Production

(missing or bad snippet)
(missing or bad snippet)

December 2018

2018.12.0: Monthly Production release began deployment on December 10

* Features may not be available in all Okta Product SKUs.

Content

Generally Available Features

New Features

Push Notifications for the Okta RADIUS Agent

The Okta Radius AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. now includes functionality for end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. to opt in to receive push notifications for MFA when enrolled with Okta Verify. For information on how to enable this setting, see Autopush for RADIUS.

Okta Windows Credential Provider agent, version 1.1.3

This release contains general bug fixes. For version history, see Okta MFA Credential Provider for Windows Version History .

Enforce Device Trust for managed Windows computers

Okta Device Trust for Windows allows you to prevent unmanaged Windows computers from accessing enterprise services through browsers and native applications. For details, see Enforce Device Trust for managed Windows computers.

Profile Editor supports linked objects

You can now add a custom attribute with a linked object data type to the Okta user profile. For details, see Add a linked object to an Okta user profile.

Add Notes to Okta-managed apps

You can now add AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. Notes to communicate with end usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. and other admins about apps. In addition to enhancing app deployment and usage, App Notes can also reduce help desk calls, provide troubleshooting assistance, and increase end-user self service.

App Notes facilitate the following types of communications:

  • Application notes to end users – Allows admins to present helpful information to end users, such as why they've been assigned the app, whom to contact for help, and links to additional information.

  • Application notes to admins – Allows admins to share administrative details about apps with other Super, App, Read-only, and Mobile admins.

For more information, see Add notes to an app.

Super admins can choose default email notifications for admins

Super admins have the ability to select which email notifications a specific type of adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. receives by default. This allows you to manage the amount of email traffic the different admin roles receive. The new defaults will override existing admin email notifications default settings (see Email Notifications for default settings). This will exclude most admins from receiving most email notifications. For details, see Set default email notifications.

Generally Available Enhancements

Admin Console update

We have updated the release number displayed in the Admin Console to the YYYY.MM.U format that we are officially adopting with the December Monthly Release. For more information, see Release Notes.

Okta User Communication improvement

We have improved the Okta User Communication message in Settings > Customization to clarify the scopeA scope is an indication by the client that it wants to access some resource. of end user communication.

Group Push enhancements

Group Push now supports the ability to link to existing groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. in the following application integrations:

  • Smartsheet
  • Facebook at Work
  • Org2Org
  • Adobe CQ
  • JIRA, JIRA On-Prem
  • DocuSign

You can centrally manage these apps in Okta. For details, see Enhanced Group Push.

People page performance improvements

The A-to-Z links on the People page have been deprecated as part of efforts to improve the performance and responsiveness of the page in the Admin UI for large orgs. Screenshots:

Before:

After:

Reports enhancement

When generating reports, the earliest start date you can select is now 13 months prior to the current date. For more information about Reports, see Reports.

Early Access Features

New Features

Support for Salesforce Government Cloud

You can create instances of the Salesforce app that can integrate with Salesforce Government Cloud. For more details, see the Salesforce Provisioning Guide.

Okta Active Directory agent, version 3.5.5

This release includes:

  • A bug fix for errors when importing a group with more than 1,500 users.
  • Internal bug fixes

For version history details, see Okta Active Directory agent version history.

PIV Card authentication option added to identifier first Sign In page

A PIV Card authentication option is now provided on the identifier firstInstead of presenting both a Username and a Password field, "identifier first" sign in pages present only a Username field. As used in Okta IdP Routing Rule scenarios, "identifier first" sign in pages submit usernames to Okta for determining which IdP should be used to authenticate an end user. Sign In page when you configure a Smart Card Identity Provider and a corresponding IdPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta. Routing Rule in the Okta Admin console. For more about Okta's support for PIV card authentication, see Add a Smart Card/PIV Card.

IdP Routing Rules shows inactive IdPs

To make it easier to distinguish between active and inactive IdPs (Identity Providers) in IdP Routing Rules, inactive IdPs are now indicated as such in the IdP Routing Rules list. For more about IdP Routing Rules, see Identity Provider Discovery.

Early Access Enhancements

ASN Support for Dynamic Zones

Admins can now enter ASNs (Autonomous System Numbers) when creating or editing a dynamic zone. For more information about using ASNs, see Dynamic Zones.

FIPS-mode encryption enhancement

We have updated the Okta Verify configuration UI label for the FIPS-Mode encryption setting. For more information, see Enabling FIPS-mode encryption.

Fixes

General Fixes

OKTA-185031

Recreating group push mappings for previously existing groups would cause group memberships to not be mastered by Okta.

OKTA-187881

An LDAP directory could not be assigned to an Okta group when Sync password was enabled and Create users was disabled.

OKTA-193192

Some end users were still prompted to authenticate with MFA despite successful enrollment with Okta Verify or Duo within the same session.

OKTA-194472

The API Access Management Admin role was not returned for the user when performing a GET on api/v1/users/${userId}/roles endpoint. 

OKTA-195092

When using browsers other than Internet Explorer, Agentless Desktop SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones. was performing two authentication requests for each user, increasing the authentication time.

OKTA-196220

Push Groups functionality only worked for admins with Super Admin rights.

OKTA-197099

Provisioning operations for the Coupa app failed.

OKTA-197991

The MFA Usage Report listed Okta Verify with Push as an enrolled factor even if the factor was reset by an end user from their dashboard making it no longer enrolled. 

OKTA-198258

There was a minor grammatical error in the app approval admin notification message.

OKTA-198556

IdP Discovery rule with a Sharepoint On-Premise specific app instance condition was not routing properly on SPAn acronym for service provider. Generally, an SP is a company, usually providing organizations with communications, storage, processing, and a host of other services. Within Okta, it is any website that accepts SAML responses as a way of signing in users, and has the ability to redirect a user to an IdP (e.g., Okta) to begin the authentication process.-initiated login flows.

OKTA-198797

After creating an ASN dynamic zone via the API, then viewing via the UI, the default proxy type was Unchecked instead of Any proxy

OKTA-201054H

SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP. IdP flow broke down with a 404 error if the ACS URLACS Endpoint – Assertion Consumer Service URL – often referred to simply as the SP login URL. This is the endpoint provided by the SP where SAML responses are posted. The SP needs to provide this information to the IDP was in {{orgThe Okta container that represents a real-world organization.}}/auth/saml20/{{IdP name}} format.

App Integration Fixes

The following SWA apps were not working correctly and are now fixed

  • Alibaba Cloud (Aliyun) (OKTA-198076)
  • Anaplan (OKTA-198239)
  • Apple Business Manager (OKTA-198241)
  • Dell Boomi (OKTA-198237)
  • Egencia UK (OKTA-198487)
  • Linux Academy (OKTA-198691)
  • PacificSource InTouch (OKTA-197597)
  • Perfode (OKTA-198238)
  • Rival IQ (OKTA-190557)
  • Salesforce: Marketing Cloud (OKTA-197948)
  • Web Manuals (OKTA-199509)

Applications

Application Updates

The following partner-builtPartner-Built Provisioning: The Provisioning features of some OIN apps are built by a third-party, typically the vendor of the app product or service. These features are Okta Verified through a rigorous Okta review process. Partners-Built EA: Partner-Built EA application features have been verified and tested by Okta but may not have been deployed or used by a customer in an Okta production environment. We recommend that you fully test these integrations for your own provisioning use-cases before deploying in production for your end users. Okta Verified: A Partner-built EA application becomes Okta Verified after a customer has verified the integration in production. provisioning integration app is now Generally Available in the OINAn acronym for the Okta Integration Network. The OIN is comprised of thousands of public, pre-integrated business and consumer applications. As an on-demand service, OIN integrations are continuously validated, always up to date, and constantly growing both in number and capability. Okta performs a single integration with an ISV or SP, providing thousands of end users with point-and-click customization for their orgs. as partner-built:

New Integrations

New SCIM Integration Application

The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:

SAML for the following Okta Verified applications

  • Abstract (OKTA-192587)
  • BambooHR (OKTA-199943)
  • CloudBees (OKTA-191171)
  • SAP Concur Solutions (OKTA-198484)
  • Workable (OKTA-198491)

SWA for the following Okta Verified applications

  • Acronis Cloud (OKTA-189384)
  • Ameriflex Wealth Care Portal (OKTA-197201)
  • Autodesk BIM 360 (OKTA-194354)
  • buildpulse (OKTA-196661)
  • Business Insider PRIME (OKTA-196625)
  • Drift (OKTA-192116)
  • Forum: Business Online Banking (OKTA-195330)
  • HigherGear - (OKTA-196158)
  • HomeDepot Vendor Portal (OKTA-190428)
  • HP DaaS (OKTA-196207)
  • Insperity Premier (OKTA-191066)
  • Kayak (OKTA-74699)
  • TrendKite (OKTA-197199)
  • WealthEngine (OKTA-198240)
  • Zywave Home (OKTA-193830)

Content

2018 Production Releases

 

Closed2018.47 and 2018.48 Production release began deployment on December 3
ClosedGroup Push mappings status enhancement

When you delete a group, the Group Push mappings associated with the group are disabled and the mapping status will show as an error. You can then either deactivate or delete the mappings. For information about Group Push, see Using Group Push.

