Production

January 2020

2020.01.0: Monthly Production release began deployment on January 13

* Features may not be available in all Okta Product SKUs.

Generally Available Features

New Features

Okta Browser Plugin version 5.36.1 for Chromium-based Microsoft Edge and Mozilla Firefox

This version includes the following:

For version history, see Okta Browser Plugin: Version History

New System Log events for OIDC scope grants

System Log events are now triggered when an administrator grants consent for OpenID Connect scopes.

Rogue Accounts Report End of Life (EOL)

The Rogue Accounts Report feature has been removed due to low usage, high cost of maintenance, and the availability of custom solutions. For example, admins can retrieve similar data by using the List Users Assigned to Application API to see users who were assigned to an appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. in Okta, and then using custom code to generate a list of users assigned in the app itself. For more information, see this Support Article.

Federate multiple Office 365 domains in a single app instance

You can automatically federate multiple Microsoft Office 365 domains within a single Office 365 app instance in Okta. This eliminates the need to configure a separate Office 365 app instance for each Office 365 domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https).. For more information, see Federate multiple Office 365 domains in a single app instance.

Support for Salesforce Government Cloud

You can create instances of the Salesforce app that can integrate with Salesforce Government Cloud. For more details, see the Salesforce Provisioning Guide.

Box integration enhancement

The Box integration is enabled for Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API. and is enhanced by the following additional properties in the User Profile:

See the Box Provisioning Guide for more information.

Resumable Import

Resumable Import is a performance enhancement that prevents imports from starting over in the event of a deployment or infrastructure issue. Instead, the import automatically pauses and continues from the most recently completed step. For information on importing users, see Import users from an app.

HealthInsight

HealthInsight audits an organization’s security settings and suggests recommended tasks to improve an orgThe Okta container that represents a real-world organization.'s security posture. Security tasks and recommendations are intended for admins who manage employee security within their organization.

HealthInsight may now be accessed directly from the Admin Console dashboard.

Fore more information, see HealthInsight.

App Catalog Search Improvements

The enhanced Okta Integration Network (OINAn acronym for the Okta Integration Network. The OIN is comprised of thousands of public, pre-integrated business and consumer applications. As an on-demand service, OIN integrations are continuously validated, always up to date, and constantly growing both in number and capability. Okta performs a single integration with an ISV or SP, providing thousands of end users with point-and-click customization for their orgs.) App Catalog now features:

  • A new incremental search and an improved search results preview
  • Expanded search capabilities to check app integration names, descriptions, or categories
  • Fuzzy search logic to match partial hits and name variations
  • Tiles highlight the protocols supported by the app integration

This feature will be gradually made available to all orgs.

Generally Available Enhancements

UI Enhancements for HealthInsight

The HealthInsight card on the Admin Console dashboard and HealthInsight actions have been updated for improved usability. For more information about HealthInsight, see HealthInsight.

Additional context in MFA authentication in some apps

We have added an additional target element containing application information to MFA events triggered by authentication to Epic Hyperspace EPCS (MFA) and Microsoft RDP (MFA) apps.

Improved text in single line challenge for RADIUS MFA

The text displayed during the a single line MFA challenge via RADIUS authentication has been improved to fixed grammatical errors.

Notification when adding a user to an Admin group

Admins now see a notification that admin privileges will be granted when adding a user to a group with Admin privileges.

Updated Privacy Policy

Okta has updated its Privacy Policy. See https://okta.com/privacy-policy/ to review the latest version.

Condition update for MFA Enrollment policy rules

The name of the setting for the Any Application condition has been updated to specify app support for MFA Enrollment. For more information, see App Condition for MFA Enrollment Policy.

UI enhancements for profile and attribute selection

The appearance of profile and attribute selection elements is updated to be more consistent with other Okta select elements.

Toggle on/off the end user onboarding screen

In the Settings > Appearance settings in the Admin Console, admins can control whether or not new end usersEnd users are people in your org without administrative control. They can authenticate into apps from the icons on their My Applications home page, but they are provisioned, deprovisioned, assigned, and managed by admins. see the onboarding screen upon their first sign in to the Okta End User dashboard.

