OKTA-731570)

When an app was created by an API call with an existing clientId in the request payload, this didn't match the way an app was created in the UI. This resulted in the wrong app rate limit displayed in the rate limit dashboard. (OKTA-736117)

On the Edit resource to a standard role page, resources with long names were cut off. (OKTA-736821)

When an admin uploaded a file while configuring an app, the dates that appeared on the page weren't translated. (OKTA-736916)

The Okta provisioning API didn't accept user IDs that contained a backslash (\) character when users were provisioned to Org2Org instances. (OKTA-737258)

NetSuite imports failed for new app instances that had Governance Engine enabled if users had an inactive department, location, or class. (OKTA-737844)

Sometimes a group owner wasn't resolved correctly and an invalid error was displayed on the Group Owner tab for the group. (OKTA-738426)

Gemini licenses for Google Workspace were unavailable. (OKTA-739005)

The wrong font was used for text in the Sign-In Widget. (OKTA-742100)

When running an import from Active Directory into Okta, the DirSync stopped working, which resulted in users being removed from multiple groups within the Office 365 app. (OKTA-742905)

Full imports for OIG-enabled apps sometimes caused users to be unexpectedly deprovisioned. (OKTA-742996)

When trying to access OneDrive using the app on the Okta Dashboard, an error occurred if there was an active Office 365 session. (OKTA-744748)

In Groups API queries, some users who weren't in the "Everyone" group were missing group memberships.(OKTA-747426)

Inactive app users weren't included in group pushes for AWS Account Federation. (OKTA-678930)

Groups IDs were sent as part of PATCH operations. (OKTA-711633)

When ADSSO routing was enabled for an org, users of impacted app instances couldn't reach the sign-in page after clicking an OAuth 2.0 device activation link. (OKTA-724269)

The logOnly attribute incorrectly appeared in the System Log. (OKTA-725287)

Sometimes actions that were taken on role assignments from entitlement bundles timed out. (OKTA-727294)

Orgs that had Auto-enroll in all future EA features enabled in Features didn't get the Enforce MFA For Admin Console feature. (OKTA-729278)

Admin email notifications for user lockouts weren't translated to the org's default language. (OKTA-657967)

Sometimes viewing group details resulted in slow page loads or timeouts if the group was assigned a Zendesk app integration that had a large number of ZendeskOrganization objects in the downstream app. (OKTA-688756)

The Administrator role report contained admins without active resource sets. (OKTA-698967)

When choosing push groups by name, after selecting the first group and clicking Save and Add Another, choosing the next group caused the Push group immediately option to be cleared but the group was still automatically pushed. (OKTA-704497)

In Okta Identity Governance orgs where AD groups were owned by deactivated Okta users, some failed imports appeared as complete. (OKTA-713146)

When the last standard admin role was unassigned from a user who also had a custom admin role, the System Log didn’t record the event. (OKTA-715487)

For some types of internal errors, the LDAP interface incorrectly returned a successful result code (0) and empty results instead of an error code (80). (OKTA-716937)

Authenticator enrollment emails that users received when they enrolled in Okta Verify contained a Report suspicious activity link with the org's regular domain, even if the enrollment occurred on a custom domain. (OKTA-723812)

When a user search included the & symbol, only the first page of results was viewable. (OKTA-724819)

The Okta RADIUS agent was updated for a security fix. Upgrade to version 2.21.0. (OKTA-724891)