ClosedEnhanced IdP Discovery routing rule warnings

When you create a rule for an active Identity Provider, you can choose whether to activate the rule and apply it immediately, or else create it in an inactive state. Conversely, when you create a rule for an inactive Identity Provider, the rule cannot be activated and is automatically created in an inactive state. ClosedScreenshot:

When you deactivate an Identity Provider with active routing rules, Okta displays a warning that the rules will be deactivated. ClosedScreenshot:

For more information about Identity Providers, see Identity Providers.

ClosedNetwork zone country code for Kosovo

When configuring network zones, admins can now set Kosovo as a country using country code XK in order to ensure that IP addresses from Kosovo are more accurately defined. For more information about network zones, see Networks.

ClosedNew System Log event for invalid app-to-app mappings

If an app-to-app mapping includes an invalid expression, profile sync job creates a new System Log event to capture the failure, skips evaluating the expression, and processes the rest of the mapping. ClosedScreenshot

ClosedBambooHR integration update

The BambooHR integration now supports OpenID Connect (OIDC). For configuration information, see the BambooHR Provisioning Guide.

Closed2018.46 began deployment on November 26
ClosedOkta plugin, version 5.24.1 for Chrome

The Okta browser plugin for Chrome is updated to version 5.24.1. This version includes the following bug fix:

  • App icons did not load in Okta plugin for Google Chrome when the CDN was disabled.

For version history, see Okta Browser Plugin Version History.

Closed2018.45 began deployment on November 12
ClosedOkta plugin, version 5.24.0 for Chrome and Firefox

The Okta browser plugin for Chrome and Firefox browsers is updated to version 5.24.0. This version includes an update to end-user plugin settings (available in Early Access) and back-end product enhancements. For version history, see Okta Browser Plugin Version History.

ClosedNew RingCentral attribute

Job Title has been added to the list of RingCentral custom attributes that can be added via Schema DiscoveryAbility to import additional attributes to Okta. For more information about RingCentral provisioning, see the following provisioning guides:

ClosedCustom Okta attributes supported in the Microsoft SharePoint (On-Premises) app SAML assertion

For SharePoint (On-Premises) app, Expression Language evaluation for Application Attributes now supports sending any OKTA user attributes, including custom OKTA user attributes. For more information, see Adding the SharePoint (On-Premises) App in Okta.

ClosedShared SWA app accounts, password restriction

For SWAAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully. apps with an account sign in option set to Users share a single username and password set by administrator, only Super admins or App admins with permissions for that app can view the password.

ClosedClearing unconfirmed users

During standard imports, users are sometimes mistakenly imported from 3rd-party apps. The Clear Unconfirmed Users button allows admins to clear all unconfirmed users within an import queue. For more details, see Importing People.

Closed2018.44 began deployment on November 5
ClosedReport data start date

When generating reports, the earliest start date you can select is now 13 months prior to the current date. For details about Okta reports, see Reports.

ClosedNew Microsoft Office 365 chiclet

Okta has made a new chiclet, Microsoft Power BI, available for the Microsoft Office 365 app. You can enable it on the General tab of your org's Microsoft Office 365 app instance. For details, see Enable a Microsoft Office 365 Chiclet.

ClosedExtended Client Access policy capability for apps

When creating App Sign-On Policy rules to manage access to apps, you can now specify additional granularity for platform types. Office 365 ClientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. Access policies will continue to provide additional granularity for clients (that is, Web vs EAS).

For details, see Add Sign-On policies for applications and Office 365 Client Access Policies.

Closed2018.42 began deployment on October 22
ClosedRegion codes for Network Zones

Region codes for China have been updated due to a recent change in the universal ISO standard. To prevent region codes from displaying incorrectly, update your network zone region codes accordingly. For more information, see Network Zones.

ClosedWarning added to unlinking groups UI

Unlinking between an Okta group and the pushed group in downstream applicationIn the context of Okta provisioning, a downstream app is one that is receiving data from Okta. cannot be reversed. A notification has been added to warn the admins that unlinking a group in this way cannot be undone. ClosedScreenshot

Closed2018.41 began deployment on October 15
ClosedUser Locked Out email changes

User Locked Out emails are sent to admins in batches and contain a list of all users who are locked out. The email shows users locked out since the previous email was sent. Previously each admin received one email for each locked out user in real time.

ClosedMultifactor Authentication single page UI

Administration for multifactor authentication is streamlined with a new single page design that improves navigation and usability for enabling and configuring authentication factors. For more information, see Multifactor Authentication. ClosedScreenshot:

ClosedImproved People page filter and Profile page details

We’ve added more detail to the user state labels on the People page. ClosedScreenshot:

And now provide the action required for users in a pending state on the User Profile page. ClosedScreenshot:

ClosedAssign users to multiple groups in one group rule

Users can be assigned to multiple groups in one group rule. It is no longer necessary to set up multiple rules for the same criteria to accommodate different groups. For details, see Using Group Membership Rules.

ClosedConfigure App Approval Workflow

This feature enables an administrator to configure a workflow for a self-service app that requires approval. It enables an end-user to request access to an app and an approver to approve or deny the request. For more information, see Access Request Workflow > Configure the App Approval Workflow.

ClosedPer-App Password Policy

The policy for randomly generated passwords for Password Sync can now be defined by Okta, on a per-app basis.

If Okta’s randomly generated password for Password Sync does not meet the password requirements of a specific app, Okta can, upon request, change that app’s password policy. This functionality is now available for all orgs.

ClosedUser sessions deleted after password reset

Okta now deletes all users' sessions after a successful password reset as part of the forgot password flow.

ClosedAdditional options for activation email lifetime

Admins can configure activation emails with lifetimes of 1, 2, or 4 hours. For more information on the General security options, see General Security. ClosedScreenshot

Closed2018.40 began deployment on October 8

There were no new features in this release. For new apps and bug fixes delivered in this release, select the appropriate tab.

Closed2018.39 began deployment on October 1

There were no new features in this release. For new apps and bug fixes delivered in this release, select the appropriate tab.

Closed2018.38 began deployment on September 24
ClosedAccess to the self-service menu for an org

Only a Super Admin can view the self-service menu (Applications > Self Service) for an organization. In the past, both org admins and super admins could access this menu. There is no change to the options on the menu. For more information on roles and permissions, see Administrators.

Closed2018.37 began deployment on September 17
ClosedUsername passed to target orgs

In an Identity Provider Discovery flow, the username entered as the identifier in the first screen is passed to other Okta orgs. End users do not need to re-enter a username when signing in to any other Okta org to which they are redirected. For more information, see Identity Provider Discovery.

ClosedSupport for Norwegian language as Beta

Support for the Norwegian (Bokmål) language for the end user experience is now available to all customers in Beta format. You can select the default language preference for your entire org, and your end users can select a different language preference for their own experience. For more information, see Configure the Display Language.

Closed2018.36 began deployment on September 10
ClosedAbility to download CSV report containing admin data

Super org admins can now download a CSV file containing a list of all admins and their permissions, using the Download CSV button on the Administrator page. For details, see Administrators. ClosedScreenshot

ClosedSupport for JWTs signed with private keys

Requests to the /token and /authorize endpoints will now accept JWTs signed with a private key. For more information, see the OIDC documentation for the token endpoint and the authorize endpoint.

ClosedAdmin email notifications default to off

These email notification types are off by default for admins in new orgs:

  • User Deprovision
  • App user import status
  • User lockouts

Each admin can individually opt in at Administrator > Settings > Account. Admins in existing orgs will be unaffected. For details, see Account Settings. This feature is available for new orgs only.

ClosedNew device notification email

When enabled, end users will receive a new device notification email when signing in to Okta from a new or unrecognized device. This feature is now generally available to all orgs. For more information about email notifications, refer to the New or Unknown Device Notification Emails section in General Security.

ClosedChanges to where an application username is configured

Okta is consolidating where app usernames are configured. Instead of being able to change the app username in the Profile Editor and the app’s Sign On tab, you will be able to edit the Okta to App username mappings only on the app’s Sign On tab.

Note: The following apps will not be changing their behavior: Active Directory, LDAP and SAML Identify Provider.

ClosedProfile Editor - Before

For the Okta to App flow, you can no longer override username mappings in the Profile Editor.

ClosedProfile Editor - After

Username mappings on the Sign On tab

The userName mapping in the app's Sign On tab will be the source of truth for the Okta to App flow. Updating the userName mapping on Create only or Create and Update will also be controlled from the app's Sign On tab. ClosedScreenshot:

ClosedSend admin emails as BCC

Super Admins and Org Admins can send all admin emails as BCC so that recipients' email addresses are hidden. For more information, see Global notifications options.ClosedScreenshot

ClosedManage the Okta loading animation for custom apps

You can now disable the default Okta loading animation (interstitial page) that appears when users are redirected to custom applications. End users are shown a blank interstitial page, instead. This allows you to present a more branded end-user experience. For more information, see Customizing the Interstitial page>. ClosedScreenshot:

ClosedAccess Request Workflow for App Self-Service

This feature streamlines the App Self-Service UI with the Access Request Workflow UI and allows admins to write a note to the end user about the app instance.  See Access Request Workflow and Self Service Registration for more details.  ClosedScreenshot

ClosedManage Apps at the Instance level

You can now assign Apps to App Admins at the instance level. This allows for more granular access control. For details, see Administrators.

ClosedCustomizable email alert template

We have added a new, customizable email template that alerts your end-users when someone connects to their Okta account from a new device. This feature protects against silent access to an end-user's account. For more about Okta email templates, see Email and SMS Options. This feature is Generally Available for new orgs only.