Early Access Features

New Feature

Deactivated admin users

When a user who has an admin role and privileges assigned to them is deactivated, their admin privileges are revoked. The deactivated user is removed from the Administrators page and CSV download list of administrators. For information about Admin roles, see Administrators. This feature is available from our Self Service Feature Manager, for more information, see Manage Early Access and Beta features .

Fixes

General Fixes

OKTA-243820

The word Password was incorrectly translated in Dutch.

OKTA-246764

French translation for the Self-Service Unlock when Account is not Locked email template was not intuitive.

OKTA-253397

Microsoft RDP (MFA) prompts did not display the official Okta logo.

OKTA-257479

After an application was selected from the Okta Safari plugin toolbar menu, the selection window did not close as expected.

OKTA-259962

Searching for an app in App Administration Assignment did not display exact matches.

OKTA-262560

Fido 2.0 (Webauth) set as a secondary factor on Factor Sequencing failed on the user sign-in with the error We found some errors. Please review the form and make corrections.

OKTA-262649

In Okta Device Trust with VMware Workspace ONE implementations, app sign-on policy denied access on Android 10 even if the device was trusted.

OKTA-266237

App Admins who were configured to only see a subset of apps in the catalog were able to see all apps.

OKTA-267712

When creating a SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. integration using the AIW, the instructions contained the outdated acronym OAN instead of the current OIN (Okta Integration Network) acronym.

OKTA-268637

For orgs that had opted into the New Import and ProvisioningProvisioning is the enterprise-wide configuration, deployment, and management of multiple types of IT system resources. Specifically, provisioning provides users access to equipment, software, or services. This involves creating, maintaining and deactivating required business process automation objects and attributes in systems, directories, and applications. Settings Experience for Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. EA feature, placeholder text was displayed instead of the correct text in the warning dialogue when the Profile and Lifecycle Mastering checkbox under Active Directory provisioning settings was checked and the Update Users checkbox was previously enabled.

OKTA-268720

The Settings tab for app provisioning failed to render in Internet Explorer 11.

App Integration Fixes

The following SWA apps were not working correctly and are now fixed

  • Aha (OKTA-266200)

  • American Express Work Reconciliation (OKTA-266198)

  • Apple ID (OKTA-264195)

  • Aveda (OKTA-266196)

  • Blackbaudhost Citrix (OKTA-266199)

  • Bloomfire (OKTA-266193)

  • Brex (OKTA-266241)

  • Cisco WebEx Meeting Center (OKTA-262750)

  • Citrix RightSignature (OKTA-268537)

  • DoorDash (OKTA-268780)

  • Firefox (OKTA-266201)

  • FullContact Developer Portal (OKTA-268538)

  • Google Analytics (OKTA-266914)

  • Impraise (OKTA-268534)

  • MKB Brandstof (OKTA-267534)

  • Nest (OKTA-267942)

  • NewEgg Business (OKTA-268840)

  • OnePath Advisor (OKTA-266925)

  • Principal Financial Personal (OKTA-268782)

  • RescueTime (OKTA-266197)

  • Rhino3d (OKTA-268531)

  • Seek (AU) - Employer (OKTA-266703)

  • Shipwire (OKTA-266919)

  • Site24x7 (OKTA-268622)

  • Vindicia (OKTA-266192)

  • Wombat Security Awareness (OKTA-268532)

The following SAML app was not working correctly and is now fixed

  • Datadog (OKTA-267430)

Applications

Application Updates

  • Zoom provisioning application now supports updating user email addresses.
  • Citrix NetScaler Gateway has changed its name to Citrix Gateway.

New Integrations

New SCIM Integration Application

The following partner-built provisioningThis term is obsolete. See "Okta Verified". integration apps are now Generally Available in the OIN as partner-built:

SAML for the following Okta Verified applications

  • AppOmni (OKTA-266642)

  • Appsian Security Platform for PeopleSoft (Encrypted) (OKTA-265400)

  • Clinical Maestro (OKTA-264130)

  • Cmd (OKTA-266400)

  • Freshworks (OKTA-262038)

  • Grammarly (OKTA-266950)

  • Kisi Physical Security (OKTA-265701)

  • LoanBuddy (OKTA-266952)

  • Mode Analytics (OKTA-260404)

  • Reducer (OKTA-265134)

  • TeamzSkill (OKTA-265665)

SWA for the following Okta Verified application

  • Miniter (OKTA-262048)

Weekly Updates

December 2019

2019.12.0: Monthly Production release began deployment on December 16

* Features may not be available in all Okta Product SKUs.

