Generally Available Features

New Features

New System Log event for Grant User Privilege

The Grant User Privilege System Log event now logs activity for each user in a group when an AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. role is assigned to the group.

New System Log events for OIDC scope grants

System Log events are now triggered when an administrator grants consent for OpenID Connect scopes.

Rogue Accounts Report End of Life (EOL)

The Rogue Accounts Report feature has been removed due to low usage, high cost of maintenance, and the availability of custom solutions. For example, admins can retrieve similar data by using the List Users Assigned to Application API to see users who were assigned to an appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. in Okta, and then using custom code to generate a list of users assigned in the app itself. For more information, see this Support Article.

Send Device Context using Limited Access

Limited Access allows you to configure Okta to pass device context to certain SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. apps through the SAML assertion during app authentication. The app uses this data to limit access to certain app-specific behaviors. For more information, see Pass Device Context to SAML apps using Limited Access.

Active Directory, new import and provisioning settings experience

The AD settings user interface had been updated. It is now more consistent with how other application settings are configured. All orgs will now use the Okta expression language for the Okta username format field.

If your orgThe Okta container that represents a real-world organization. was created before October 4th (Preview) or October 9th, 2017 (Production), a legacy expression language that is different than the Okta expression language was used for the Okta username format field. For more information, see Configure the Okta Active Directory (AD) agent: new user interface and Updated AD Profile Mapping options.

User Group Reassignments

When a user is moved to a different Okta group, that change is now reflected in Active Directory. For more information, see Enable Okta-mastered user Organizational Unit updates.

Incremental Imports for CSV

Incremental imports improve performance by importing only users who were created, updated, or deleted since your last import. See Configure the CSV Directory Integration.

UI Enhancements for HealthInsight

The HealthInsight card on the Admin Console dashboard and HealthInsight actions have been updated for improved usability. For more information about HealthInsight, see HealthInsight.

Additional context in MFA authentication in some apps

We have added an additional target element containing application information to MFA events triggered by authentication to Epic Hyperspace EPCS (MFA) and Microsoft RDP (MFA) apps.

Improved text in single line challenge for RADIUS MFA

The text displayed during the a single line MFA challenge via RADIUS authentication has been improved to fixed grammatical errors.

Notification when adding a user to an Admin group

Admins now see a notification that admin privileges will be granted when adding a user to a group with Admin privileges.

Updated Privacy Policy

Okta has updated its Privacy Policy. See https://okta.com/privacy-policy/ to review the latest version.

Condition update for MFA Enrollment policy rules

The name of the setting for the Any Application condition has been updated to specify app support for MFA Enrollment. For more information, see App Condition for MFA Enrollment Policy.

UI enhancements for profile and attribute selection

The appearance of profile and attribute selection elements is updated to be more consistent with other Okta select elements.

Toggle on/off the end user onboarding screen

In the Settings > Appearance settings in the Admin Console, admins can control whether or not new end usersEnd users are people in your org without administrative control. They can authenticate into apps from the icons on their My Applications home page, but they are provisioned, deprovisioned, assigned, and managed by admins. see the onboarding screen upon their first sign in to the Okta End User dashboard.

Early Access Features

New Feature

Fixes

General Fixes

App Integration Fixes

The following SWA apps were not working correctly and are now fixed

• Aha (OKTA-266200)

• American Express Work Reconciliation (OKTA-266198)

• Apple ID (OKTA-264195)

• Aveda (OKTA-266196)

• Blackbaudhost Citrix (OKTA-266199)

• Bloomfire (OKTA-266193)

• Brex (OKTA-266241)

• Cisco WebEx Meeting Center (OKTA-262750)

• Citrix RightSignature (OKTA-268537)

• DoorDash (OKTA-268780)

• Firefox (OKTA-266201)

• FullContact Developer Portal (OKTA-268538)

• Google Analytics (OKTA-266914)

• Impraise (OKTA-268534)

• MKB Brandstof (OKTA-267534)

• Nest (OKTA-267942)

• NewEgg Business (OKTA-268840)

• OnePath Advisor (OKTA-266925)

• Principal Financial Personal (OKTA-268782)

• RescueTime (OKTA-266197)

• Rhino3d (OKTA-268531)

• Seek (AU) - Employer (OKTA-266703)

• Shipwire (OKTA-266919)

• Site24x7 (OKTA-268622)

• Vindicia (OKTA-266192)

• Wombat Security Awareness (OKTA-268532)

The following SAML app was not working correctly and is now fixed

• Datadog (OKTA-267430)

Applications

Application Updates

• Zoom provisioning application now supports updating user email addresses.
• Citrix NetScaler Gateway has changed its name to Citrix Gateway.

New Integrations

New SCIM Integration Application

The following partner-built provisioningThis term is obsolete. See "Okta Verified". integration apps are now Generally Available in the OIN as partner-built:

• Matki: For configuration information, see Provisioning with Okta.
• Clinical Maestro: For configuration information, see Clinical Maestro Okta Integration Configuration Guide.
• Cmd: For configuration information, see Okta/Cmd Configuration Guide.

SAML for the following Okta Verified applications

• AppOmni (OKTA-266642)

• Appsian Security Platform for PeopleSoft (Encrypted) (OKTA-265400)

• Clinical Maestro (OKTA-264130)

• Cmd (OKTA-266400)

• Freshworks (OKTA-262038)

• Grammarly (OKTA-266950)

• Kisi Physical Security (OKTA-265701)

• LoanBuddy (OKTA-266952)

• Mode Analytics (OKTA-260404)

• Reducer (OKTA-265134)

• TeamzSkill (OKTA-265665)

SWA for the following Okta Verified application

• Miniter (OKTA-262048)