ClosedU2F Activation and Enrollment

The Multifactor Factor Types UI has been updated to include U2F activation and enrollment for end users. For more information about U2F enrollment, refer to the Factor Types Configuration section in Multifactor Authentication.

Closed2018.35 began deployment on September 4
ClosedUse Adaptive MFA with the VMware Horizon View, Pulse Connect Secure, BeyondTrust PowerBroker Password Safe, and Check Point apps

You can integrate Adaptive MFA with your VMware Horizon View , Pulse Connect Secure, BeyondTrust PowerBroker Password Safe, and Check Point clients. Follow these links for more information and complete setup instructions.

ClosedThe SSR form now supports enum data types

The Self Service Registration (SSR) form now supports enum data types of string, numbers, and integers. For more information, see Okta Self-Service Registration.

Closed2018.34 began deployment on August 27
ClosedDeactivation Emails improvement

Admins now receive an email listing all users deactivated during 30 minute periods instead of individual emails for each deactivation.

ClosedNew Microsoft Office 365 chiclet

Okta has made a new chiclet, Microsoft Forms, available for the Microsoft Office 365 app. You can enable it on the General tab of your org's Microsoft Office 365 app instance. For details, see Enable a Microsoft Office 365 Chiclet. ClosedScreenshot

Closed2018.33 began deployment on August 20
ClosedRadius agent, version 2.7.4

This version contains security enhancements. For version history information, see Okta RADIUS Server Agent Version History.

ClosedOkta On-prem MFA agent, version 1.3.8

This version contains security enhancements. For version history information, see Okta On-Prem MFA Agent Version History.

Closed2018.32 began deployment on August 13
ClosedSystem Log enhancement

The System Log now reports when requests are denied due to a blacklisted network zone. ClosedScreenshot:

For more details about the System Log, see Reports.

ClosedMFA System Log events

The Factor Type for MFA events is moved from the Actor's details to the Event's details in the System Log. ClosedScreenshot:

For more details about the System Log, see Reports.

ClosedNine supported languages

Okta has added the following nine supported languages for Email and SMS Customization: Czech, Greek, Hungarian, Indonesian, Malaysian, Polish, Romanian, Turkish, and Ukrainian. For more information, see Add Custom Email Templates for Multiple Languages.

ClosedBambooHR integration enhancement

BambooHR now retrieves additional attributes such as department and division for pre-start users.

For more information about BambooHR provisioning, see the BambooHR Provisioning Guide.

ClosedNew device notification emails

An enhancement to the device fingerprint feature has been made so that end users may receive a new device notification email when signing in via an embedded browser. Sign in via embedded browsers can take place in applications such as Microsoft Outlook on Mac OS or Windows and mobile apps. For more information about email notifications see New or Unknown Device Notification Emails.

ClosedAttribute mapping overrides

Admins can now recover the default values of mappings that had been overridden during individual app assignments. This feature also clearly displays default EL expressions, and simplifies overrides with Override and Reset buttons. For more information, see Attribute Mapping Overrides.

ClosedGoogle custom schemas

When enabled, Okta imports Google custom schemas which you can then map as additional custom properties. Note: In order to have permission to pull custom schema information from Google, Okta requires an additional OAuth scope. This requires you to reauthenticate your app instance in order use this functionality.

For more information about Google schema discovery, see the G Suite Provisioning Guide.

ClosedAdd custom attribute: enumerated list

When you create a custom attribute, you can enter a list of enum values. For example, you can create a Shirt size attribute with a list of values including: small, medium, large. For details, see Create Custom Attributes.

ClosedSupport for Salesforce Community and Portal

This feature allows you to create instances of the Salesforce.com app that can integrate with either a Salesforce Customer Portal or a Salesforce Customer Community. For more details, see the Salesforce Provisioning Guide.

ClosedCustom email domain

You can configure a custom domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). so that email Okta sends to your end users appears to come from an address that you specify instead of the default Okta sender noreply@okta.com. This allows you to present a more branded experience to your end users. For details, see Configure a Custom Email Domain. ClosedScreenshot

User-added image

ClosedOkta Mobile Fingerprint/Touch ID and Face ID authentication

Okta Mobile supports fingerprint authentication on Android devices and Touch ID/Face ID authentication on iOS devices. For details, see Lock/Unlock the Okta Mobile App. ClosedExample Screenshot:

ClosedVoice Call as a Factor

Voice Call Factor authentication is now available as an MFA factor. With this feature enabled, end users will receive a phone call that audibly provides a 5 digit verification code to be entered upon login. This factor can be enabled either on its own or with other factors enabled. For more information about voice call as a factor, see Multifactor Authentication. ClosedScreenshot:

ClosedUser interface updates to Group member page

The Group member page (Directory > Groups) has the following enhancements:

  • The Manage People button is now the Add Members button.
  • The Search bar is relocated to the right side of the screen.
  • The managed column is now the Added By column to indicate who added the new group member.

Additionally, when searching for a user name, if the number of search results exceeds the page limit, you are prompted to refine your search.

ClosedBefore:

ClosedAfter:

ClosedEA Feature Manager

Super Admins have the ability to enable select Early Access (EA) features to which their organization is entitled. There is no need to contact Support to request access to these new features. EA features that require additional configuration will still require assistance from Support to be enabled. For details, see Manage Early Access features.

You can also track availability of EA features on the Product Roadmap available in the Okta Help Center.

Closed2018.30 and 2018.31 began deployment on August 6
ClosedApplication Usage report enhancement

In addition to filtering by application, Okta's Application Usage report has an option to include report data from All applications. If you select this option, the data is only available to download as a CSV file (in unaggregated format).

For more details, see Reports. ClosedScreenshot

ClosedGroup Push enhancements

Group Push now supports the ability to link to existing groups in Zendesk. You can centrally manage these apps in Okta. While this option is currently only available for certain apps, Okta will periodically add this functionality to more and more provisioning-enabled apps. This feature is now GA. For details, see Using Group Push.

ClosedSystem Log enhancement

The System Log now reports when a user has been imported, updated, and deleted through real time sync. ClosedScreenshot

ClosedThe OIN Manager

The OIN Manager is an Okta portal through which independent software vendor (ISVAn acronym for independent software vendors. Okta partners with various ISVs (usually producing enterprise applications) to integrate on-premises, in the cloud, or native-to-mobile devices with Okta.) partners can submit SSO and provisioning apps to Okta. Once approved, these integrations are included into the Okta Integration Network (OIN).

Closed2018.29 began deployment on July 23
ClosedAdaptive MFA available for Sophos VPN

You can integrate Adaptive MFA with your Sophos VPN clients. For more information, see Configure Sophos UTM to Interoperate with Okta via RADIUS.

ClosedGroup membership rules limit increase

We have increased the default number of group membership rules allowed per org from 100 to 2000. For details about Group rules, see About Groups.

ClosedIP whitelist download file available

If your server policy is set up to deny access to external IP addresses and websites, you must configure a whitelist to enable access as required. The IP whitelist information can be obtained programmatically and can be downloaded in JSON format here: IP whitelist file. To view the current IP ranges, download the .json file. To maintain a history, save successive versions of the file. For more information about Okta IP whitelisting, see Configuring Firewall Whitelisting.

ClosedReports update

Okta continues to optimize performance in generating reports with a focus on data reliability, quality and self service of report data delivery. To achieve this, certain reports are now delivered asynchronously as a CSV download. For more information about reports, see Reports. ClosedScreenshot:

ClosedActive Directory agent, version 3.4.13

This release includes the following changes:

  • The installer will not continue if it cannot use a TLS 1.2 connection to connect to the Okta service. For Windows 2008 R2 TLS 1.2 is disabled by default and needs to be enabled through the registry. For details, see TLS 1.2 registry edits.
  • Increased the minimum .NET version supported to 4.5.2. If the installer does not detect .NET 4.5.2 or higher, it will be installed.

For version history, see Active Directory Agent Version History.

Closed2018.28 began deployment on July 16
ClosedU2F as MFA Factor

U2F is available as an MFA factor. See Factor Types for more information about different MFA types, including U2F. ClosedScreenshot:

ClosedOkta plugin, version 5.19.0 for all supported browsers

The Okta browser plugin for the Chrome, Firefox, Internet Explorer, and Safari browsers was updated to version 5.19.0 in release 2018.24. This version provides support for the Okta Account Chooser. For version history, see Browser Plugin Version History.

ClosedSystem Log enhancement

The Okta System Log and Events APIs filter out any password information that customers might have included in query parameters. This filter is part of our on-going optimizations to scrub sensitive data from logs. Okta always recommends that customers use POST requests, and never use sensitive data in HTTP GET parameters. ClosedScreenshot:

Closed2018.26 and 2018.27 began deployment on July 9
ClosedMultiple attribute support

Setting multiple enum value attributes on the end user Profile Settings page is now supported. ClosedScreenshot:

ClosedRevised schema for Saleforce

New Salesforce app instances now come with a reduced set of base attributes:

  • username
  • firstName
  • lastName
  • email
  • profile

Attributes that used to be in the base schema are moved to custom:

  • title
  • communityNickname
  • mobilePhone
  • phone
  • street
  • city
  • state
  • postalCode
  • employeeNumber
  • companyName
  • division
  • department
  • managerId
  • role
  • salesforceGroups
  • featureLicenses
  • publicGroups

This change allows admins more fine-grained control over which attributes Okta will sync in the downstream SFDC instance.