Generally Available Features

New Features

 

Okta Browser Plugin version 5.35.0 for Safari and Internet Explorer

This version includes the following:

  • Bug fixes for custom URL domain support for the plugin
  • Okta privacy link
  • Back-end enhancements

For version history, see Okta Browser Plugin: Version History.

Okta Confluence Authenticator, version 3.1.2

This release contains a fix for OpenSaml initialization in OSGi environment and an update to OpenSaml library version 3.2.0. For version history, see Okta Confluence Authenticator Version History

Okta SAML Toolkit for Java, version 3.1.2

This release contains a fix for OpenSaml initialization in OSGi environment and an update to OpenSaml library version 3.2.0. For version history, see Okta SAML Toolkit for Java Version History

SAML or SCIM applications created in certain developer cells can now submit to ISV portal

Developers in the OK7 developer cell who create and test SAML or SCIMSystem for Cross-domain Identity Management (SCIM) is an open standard that allows for the automation of user provisioning. It was created in 2011 as it became clear that the technology of the future would be cloud-based. SCIM communicates user identity data between identity providers (such as companies with multiple individual users) and service providers requiring user identity information (such as enterprise SaaS apps). In short, SCIM makes user data more secure and simplifies the user experience by automating the user identity lifecycle management process. applications using the App Wizard can now submit directly to the ISVAn acronym for independent software vendors. Okta partners with various ISVs (usually producing enterprise applications) to integrate on-premises, in the cloud, or native-to-mobile devices with Okta. portal at oinmanager.okta.com.

Increased timeout for Okta Sign In page

The initial timeout duration has been extended on the Okta Sign-In page.

ACS Limit Increased

The maximum number of Assertion Consumer Service (ACS) URLs for a SAML app is increased to 100.

LDAP Password Push

Okta now supports Password Push for LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services.. This allows each user's LDAP password to be synced to their Okta password. Any subsequent password changes users make are pushed to their user profile in LDAP. In addition to simplifying password management for orgs using LDAP, organizations using both Active Directory (AD) and LDAP can now synchronize their user passwords from AD through Okta to LDAP. For details, see the Provisioning section in Install and Configure the Okta Java LDAP Agent.

Suspicious Activity Reporting

End users can now report unrecognized activity to their org admins when they receive an account activity email notification. This feature is now available through the EA feature manager. See Suspicious Activity Reporting.

Group rules triggered by user reactivations

Group rules are now triggered when a user is reactivated. See Group rules for more information.

Multifactor Authentication for admins

MFA for Admins allows Super admins to enable mandatory multifactor authentication for all administrators accessing admin functionality. For details see Authentication.

Beta features available in Feature Manager

You can now enroll your Preview org in Open Betas in the Feature Manager. When you enroll in a Beta feature, you receive an email with further details. For details, see Manage Early Access and Beta features .

SAML Inline Hook

The SAML Inline Hook enables you to customize the authentication flow by allowing you to add attributes or modify existing attributes in outbound SAML assertions. For details, see our SAML Inline Hook page.

Admin Getting Started tasks

The new Admin Getting Started page helps super admins begin configuring their new Okta org.

For more information, see Get Started with Okta.

Token Inline Hook

The Token Inline Hook enables you to integrate your own custom functionality into the process of minting OAuth 2.0 and OpenID Connect tokens. For details, see our Token Inline Hook page.

SCIM Template Apps include ISV portal link

Any apps created from the SCIM app templates display a banner that directs developers to use the ISV portal at oinmanager.okta.com to submit their SCIM app to the OIN.

SAML App Wizard change for software developers

During the creation of a SAML app with the App Wizard, software vendors receive a link to the ISV portal at oinmanager.okta.com to submit their app to the OIN. If the software vendors elect not to submit through the App Wizard, a banner appears on their app configuration page with the link to the ISV portal.