For information about Salesforce provisioning, see Okta's Salesforce Provisioning Guide.

ClosedCustom expression support for Confluence attribute mapping

Okta supports custom expressions when mapping attributes from Okta to Confluence. For more information about Confluence provisioning, see the Confluence Provisioning Guide.

ClosedScreenshot:

ClosedGoogle schema discovery enhancement
  • Support for custom properties to push and import to/from Google.
  • Support for multi-value fields (arrays) for Google Schema Discovery.

For more information about Google schema discovery, see the G Suite Provisioning Guide.

Note: Boolean properties for multi-value fields are not supported by Okta Universal Directory. They are ignored during schema import and are not visible in the Profile Editor.

ClosedScreenshot:

ClosedMFA Factors - new confirmation dialog

A confirmation notification is now displayed after resetting or enrolling in a factor. ClosedScreenshot:

ClosedUse Adaptive MFA on an F5 BigIP APM

You can integrate Adaptive MFA with your F5 BigIP APM Edge clients. For complete installation and usage information, see Configure the F5 BigIP APM to Interoperate with Okta via RADIUS.

ClosedImproved messaging for authorization server changes

New message notifications appear when an Authorization Server is activated, deactivated, or deleted. ClosedScreenshot:

ClosedEmail address used in Request Access to Apps option no longer editable

To address a security vulnerability, end users' primary email address is now populated automatically in the Request Access to Apps dialog box and the Your email field is no longer editable. The dialog box displays when end users click Request an app in the footer of their Okta org. ClosedScreenshot:

Closed2018.25 began deployment on June 25
ClosedAll admins unsubscribed from Trust incidents and updates email

All admins are being unsubscribed from receiving email notifications for Known Issues and System Outages which is now renamed to Trust incidents and updates. To receive these notifications, go to Settings > Account > Email Notifications. For details, see Email Notifications.

ClosedAdmin Email Notifications name change

In Settings > Account, under Email Notifications, the Known Issues and System Outages option is renamed to Trust incidents and updates. All new Super admins will be subscribed by default. For details, see Email Notifications.

ClosedAdmin Email Notifications for deactivated users

Some admins can select whether they want to receive emails when a user is deactivated. The admin roles that have this option are: Super Admin, Org Admin, App Admin and Mobile Admin. For details, see Email Notifications.

ClosedSystem Log enhancement

The following events are added to System Log:

  • The feature for supporting multiple network zones is disabled for an org (IWA SSO only). ClosedScreenshot:

  • When synchronizing users with a directory, users will be skipped if they match default filter rules. ClosedScreenshot:

Closed2018.24 began deployment on June 18
ClosedScope Selector enhanced
The scope selector on the Token Preview tab of the Authorization Server page is now searchable by typing a few characters of a scope name. Previously, only up to 20 scopes were displayed.
ClosedDownloads page reorganization

The Okta Downloads page contains a new section, MFA Plugins and Agents that replaces the Okta On-Prem MFA Agents section. ClosedScreenshot

ClosedRemove the restriction on usernames in email address format

By default, Okta requires user names to be formatted as email addresses in Okta Universal Directory. Using the Format Restriction control in the Profile Editor, Administrators can remove the email format constraint from the Username attribute in Okta UD or replace it with a specific set of characters that are allowed. This provides additional control over the format for Okta usernames for all users in an Okta org. For more information see Relax email format requirement for Okta username.

ClosedSwitch between multiple Okta accounts using the Okta browser plugin

End users can now switch between multiple Okta accounts easily through the Okta browser plugin. This feature prompts signed-in end users to trust or reject subsequent Okta accounts the first time they access those accounts allowing them full control to choose seamlessly between accounts. For details, see Switch between multiple Okta accounts using the plugin. ClosedScreenshot

ClosedCRL download enhancements
Added functionality to reduce the frequency with which Certificate Revocation Lists (CRLs) for client supplied certificates are downloaded when using X509 based authentication and to improve the handling of cases where the CRL cannot be downloaded.
ClosedEnd-users can reset the Okta browser plugin

If there's a problem with the Okta browser plugin, an error message with a Refresh Plugin button now displays allowing end users to refresh the plugin cache. For more, see About the Okta Browser Plugin. ClosedScreenshot

Closed2018.23 began deployment on June 11
ClosedImproved organization of Okta email templates

The list of Okta-provided email templates is reorganized by template type. This makes it easier for admins to find and evaluate Okta-provided email templates in Settings > Email & SMS. For more information about Okta email templates, see Email and SMS. ClosedScreenshot:

ClosedUpdated error message

Error message text has been modified when assigning non-email formatted values for username attribute.

ClosedNew System Log event

The System Log contains an entry when a user cannot be unlocked automatically by the nightly batch job due to a read-only event. ClosedScreenshot:

ClosedMultiple network zones

Authentication whitelisting and blacklisting (explicitly permitting or denying access) based on network zones is now Generally Available (GA). Network zones are sets of IP address ranges. You can use this feature in policies, application sign on rules, and VPN notifications. This expands the use of Gateway IP Addresses. This feature is now GA for all orgs. For more information, see Network. ClosedScreenshot

ClosedCustom email templates in multiple languages

Custom email templates allow you to send custom Okta-generated email messages to end users in multiple languages. For details, see Add Custom Email Templates for Multiple Languages. ClosedScreenshot

ClosedRadius Agent, version 2.7.3

This version disables CDN during install and contains bug fixes. For history, see Okta RADIUS Server Agent Version History.

ClosedOn-Prem MFA agent, version 1.3.7

This version disables CDN during install. For history, see On-Prem MFA Agent Version History.

ClosedOkta Verify Auto-Push authentication

Okta Verify Auto-Push makes Multifactor Authentication (MFA) even easier. Now, when end users land on the MFA challenge page (with Okta Verify with Push enabled), the challenge is sent automatically with no need to click Send Push. To set up this feature, end users select Send Push Automatically on the authentication screen. For more information, see Okta Verify with Push Authentication. ClosedScreenshot

ClosedCloud access security broker for SAML apps

Support for a cloud access security broker (CASB) is available for all SAML apps. For more information, see the CASB Configuration Guide.

ClosedDynamic translation for custom email templates

When you customize an Okta-generated email template through the Add Translation dialog box, the text in the body of the template updates automatically into the language you select in the Language list. The Generally Available version of this feature includes updated labels and other minor UI improvements. For more about custom email templates, see Add Custom Email Templates for Multiple Languages. ClosedScreenshot

Closed2018.21 and 2018.22 began deployment on June 5
ClosedLitmos support for SHA2

The Litmos integration is updated to support SHA2 cryptographic hash algorithm which utilizes the new Litmos SAML endpoint splogin. If you are currently using the Litmos SAML integration, Okta highly recommends that you review the steps outlined in the migration section of the Litmos Configuration Guide and switch to SHA2 at your earliest convenience. ClosedScreenshot:

ClosedUse Adaptive MFA on a Fortinet appliance

You can extend Adaptive MFA to your Fortinet appliance. For complete installation and usage information, see Configure the Fortinet Appliance to Interoperate with Okta via RADIUS.

ClosedSystem Log events for new device notification emails

New device notification email events now appear in the System Log. ClosedScreenshot

ClosedU2F-compliant factor enrollment improvements

We've improved the user experience for U2F-compliant factor enrollment by making the following changes:

  • U2F instructions are updated to remove references to specific browsers such as Chrome and Firefox
  • Error messages now include more descriptive text

For more information, see MFA Factor Types. ClosedScreenshot:

Closed2018.20 began deployment on May 29

There were no new Production features in this release.

Closed2018.19 began deployment on May 14
ClosedUpdate (May 23, 2018): Rate Limit Notifications

Added the following enhancements to support Rate Limit notifications:

  • Notification banners within Okta for Super administrators when the Rate Limit warning and violation thresholds have been reached within the last 24 hours. ClosedScreenshot

  • Automatic email notifications to Super administrators when the Rate Limit warning and violation thresholds have been reached within the last 24 hours. ClosedScreenshot

  • An Email Notifications setting available in Settings > Account for the Super administrator to turn the email notification on or off. This setting is turned on by default. ClosedScreenshot

  • Syslog entries that track discrete rate limit events for warnings and violations, and that can be queried independently or jointly. This provides you with a full picture of organizational as well as individual client trends.

    For example, the following query shows both warnings and violations:

    eventType eq "system.org.rate_limit.warning" OR eventType eq "system.org.rate_limit.violation"

    Both the notification banner and the email notification contain a link to the query above. ClosedScreenshot

For more information, refer to Rate Limiting at Okta.

ClosedSimplified Convert Assignments screen

The Convert Assignments screen is populated only when there are assignments to convert. When there are no assignments to convert it presents a message. ClosedScreenshot.

ClosedAgent version and TLS 1.2 compliance status, and other Downloads page enhancements

The Downloads page includes the following changes:

  • The agent status is highlighted at the top of the page, indicating whether or not agents are up-to-date. ClosedScreenshot
  • Agent status information appears after the first agent of that type is configured.
  • For the AD, SSO IWA, On-Prem MFA, Provisioning, and LDAP agents, there is now a status message indicating whether the agent is up-to-date or a new version is available.
  • The Connected Agents table displays the host name, the version of the agent that is currently running, whether the agent is TLS 1.2 compliant. ClosedScreenshots
  • The AD Password Sync and RADIUS agents information includes a link to the System Log to view the agent version, if applicable.
  • The Admin Downloads section moved to the top of the page and similar agents are grouped (for example, all AD agents are together).
  • A link to a CSV file containing this information is added to the right-hand sidebar. ClosedScreenshot
ClosedID tokens enhancement

ID tokens can now be retrieved using a Refresh Token.