OIN Manager supports multiple application submissions

When submitting a new application integration for review by Okta, the OIN Manager now supports multiple concurrent application submissions:

 

Custom URL domain support for the Okta Browser Plugin

This support enables the Okta Browser Plugin to work on the configured custom URL domain. See Configure custom URL domain.

Improved People page filter and Profile page details

We’ve added more detail to the user state labels on the People page.

And now provide the action required for users in a pending state on the User Profile page.

Generally Available Enhancements

OAuth Consent UX Enhancements

  • The OAuth Consent end-user dialog has been modified to improve the user experience.
  • For OAuth Scopes created for a new Authorization Server, the default values for Display Name and Description are updated to be more informative.

Select group UI enhancement

The appearance of Select Group elements are enhanced throughout the UI to be more visually intuitive and consistent with other Okta select elements:

Application Settings enhancements

  • When you create a new application in the dashboard, it will be created with a default Post Logout Redirect URI (previously this field existed but defaulted to blank).
  • When you create a new application of type Single Page Application (SPA), it will default to using Authorization Code with PKCE instead of defaulting to Implicit Flow.
  • The Post Logout Redirect URI only impacts users using our /logout API call (not using any of our SDKs), and it is a list of possible values just like the (Login) Redirect URI.

Event hooks support for MFA factor events

Event hooks are now enabled for MFA factor life-cycle events such as activating or resetting a factor.

Windows Mobile and Blackberry options removed

The option in the Okta Sign In Widget and in the End User Settings to enroll in Okta Verify or Google Authenticator using Windows Mobile or Blackberry devices is now removed.

Sorting functionality added for inline hooks and event hooks

Admins can now sort inline hooks by Status, Type, or Name, and event hooks by Verification, Status, or Name. For more information, see Inline hooks and Event Hooks.

Authentication Server display name enhancement

The Authorization Server scopeA scope is an indication by the client that it wants to access some resource. display name for new entries is now limited to 40 characters.

Use of admin information

Additional legal text regarding use of admin information is added to Settings > Account >Admin email notifications.

Email notification when org licensing changes

Super admins will now receive an email when their org is converted from a free trial and licensed based on a new active contract.

Addition of status text to status icons

The On-Prem MFA and RSA SecureID Agents status icons relied on color to provide status. Status is now also represented by text for improved accessibility.

Workplace by Facebook domain update

When setting up a Workplace by Facebook app, you now have the option to switch from the default org.facebook.com domain to the org.workplace.com domain.

Device fingerprinting for custom org URLs

Custom org URLs now support device fingerprinting for improved accuracy of new sign-in notifications and new device detection.

New device behavior detection

New device behavior detection is improved to provide better accuracy with new devices.

New warning modal for provisioning to apps

Admins who enable Profile MasterA profile master is an application (usually a directory service such as Active Directory, or human capital management system such as Workday) that acts as a source of truth for user profile attributes. A user can only be mastered by a single application or directory at any one time. For more details, see the Profile Master page. When users are mastered by attribute, we call this attribute-level mastery (ALM). ALM delivers finer grain control over how profiles are mastered by allowing admins to specify different profile masters for individual attributes. Profile mastering only applies to Okta user profiles, not app user profiles. For more details, see Attribute Level Mastering. and Push for the same app are now warned of the potential for overwritten attributes and the risk of lost data. For more information, see Profile mastering.

Early Access Features

This release does not have any Early Access features.

Fixes

General Fixes

OKTA-250443

When using Factor Sequencing, the Custom Password label did not appear in the Password field on the Sign-In page.

OKTA-251904

Okta did not update null/blank profile attributes into RingCentral.

OKTA-256102

Country Code prefix for Kosovo was set to +undefined when enrolling SMS as a factor.

OKTA-259414

In some cases, Reapply mapping was displayed incorrectly when editing app users with an app user property that was sourced from two different groups.

OKTA-260360H

Social Login created a race condition with Self Service Registration.

OKTA-261676

LDAPi searches using a filter containing entryDN=* failed with result code 80.