Closed2018.18 began deployment on May 7
ClosedIWA Token Processing: Redirect to custom error page now available for all existing orgs

If Okta fails to process an IWA token, you can now redirect end users to a custom error page. This option is useful if you embed Okta into your solution and want to control end-to-end branding to enhance end user experience. For more information, see Login Error Page.

Note: This feature is now Generally Available for all orgs.

ClosedScreenshot

ClosedRADIUS app for RADIUS users
Okta has developed a RADIUS App that allows for access control on multiple RADIUS configurations. This option also provides the ability to create policy and assign RADIUS authentication to groups of users. For details, see Okta RADIUS App
ClosedWorkday integration enhancement

You can deactivate Workday mastered users on their last day worked, even if the period of time between that day and the termination exceeds a specified Pre-Start interval. See the Workday Provisioning Guide for more information.

ClosedWorkday app enhancements

The Workday integration now connects to the latest Human Resources API (v29) and uses the Maintain Contact Information Workday API for email and telephone write back, a more secure web service that some customers prefer. Additionally Okta has improved the pre-start interval functionality by only processing new users being created and ignoring updates within the pre-start interval. There are also some performance enhancements when performing an import from Workday. See the Workday Configuration Guide for details.

This feature is Generally Available for new orgs only.

ClosedConfigure Advanced API Access for Office 365

You can configure Advanced API Access for Office 365 instances by using the admin consent option on the Sign On tab.

Admins needs to leave this checked to complete OAuth authentication flow with O365, which is required for signing into chicletsThe "buttons" that appear on an end user's Home page and represent each application they wish to access through Okta. Clicking the chiclet allows the end user to instantly sign in and authenticate themselves into their chosen app. such as Yammer, Teams, and CRM. For more information, see Admin Consent for Advanced API Access. ClosedScreenshot:

ClosedWorkday integration update

Okta has updated its Workday integration: Workday Real Time Sync (RTS) can now run concurrently with regular imports. Refer to Workday Provisioning Guide to learn more about Workday RTS.

Closed2018.16 and 2018.17 began deployment on May 1
ClosedOrg admin shown as Actor for Device Trust Registration Task revocation

If the org admin revokes the Device Trust certificate through the admin console, the Sys Log for Device Trust Certificate Revocation now identifies the admin. As before, if the certificate is implicitly revoked due to user deactivation, the Actor continues to be shown as Okta System. For details, see Revoke and remove Device Trust certificates. ClosedScreenshot:

ClosedCitrix NetScaler integration

The Citrix NetScaler Gateway now integrates with Okta via RADIUS, in addition to SAML and OAuth. For detailed information, see the Citrix Netscaler Gateway Radius Configuration Guide.

ClosedPassword reset available before activation

Password Reset is available for users who are not yet active. This is to enable users who may have lost their original activation email to request a password reset.

ClosedDouble quotation marks supported in email logins

Email addresses enclosed in double quotation marks are supported for Okta logins.

ClosedImproved page labels

The Account tab on the Customization page is renamed General. For details about options on this tab, see Customization. ClosedScreenshot:

ClosedNew documentation links for Windows Credential Provider and ADFS integration

Direct links to the documentation for the Okta Windows Credential Provider and the Active Directory Federation Services (ADFS) Plugin are available in the sidebar. ClosedScreenshots:

Closed2018.15 began deployment on April 16
ClosedNew AD Password Sync agent, version 1.3.6

This Generally Available agent update contains the following fixes:

  • Locate the correct user when searching for a SamAccountName that is duplicated in a forest
  • Include the User-Agent in the header of the request

For history, see AD Password Sync Agent Version History.

ClosedNew Okta Plugin 5.17.1 for Chrome

This release fixes an issue where the screen appeared blank. For version history see Browser Plugin Version History.

ClosedRetry available for text message for forgotten password

The Forgotten Password Text Message screen offers an option to resend the code to enter for SMS or call again for Voice call. For more information about password reset functionality, see End User Password Reset. ClosedScreenshot:

ClosedPagerDuty uses API v2

The PagerDuty app now implements v2 of the PagerDuty API. PagerDuty API v1 is going to be deprecated on April 24, 2018. The change of API should be transparent to customers. For more information, see https://v2.developer.pagerduty.com/. For more information about PagerDuty provisioning, see the PagerDuty Provisioning Guide.

ClosedNew OPP agent, version 1.2.3

This version provides internal fixes to the installer, including a fix which allows the installer to work behind a firewall.

For history, see On Premises Provisioning Agent and SDK Version History.

Closed2018.14 began deployment on April 9
ClosedOkta email templates have a new look and feel

These newly-designed email templates are applied to standard (uncustomized) email templates, as well as to customized templates that have been Reset to Default. Previously-customized email templates that have not been Reset to Default are unchanged.

ClosedBefore

ClosedAfter

ClosedConfigure the Okta browser plugin to work with a custom end user portal

You can configure the Okta browser plugin to behave on your custom end user portal exactly as it behaves in the Okta end user dashboard. For details, see Configure your custom end user portals to leverage the Okta browser plugin.

ClosedIWA Token Processing: Redirect to custom error page

If Okta fails to process an IWA token, you can now redirect end users to a custom error page. This option is useful if you embed Okta into your solution and want to control end-to-end branding to enhance end user experience. For more information, see Login Error Page.

Note: This feature is Generally Available for new orgs.

ClosedScreenshot

ClosedExempt specified URLs from login form inspection

You can now set the SkipUrls registry key to prevent the Okta Internet Explorer browser plugin from inspecting the pages of specified URLs for the presence of login and change password forms. This allows pages to load faster. For details, see Exempt specified URLs from login form inspection.

ClosedEmpty names replaced with the login name

When both first and last name attributes are empty, the login name is displayed in the following UI pages:

  • User Picker in App Approver picker
  • New Group
  • Convert individual user back to group in app
  • Exclusive user list in group rule
  • App User assignment
  • API token review
  • Yubikey UI
  • Spotlight search

First and last names can be null if they are removed in the Profile Editor or changed with the Users API.

ClosedIWA agent, version 1.11.5

This Generally Available release provides the following:

  • To improve the security of IWA integrations, we now default to the TLS 1.2 security protocol in orgs running .NET Framework 4.5 or later. Orgs running earlier versions of the .NET Framework continue to use TLS 1.0.
  • Fixed an issue that caused an error when accessing the Box desktop app with SSO.
  • Internal fixes to the installer.

For history, see IWA Agent Version History.

ClosedLDAP agent, version 5.4.6

This Generally Available release provides internal fixes to the installer. For history, see LDAP Agent Version History.

ClosedThe Okta plugin has been updated to version 5.17.0 for Chrome and Edge

This release provides performance and security enhancements. For version history, see Browser Plugin Version History.

ClosedContent of new device/browser email notifications improved

Email notifications sent to users after the detection of a new device or browser at login have improved messaging and now specify Unknown browser and Unknown OS instead of just Unknown.

Closed2018.13 began deployment on April 2
ClosedConfigure the Palo Alto Networks VPN to Interoperate with Okta

Okta and Palo Alto Networks interoperate through either RADIUS or SAML 2.0. For each Palo Alto gateway, you can assign one or more authentication providers. Each authentication profile maps to an authentication server, which can be RADIUS, TACAS+, LDAP, etc. Using RADIUS, Okta’s agent translates RADIUS authentication requests from the VPN into Okta API calls. For more information, see Configure the Palo Alto Networks VPN to Interoperate with Okta via RADIUS.

ClosedSystem Log improvement – Client ID tracked

The Client ID field is now populated in the Client Section of the System Log. ClosedScreenshot:

ClosedSystem Log for the Hipchat and Confluence apps

System Log entries are now added for the Hipchat and Confluence apps. For details, see the Hipchat and Confluence sections in Provisioning Integration Error Events.

ClosedMicrosoft Office 365 app, the default for the Admin Consent

When setting up an Microsoft Office 365 app, the checkbox for Admin Consent on SSO tab is now unchecked by default. For more information on Admin Consent, see Admin Consent for Advanced API Access.

ClosedOkta Verify iPad icons updated

Updated app icons for Okta Verify are available for iPad users. ClosedScreenshot:

ClosedOkta ADFS Plugin, version 1.4.0

The Okta ADFS (Active Directory Federaton Services) Plugin version 1.4.0 is available. This version supports load balanced ADFS servers.

Closed2018.12 began deployment on March 26
ClosedImproved App Integration Wizard guidance for group attribute statements

The Learn More link in the Attributes Statements (optional) section of the SAML Settings page points to improved information. ClosedScreenshot:

ClosedSupport for AD Agent Installer proxy credentials

In environments where internet traffic is required to go through a proxy, the sign-in flow for the AD agent installer uses the proxy settings specified within the installer. If no proxy settings are specified, the machine defaults are used. Previously,admins had to open up a hole in their data center firewall during installation.

For more information about the AD agent see Okta Active Directory Agent.

ClosedCornerstone OnDemand Provisioning Guide available

An in-product link to the Provisioning Guide for Cornerstone app is added, replacing in-product help text.

ClosedNew IWA agent, version 1.10.4

This release provides the following:

To improve the security of IWA integrations, we now default to the TLS1.2 security protocol in orgs running .NET Framework 4.5 or later. Orgs running earlier versions of the .NET Framework continue to use TLS1.

For history, see SSO IWA Web App version history.

ClosedNew On-Prem MFA agent, version 1.3.4

This new version supports TLS 1.2.

For history, see On-Prem MFA Agent Version History.

Closed2018.11 began deployment on March 20
ClosedEnhanced Custom Email Templates UI

Labels and messages in the Custom Email Templates feature are updated to improve usability.

ClosedMicrosoft Office 365 admin consent flow improved

The Microsoft Office 365 (O365) admin consent flow is now optional and is selected by default on the Sign On tab for the O365 app. Admins needs to leave this checked to complete OAuth authentication flow with O365, which is required for signing into chiclets such as Yammer, Teams, and CRM. For more information, see Admin Consent for Advanced API Access. ClosedScreenshot:

ClosedImproved scopes descriptions

The default scopes included with OAuth Custom Authorization Servers have improved display names and descriptions.

ClosedRadius Agent version 2.7.1

This new version supports TLS 1.2. For history, see Okta RADIUS Server Agent Version History.

Closed2018.10 began deployment on March 12
ClosedSocial Login usability improvements - scopes picker

When configuring scopes for Identity Providers, whenever a comma, tab, or return is typed, scopes are tokenized. For example, typing "Profile, Email" in the Scopes field in the screenshot below, will result in two scopes, Profile and Email.

For more information, see User Consent for OAuth 2.0 and OpenID Connect Flows.

ClosedScreenshot:

ClosedOkta base attributes First Name, Last Name now optional

Okta has defined 31 default base attributes for all users in an org. These base attributes are generally fixed and cannot be modified or removed. There are now two exceptions: First Name and Last Name. These two attributes can now be marked as required or optional for Okta-mastered users only. For details, see Profile Editor.

ClosedNew parameter for authentication with Okta Verify with Auto-Push

An enhancement was made for our platform customers using the auto-push feature for Okta Verify. As a result, all product users will need to re-affirm their Okta Verify Auto-Push preference (check the Send Push Automatically checkbox) if it was checked previously. Following this, Okta Verify with Auto-Push will behave as it did originally. For more information about this new parameter, see https://developer.okta.com/docs/api/resources/authn.html#request-parameters-for-verify-push-factor.

ClosedThe Okta plugin for the IE browser has been updated to version 5.16.1.

This release provides the following:

  • Improved IE performance when Browser Help Object (BHO) logging is enabled
  • An option to opt out of cert pinning through the registry
  • Iimprovements and bug fixes

For version history, see Browser Plugin Version History.

ClosedSystem Log enhancements
  • System Log events are added for the ExactTarget, GitHub, Google, Gotomeeting, Rightscale, Roambi, Samanage, SendWordNow, ServiceNow2, ServiceNow, Smartsheet, SugarCRM, VeevaVault, WebEx, Yammer, and Zendesk provisioning integrations. Previously, the log events were only available using the Okta API. For details, see Provisioning Integration Error Events.
  • System Log events are added for the Huddle, Jive45, Litmos, Lotus Domino, MoveIt DMZ, Msbpos, NetSuite, Org2Org, PagerDuty, Postini provisioning integrations. For details, see Provisioning Integration Error Events.
ClosedExternal ID for the Zendesk app

We have added new external Id attribute to the Zendesk provisioning app. ClosedScreenshot:

ClosedCustomize email attribute in Netsuite

You can now customize the email SAML attribute for the Netsuite app to map to an email or username attribute.

ClosedCustom user management not supported for RADIUS apps

The Enable on-premises provisioning configuration option is removed from RADIUS apps, as it is not supported.

ClosedConfigure the Cisco ASA VPN to Interoperate with Okta

Okta and Cisco ASA interoperate through either RADIUS or SAML 2.0. For each Cisco ASA appliance, you can configure AAA Server groups which can be RADIUS, TACAS+, LDAP, etc. Using RADIUS, Okta’s agent translates RADIUS authentication requests from the VPN into Okta API calls. For more information, see Configure the Cisco ASA VPN to Interoperate with Okta via RADIUS.

ClosedOkta Sign-in Widget 2.7.0

Version 2.7.0 of the Okta Sign-In Widget is available. New features include :

  • Voice call as an option for Unlock Account
  • Display of multiple MFA responses
  • Display a warning for beta registrations

For more information, see Okta Sign-In Widget.

ClosedThe Okta Integration Network (OIN)

The Okta Application Network (OAN) includes more than 5,000 pre-integrated business and consumer apps. As Okta expands beyond SSO and Provisioning, we are extending the network to include new integration types, and updating the catalog name to the Okta Integration Network (OIN). As part of this rebranding, we have changed the UI and documentation to reflect this change—managing and adding your apps and integrations remain the same.

The OIN now includes the following new integrations in addition to previous SSO and Provisioning options:

  • F5 BIG-IP APM
  • Sumo Logic Okta Activity Log Integration
  • ServiceNow - Okta Orchestration Activity Pack
  • Splunk Add-on for Okta
  • QRadar Device Support Module (DSM)

For details about these new integrations, search and click the Learn More button. ClosedScreenshot:

Note: This feature is now Generally Available for all orgs.

ClosedProfile Master and User Life Cycle Management enhancements

The flow of an end user's identity throughout the different stages of access is known as a user’s lifecycle. This release contains several enhancements to define the options that manage this cycle clearly.

See Profile Mastering and Life Cycle for more details.

Note: This feature is now Generally Available for all orgs.

ClosedAPI Access Management

Secure your APIs with API Access Management, Okta’s implementation of the OAuth 2.0 authorization framework. API Access Management uses the Okta Identity platform to enable powerful control over access to your APIs. API Access Management can be controlled by Okta admins as well as by a rich set of APIs for client, user, and policy management. For details on features available from the Admin console, see API Access Management.

ClosedUse scopes in Rules

We've improved the text and flow of the Add Rules dialog that is part of the Early Access API Management functionality. For details see, Create Rules for Each Access Policy.

ClosedAPI Access Management Admin

The API Access Management Admin role has the following permissions:

  • Create and edit Authorization Servers, Scopes, Claim, and access policies
  • Create and edit OAuth/OIDC Client apps
  • Assign users and groups to OAuth/OIDC client apps
  • View user profiles when assigning users/clients for token preview

For more information, see API Access Management.

ClosedAnimated transition

An animated transition page now appears when users click chiclets to log into apps:

Closed2018.09 began deployment on March 6.
ClosedSocial Login improvements

Integrating Social Login with Okta is improved with redesigned screens, prepopulated IdP username value, and expanded entry options for scopes. ClosedScreenshot:

ClosedSystem Log changes related to Authorization Servers

The following message changes apply to either the Okta Org Authorization Server or a Custom Authorization Server including default (which requires API Access Management), or both, as indicated in each section.

ClosedSimplified Failure Messages from [/authorize]

The existing messages app.oauth2.authorize_failure, app.oauth2.as.authorize_failure and app.oauth2.as.authorize.scope_denied_failure replace these messages:

  • app.oauth2.authorize.access_denied
  • app.oauth2.authorize.invalid_client_id
  • app.oauth2.authorize.invalid_cache_key
  • app.oauth2.authorize.no_existing_session
  • app.oauth2.authorize.login_failed
  • app.oauth2.authorize.mismatched_user_in_cache_and_session
  • app.oauth2.authorize.user_not_assigned
  • app.oauth2.authorize.scope_denied
  • app.oauth2.as.authorize.warn_failure
  • app.oauth2.as.authorize.scope_denied

Details about the nature of the failure are included, so no information has been lost with this simplification.

These System Log changes affect responses from requests that involve either the Okta Org Authorization Server or a Custom Authorization Server including default.

ClosedSimplified Failure Messages from [/token]

Instead of supplying two different messages for token grant failures on /token, the existing message app.oauth2.as.authorize.token.grant_failure replaces these messages:

  • app.oauth2.as.token.grant.warn_failure
  • app.oauth2.as.token.grant.scope_denied_failure

This System Log change affects responses from requests that involve a Custom Authorization Server including default.

ClosedSimplified Success Messages from [/token]

Instead of supplying a different message for ID token and access token generation, there's just one message for each. The ID token or access token minted is included in the message as it was previously.

  1. The existing message app.oauth2.authorize.implicit_success replaces:
    • app.oauth2.authorize.implicit.id_token_success
    • app.oauth2.authorize.implicit.access_token_success
  2. The existing message app.oauth2.as.authorize.implicit_success replaces:
    • app.oauth2.as.authorize.implicit.id_token_success
    • app.oauth2.as.authorize.implicit.access_token_success

The _success messages weren’t being written to the System Log previously, but are now.

These System Log changes affect responses from requests that involve either the Okta Org Authorization Server or a Custom Authorization Server including default.

ClosedSimplified Messages from [/token]

Instead of supplying a different message for ID token and access token generation, there's just one message for each. The ID token or access token minted is included in the message as it was previously.

  1. The existing message app.oauth2.authorize.implicit replaces:
    • app.oauth2.authorize.implicit.id_token
    • app.oauth2.authorize.implicit.access_token
  2. The existing message app.oauth2.as.authorize.implicit replaces:
    • app.oauth2.as.authorize.implicit.id_token
    • app.oauth2.as.authorize.implicit.access_token

These System Log changes affect responses from requests that involve either the Okta Org Authorization Server or a Custom Authorization Server, including default.