OKTA-263016

For customers who opted into the New Import and Provisioning Settings Experience for Active Directory Early Access feature, if an admin entered an invalid custom expression into the AD username format field on the AD Settings page, clicking Save caused infinite loading of the page without saving the settings.

OKTA-263017

Customers who opted into the New Import and Provisioning Settings Experience for Active Directory Early Access feature could not see the UI control for previewing the result of the custom expression underneath the AD username format field when custom was chosen in the drop down.

OKTA-263915

Additional customizations applied to the ADFS site were not displayed when users accessed the ADFS second factor challenge page.

OKTA-264334

In some cases, customers importing users from Workday (as a Master) got an undefined error when executing profile matching.

App Integration Fixes

The following SWA app was not working correctly and is now fixed

  • Ingram Micro (OKTA-260621)

Applications

Application Updates

Provisioning support has been removed from the following apps due to low customer usage, lack of standards based integration, and high supportability cost:

  • Veeva
  • Replicon
  • Roambi Business
  • Gooddata
  • Rightscale

New Integrations

New SCIM integration applications

The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:

SAML for the following Okta Verified applications

  • Appsian Security Platform for PeopleSoft (OKTA-258107)

  • Cincopa (OKTA-260900)

  • Cisco Webex (OKTA-263286)

  • Firmex VDR (OKTA-262869)

  • Juro (OKTA-258096)

  • TripActions (OKTA-263057)

  • Wochit Studio (OKTA-263299)

Weekly Updates

November 2019

2019.11.0: Monthly Production release began deployment on November 11

* Features may not be available in all Okta Product SKUs.

Generally Available Features

New Features

Agentless Desktop SSO migration

Customers who enabled Agentless Desktop SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones. using the registry key configuration method must migrate to the KerberosKerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. alias supported configuration. Contact Support to enable ENG_ADSSO_MIGRATION_READINESS_CHECK which allows you to check your readiness prior to migrating.

For a list of complete migration steps refer to Migrate your Agentless Desktop Single Sign-on configuration.

New System Log events for Okta user groups

System Log events have been added to indicate when Okta user groups are successfully created or deleted.

Sign-in widget for end-user factor enrollment

The sign-in widget is now displayed if an end user enrolls in a factor manually or resets a factor from the End User Dashboard settings. This feature is being released to Production orgs gradually over the month of November.

Minor visual changes to the Feature Manager

The Feature Manager user interface has been updated with minor changes including:

  • The Early Access auto-enroll option is now at the bottom of the Early Access section.
  • When a feature is auto-enabled in EA, the date of enrollment is listed beside the toggle switch.

Agentless Desktop SSO

Agentless desktop SSO and Silent Activation now support Kerberos alias authentication for customers implementing these features for the first time. See Configure Agentless Desktop Single Sign-on - new implementations and Office 365 Silent Activation: New Implementations. This feature is Generally Available in Production for new orgs only.

Automations

Automations enable you to quickly prepare and respond to situations that occur during the lifecycle of end users who are assigned to an Okta group. You can set up two types of Automations and perform actions such as changing user lifecycle states and notifying users:

  • Recurring Automations to check for conditions such as user inactivity and password expiration
  • One-time Automations to bulk suspend and notify users belonging to a particular group irrespective of their activity

For more information, see Automations .

Required update for Microsoft Dynamics CRM, admin consent needed

We have updated the landing URL for the Microsoft Dynamics 365 app to use OAuth and to be accessible globally. The updated app resolves the issue where end-users outside the USA could not access Dynamics 365 and were redirected to an error page.

You need to provide or renew Admin consent within the Okta Office 365 app instance to continue using Dynamics 365 app in your Okta org.

See Provide Microsoft admin consent for Okta.

Security Behavior Detection

To provide additional security without overburdening your end users, you can configure a Sign On policy for your organization to require additional authentication for behaviors defined as higher risk based on variance from individual users' prior sign ins. Admins can configure the system so that individual end users are only prompted for an additional MFA factor when there is a change in behavior that the admin defines. For more information, see Security Behavior Detection.

Generally Available Enhancements

Admin roles for groups

Admin roles can now only be granted to groups with less than 5000 members.

For more information, see Assign admin privileges.