ClosedSystem Log for the GoodData app

System Log entries are now added for the GoodData app. For details, see the GoodData section in Provisioning Integration Error Events

ClosedUpdate second email address in Master User Profile

Admins can update the second email address on a master user profile when Attribute Mapping is enabled.

ClosedMultiple MFA requirements display improvements

The Okta Sign On screen display is improved to display all factors when multiple Multifactor Authentication factors are required.

ClosedCSV header size limits increased

The header size limit for CSV imports is increased from 1000 to 50,000 characters.

Closed2018.07 began deployment on February 26
ClosedSystem Log enhancements

The System Log tracks the following items:

ClosedImproved error tracking

Added validation to API token creation when the maximum character length is exceeded

Closed2018.06 began deployment on February 12
ClosedOpenID Connect scopes list available

When creating or updating a rule in the Custom Authorization Server's policy, there is a button to add all default OpenID Connect scopes to the rule condition quickly. ClosedScreenshot:

For more information, see Create Rules for Each Access Policy.

ClosedOAuth 2.0 Client Grant types reorganized

Grant types for OAuth 2.0 clients are reorganized for convenience on the General Settings page for an app and in the app creation screen in the developer console. For information on grant types, see App Wizard - Procedures. ClosedScreenshot:

ClosedUnlock an account by Voice Call

The Okta Sign In page supports unlocking an account with a Voice Call. ClosedScreenshot:

Closed2018.04 and 2018.05 began deployment on February 6
ClosedSystem Log Enhancements

  • The System Log tracks mass password expiry events. ClosedScreenshot:

  • The System Log tracks events when a user account is unlocked by an Admin, when the primary email for an account is updated, and when behaviors are detected.

    ClosedScreenshot:

    ClosedScreenshot:

    ClosedScreenshot:

ClosedPublish metadata for custom scopes

When defining custom scopes for an Authorization Server, you can choose whether the metadata for these scopes is included in the public metadata. For more information, see Create Scopes.

ClosedScreenshot:

ClosedScreenshot:

ClosedAuthorization Server Policy Rule improvements

Information and error messages are improved for the Access Token Lifetime and Refresh Token Lifetime setting in a policy rule. ClosedScreenshot:

ClosedOkta's Privacy Policy update

Okta’s Privacy Policy, available at https://okta.okta.com/privacy/, was updated on January 18, 2018 in order to comply with new, forthcoming requirements promulgated by Google, and to disclose more precisely the manner in which Okta interoperates with Google's G Suite after the OAuth authentication flow is successfully completed by the admin.

Closed2018.03 began deployment on January 22
ClosedPassword Policy Soft Lock

The password policy soft lock feature provides the option to lock Active Directory (AD) mastered users in Okta with password policies. To ensure that users are locked in Okta before they are locked out of their windows accounts, Admins must set a lockout count in Okta that is lower than the lockout count specified in the AD policy.

This feature does not change the current behavior for any organizations. Consequently, when this feature is enabled, the default invalid password lockout count for Active Directory password policies is reset to zero (0). Admins must specify a new lockout count to use this feature which s tracked in the System Log as a policy update event.

Some legacy customers might have non-zero values set in the invalid password lockout count in Okta. When these values are reset to zero with this feature, a System Log event is created to show the old and new values and inform Admins that the lockout is disabled.

For more information, see Group Password Policies.

Import Lockout Status from AD

Lockout status from AD is not imported automatically. To receive these imports, contact Okta Support. Any legacy users who already receive these imports will continue to receive them.

Rollout

This feature is becoming Generally Available and will be enabled in a phased manner across all cells. The feature will be enabled for the majority of customers in Preview and US Cell 1 by January 19th and for the remainder of customers in all other cells by February 2nd.

ClosedImproved workflow for creating OAuth 2.0 services

The button for creating OAuth 2.0 Services (Client Credentials apps) is moved from the applications list into the Add Application Wizard. For more information, see Add OAuth 2.0 Client Application. ClosedScreenshot:

ClosedImproved workflow for OAuth 2.0 token preview

During OAuth Token Preview, selections for response type are not visible when the grant type is not IMPLICIT. For more information on token preview, see Test Your Authorization Server Configuration.

ClosedSpecification for login initiated by available for all grant types

The General tab on the app instance screen for OAuth 2.0 clients now displays the Login initiated by dropdown for all grant types with App Only as the default. ClosedScreenshot:

ClosedSystem Log enhancements

System Log entries were enhanced to include events when users were unassigned from group membership. ClosedScreenshot:

ClosedAdmin Managed tabs improved

Admin Managed tabs are not created if there are no apps to display in the tab. For more information, see Manage dashboard tabs for end users.

Closed2018.01 and 2018.02 began deployment on January 16
ClosedCreate user and expire password

When admins create a new user they can choose whether to have that user create a password on first sign in or create a password for the user which must be changed on their next sign in. For details, see Add People.

ClosedUser and AppUser profile schemas

Added support to allow updates to User and AppUser profile schemas. See App User Schema API documentation for more information.

ClosedNetsuite Custom attribute support

The following User Profile properties have been added to our Netsuite integration:

location, class, notes, salutation, homePhone, officePhone, fax

To use these properties, you can either create a new app instance, or contact Okta Support to manually migrate the User Profile template. For more information about our Netsuite integration, see the Netsuite Provisioning Guide.

ClosedPlaceholder text used in default Sign In page settings

In Settings > Customization, fields in the Sign In page section now contain default placeholder text instead of default editable text. This enhancement makes it easier to distinguish fields that contain Okta's default text from fields that contain custom, admin-provided text. Placeholder text disappears when you enter custom text in the field. For more information, see Customize Sign In Page headings, links, labels, and placeholders.

ClosedAuthorization Server screen enhancements

Explanatory text on the Authorization Server are expanded, and also include a direct link to the Authentication Guide topic on the Developer site.

ClosedImproved error messages

Error messages for permission errors for the password reset dialog are more descriptive and user-friendly.

ClosedSHA-256 Signed Certificates for new SAML 2.0 apps

All new SAML 2.0 apps are bootstrapped with SHA-256 signed public certificates. Existing SAML 2.0 apps are unchanged.

ClosedUltiPro Integration Update

We have added email and phone writeback functionality for UltiPro international employees. For more information about UltiPro provisioning, see UltiPro User Import and Provisioning.

2018 Application Integrations and Updates

Closed2018.48 (combines 2018.47 and 2018.48)
ClosedApplication Update

The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:

ClosedNew Application Integrations
ClosedNew SCIM integration applications

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

ClosedSAML for the following Okta Verified applications

  • Freshdesk (OKTA-191125)

  • Numeracy (OKTA-197992)

  • Retool (OKTA-197113)

  • Saba (OKTA-193973)

ClosedSWA for the following Okta Verified applications

  • CALXA (OKTA-191701)

  • Dashlane Business (OKTA-188394)

  • FannieMae DUS Disclose (OKTA-193513)

  • Hillgate Travel (OKTA-191141)

  • Jack Henry and Associates (IPAY) (OKTA-194266)

  • Moody's (OKTA-193598)

  • MyToll (OKTA-190867)

  • Ncrunch (OKTA-190531)

  • Nmbrs (OKTA-188157)

  • PrintMail (OKTA-194265)

  • Retargeter (OKTA-191730)

Closed2018.46
ClosedApplication Update

We have updated our Zoom integration to support a new attribute, User Type. This allows customers to set the User Type per user being provisioned from Okta to Zoom to be either Basic, Pro, or Corp.

For users who have set up the Zoom integration and enabled Provisioning before November 8, 2018, follow the migration steps detailed in Zoom's Configuring Okta With Zoom if you want to use the new attribute.

ClosedNew Application Integrations
ClosedNew SCIM integration applications

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

ClosedSAML for the following Okta Verified applications

  • Cerner (OKTA-194709)

  • Coralgix (OKTA-195349)

  • Digify (OKTA-193483)

  • eLeaP (OKTA-194168)

  • Mimecast - Admin (OKTA-193270)

  • Mobile Locker (OKTA-194895)

  • SaaSLicense (OKTA-195120)

  • Synthetix (OKTA-189127)

ClosedSWA for the following Okta Verified application

  • Star Station (OKTA-187650)

ClosedMobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Aha! (OKTA-189385)

  • CorpTrav (OKTA-191634)

  • SAP Jam (SuccessFactors) (OKTA-189112)

  • Speco Technologies (OKTA-195019)

Closed2018.45
ClosedNew Application Integrations
ClosedNew SCIM integration applications

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

ClosedSAML for the following Okta Verified applications

  • Abstract (OKTA-192943)

  • Clubhouse (OKTA-194685)

  • ExpenseNet (OKTA-194122)

ClosedSWA for the following Okta Verified application

  • Lead Apparel (OKTA-187687)

Closed2018.44
ClosedNew Application Integrations
ClosedNew SCIM integration applications

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

ClosedSAML for the following Okta Verified applications

  • Aha! (OKTA-193716)

  • Drift (OKTA-193719)

  • Halo Communications (OKTA-192603)

  • Socialbakers (OKTA-193252)

  • UltiPro (OKTA-193804)

ClosedSWA for the following Okta Verified applications

  • Abbvie (OKTA-189416)

  • Air Canada Travel Agency (OKTA-189703)

  • Asteron Life (OKTA-185986)

  • ChathamDirect (OKTA-189336)

  • Cloud Conformity (OKTA-189068)

  • Entoro Investor Login (OKTA-187239)

  • NoMachine: Workbench (OKTA-185837)

  • Plivo (OKTA-187847)

  • Sabre Vacations Travel Agency Login (OKTA-186555)

  • XactAnalysis (OKTA-188418)

Closed2018.42
ClosedApplication Updates
  • The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
ClosedNew Application Integrations
ClosedNew SCIM integration application

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

  • Federated Directory: For configuration information, see Federated Directory's Integrate with Okta.