Admin settings for end-user suspicious activity reporting

In account settings, admins now have the option to exclude themselves or other admins from receiving user-reported notifications about suspicious account activity.

For more information, see Suspicious Activity Reporting.

WebAuthn UI enhancement

The description and icon for the WebAuthn factor have been updated both in the Admin Console and Sign-in Widget.

For more information, see Web Authentication (FIDO2) .

Early Access Features

New Features

Workday Field Overrides

As part of our new Workday connector, Field Overrides are an alternate way to pull custom attribute information from Workday that replaces the existing custom report facility.

For more information, see Workday Field Overrides.

OAuth for Okta

With OAuth for Okta, you are able to interact with Okta APIs using scoped OAuth 2.0 access tokens. Each access token enables the bearer to perform specific actions on specific Okta endpoints, with that ability controlled by scopes that the access token contains.

For more information, see OAuth for Okta guide.

Okta RADIUS Service Agent Update, version 2.9.5

The Okta RADIUS Server Agent version 2.9.5 is updated to run under the LocalService account, which has lower privileges than LocalSystem. The service has also been configured with a write-restricted token to further restrict access.

For more information, see Okta RADIUS Server Agent Version History.

Okta MFA Credential Provider for Windows, version 1.2.2

The Okta MFA Credential Provider version 1.2.2 includes bug fixes and adds self-service password reset.

For more information, see Okta MFA Credential Provider for Windows Version History .

Admin settings for selecting identity providers

Admins now have the option to configure a sign-on policy based on a specific identity provider.

For more information, see Adding Rules in Security Policies.

Disable Import Groups per app

Admins have the option to choose whether groups are included in imports from apps. This new option is available when setting up provisioning for an app.

This feature should be used with care as disabling group imports will have the result of deleting all groups from the app you are configuring. As such, we provide a warning prior to disabling group imports:

Note that you will be unable to disable group imports for an app if the following conditions exist:

  • App Assignments based on Group exist
  • Group policy rules exist
  • Group Push mappings exist

In these cases, an error is displayed.

Fixes

General Fixes

OKTA-212852

Group rules were not applied to reactivated users.

OKTA-221328

With Routing Rules enabled, users saw the message This is the first time you are connecting to [an application] from this browser even though they had logged in before.

OKTA-240039

With Routing Rules enabled, users saw the message This is the first time you are connecting to [an application] from this browser even though they had logged in before.

OKTA-241929

Custom TOTP factors were not supported as part of the authentication flow in Factor Sequencing.

OKTA-249465

On some web browsers, switching between Okta Verify and WebAuthn caused an error.

OKTA-254641

Changes to Max Import Unassignment settings were not logged in the System Log.

OKTA-254723

WebAuthn factor types were incorrectly named as Windows Hello in the MFA Usage Report.

OKTA-255688

The Reset via Email button on a custom sign-in page was visible and active even when that option was disabled for custom URL domains.

OKTA-257032

The Agentless Desktop SSO flow failed to authenticate users accessing custom-domain URLs.

OKTA-257269

In some cases, end users registering for Okta Verify were enrolled in One-Time Password but not in Push.

OKTA-257277

Some admins with MFA for Admin configured entered an infinite page-loading loop when signing into the Admin Console.

OKTA-257315

The HealthInsight page did not load properly for certain Okta orgs.

App Integration Fixes

The following SWA apps were not working correctly and are now fixed

  • Adobe Stock (OKTA-257769)

  • GoToWebinar (OKTA-255869)

  • Grammarly (OKTA-258776)

  • Instacart (OKTA-258045)

  • Sainsburys Groceries (OKTA-258041)

  • Twenty20 Stock (OKTA-257496)

  • Twilio (OKTA-258047)

Applications

Application Updates

Provisioning support has been removed from the following apps due to low customer usage, lack of standards based integration, and high supportability cost:

  • OutSystems
  • ExactTarget
  • RightnowCX
  • SugarCRM

New Integrations

SAML for the following Okta Verified application

  • GainsightPX (OKTA-253926)

SWA for the following Okta Verified applications

  • Ontario MC EDT (OKTA-244471)

  • ParcelQuest (OKTA-249541)

  • WatchGuard Evidence Library (OKTA-244478)

Weekly Updates