ClosedSAML for the following Okta Verified applications
  • Pigeonhole Live (OKTA-191208)
  • Slab (OKTA-190334)
  • Sunlight (OKTA-190547)
  • Twic (OKTA-190548)
ClosedSWA for the following Okta Verified applications
  • Amazon IT (OKTA-186022)
  • AudaExpress (OKTA-187178)
  • Citizens Business Bank Online Banking (OKTA-187670)
  • Federal Mogul ePresentment for Corporation Statements & Invoices (OKTA-186329)
  • WooBoard (OKTA-187152)
ClosedMobile application for use with Okta Mobility Management (OMM) (Android and iOS)
  • Corporate Travel Management (OKTA-190328)
Closed2018.41
ClosedApplication Update

The Solarwinds SWA integration application has been enhanced to support custom login URL’s.

ClosedNew Application Integrations
ClosedNew SCIM integration applications

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access

ClosedSAML for the following Okta Verified applications

  • HubSpot (OKTA-190126)

  • Tines (OKTA-190101)

ClosedSWA for the following Okta Verified applications

  • Alamy (OKTA-189545)

  • Citrix Netscaler Gateway (OKTA-185234)

  • HiPay (OKTA-186563)

  • Invisalign (OKTA-186776)

  • LowesLink (OKTA-185180)

  • Meritain (OKTA-186927)

  • Mimecast - Admin (OKTA-185382)

  • Sabre Cruises (OKTA-186554)

Closed2018.40
ClosedApplication Update

The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:

ClosedNew Application Integrations
ClosedNew SCIM integration applications

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

ClosedSAML for the following Okta Verified applications
  • Carbon Black - PSC (OKTA-187929)
  • MyWorkDrive (OKTA-189557)
  • Seed (OKTA-188581)
ClosedSWA for the following Okta Verified applications

  • Air Canada: Corporate Rewards Agent Login (OKTA-185502)

  • CommInsure: Adviser (OKTA-185985)
  • OnePath Advisor (OKTA-185989)
  • Risk Control (OKTA-185533)
  • Scribble Maps (OKTA-185677)
ClosedMobile application for use with Okta Mobility Management (OMM) (Android and iOS)
  • HighGround (OKTA-184805)
Closed2018.39
ClosedNew Application Integrations
ClosedNew SCIM integration application

The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:

ClosedSAML for the following Okta Verified applications

  • Automox (OKTA-189108)

  • Instructure Bridge (OKTA-185486)

ClosedSWA for the following Okta Verified applications

  • ABD Insurance and Financial Services (OKTA-183836)

  • Deluxe-Strategic Sourcing (OKTA-186091)

  • GoCompare (OKTA-185231)

  • Google Discover (OKTA-184419)

  • New Voice Media (OKTA-184604)

  • Nitro Cloud (OKTA-186292)

  • Salesforce (force.com) (OKTA-184354)

  • Zlife (OKTA-185988)

Closed2018.38
ClosedNew Application Integrations
ClosedSAML for the following Okta Verified application

  • Figma (OKTA-186594)

ClosedSWA for the following Okta Verified applications

  • Boardvantage Meetx/Director (OKTA-183845)

  • McMaster-Carr (OKTA-185177)

  • MyWave Connect (OKTA-183859)

  • Orgill (OKTA-185331)

  • RapidAPI (OKTA-185363)

  • Smallpdf (OKTA-184134)

Closed2018.37
ClosedApplication Updates
  • The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
ClosedNew Application Integrations
ClosedNew SCIM integration application

The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:

ClosedSAML for the following Okta Verified applications

  • Avid Secure (OKTA-181718)

  • MyAcademy (OKTA-187155)

  • TopBox (OKTA-179620)

  • Workplace by Facebook (OKTA-185097)

ClosedSAML for the following Community Created application

  • Appsulate (OKTA-187156)

ClosedSWA for the following Okta Verified applications

  • Brandify (OKTA-183379)

  • G Adventures Sherpa Agency (OKTA-183941)

  • GAMMIS (OKTA-182914)

  • IBM Partner World (OKTA-182930)

  • MIBOR (OKTA-187007)

  • TechPortal (OKTA-182900)

  • Zerto: DRaaS Service Portal (OKTA-180711)

Closed2018.36
ClosedApplication Updates
  • The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:
  • 15Five now supports the following Provisioning feature (in addition to the other provisioning features that it already supports):
    • Group Push

    Users who have set-up the 15Five integration and enabled Provisioning before August 27, 2018, must follow the steps detailed in the 15Five Configuration Guide if they want to use the new features.

ClosedNew Application Integrations
ClosedNew SCIM integration application

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

ClosedSAML for the following Okta Verified applications

  • Emburse (OKTA-185748)

  • TestingBot (OKTA-185998)

ClosedSWA for the following Okta Verified applications

  • Akamai Enterprise Application Access (OKTA-180151)

  • Creditntell (OKTA-180856)

  • Essendant Solutions Central (OKTA-181089)

  • Exact Online (OKTA-167861)

  • Pure Storage Partners (OKTA-180445)

  • Wombat Security Awareness (OKTA-182578)

ClosedMobile application for use with Okta Mobility Management (OMM) (Android and iOS)

  • Zendesk (OKTA-181154)

Closed2018.35
ClosedNew Application Integrations
ClosedNew SCIM integration application

The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:

ClosedSAML for the following Okta Verified applications

  • DailyPay (OKTA-184138)

  • Fastly SAML (OKTA-184539)

  • Mimeo (OKTA-184146)

  • ProMaster (by Inlogik) (OKTA-184149)

  • Recruiterbox (OKTA-184536)

  • StatusHub Hub SAML (OKTA-180233)

  • TeamViewer (OKTA-183668)

ClosedSWA for the following Okta Verified applications

  • EveryoneSocial (OKTA-181223)

  • Hermes Investment Management: EOS (OKTA-179402)

  • IRMLS Indiana Regional MLS - Safemls (OKTA-181470)

  • NatureBridge (OKTA-183752)

  • Polygon (OKTA-183237)

Closed2018.34
ClosedNew Application Integrations
ClosedNew SCIM integration application

The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:

ClosedSAML for the following Okta Verified application

  • Content Insights (OKTA-168880)

ClosedSWA for the following Okta Verified applications

  • Adobe Enterprise (OKTA-178641)

  • Amazon Video Partner (OKTA-177266)

  • MassMutual Not-for-Profit Workplace Retirement (OKTA-178022)

  • Nuance (OKTA-180548)

  • Primeiro Pay (OKTA-181176)

Closed2018.33
ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications
  • Dovetale (OKTA-183038)
  • People.ai (OKTA-180849)
  • Workteam (OKTA-182091)
ClosedSAML for the following Community Created application
  • Imprima iRoom (OKTA-181903)
ClosedSWA for the following Okta Verified applications
  • Apple Business Manager (OKTA-179326)
  • Centrelink (OKTA-180192)
  • Decision Lender (OKTA-179129)
  • Emburse (OKTA-183553)
  • Mobile Health Consumer, Inc.(OKTA-180025)
  • MY TELE2 FOR BUSINESS (OKTA-178240)
  • United Intranet (OKTA-179628)
Closed2018.32
ClosedApplication Updates

Fuze now supports the following Provisioning features (in addition to the other Provisioning features that it already supports):

  • Importing Users
  • Profile Mastering

Users who have set up the Fuze integration and enabled Provisioning before August 1, 2018, need to follow the migration steps detailed in the Fuze Configuration Guide if they want to use these new features.

ClosedNew Application Integrations
ClosedNew SCIM

The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:

  • Amazon Chime: For configuration information, see Amazon Chime's Connect to Okta SSO instructions.
ClosedSAML for the following Okta Verified applications
  • 4me (OKTA-180242)
  • SendSafely (OKTA-180234)
ClosedSWA for the following Okta Verified applications
  • AIA (OKTA-179070)
  • AirVantage (OKTA-177125)
  • Clearview (OKTA-179071)
  • Fiscal Unattended Portal (OKTA-178318)
  • Looker (OKTA-174927)
  • LucidPress (OKTA-177037)
  • Thycotic Force (OKTA-181148)
  • Vyond: GoAnimate (OKTA-177036)
ClosedMobile application for use with Okta Mobility Management (OMM) (Android and iOS)
  • LinkedIn Learning (OKTA-177771)
Closed2018.31 (combines app integrations from 2018.30 and 2018.31 releases)
ClosedApplication Updates

Namely now supports the following Provisioning features (this is in addition to the Profile Master feature that it already supports):

  • Create users
  • Update user attributes

For users that have set-up the Namely integration and enabled Provisioning before July 23, 2018, they have to follow the migration steps detailed in the Namely Configuration Guide if they want to use the new features.

ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • Carbonite Endpoint Protection (OKTA-179619)

  • CipherCloud (OKTA-178258)

  • Omnilert (OKTA-178842)

ClosedSWA for the following Okta Verified applications

  • Air Canada Travel Agency (OKTA-176497)

  • Deep Social (OKTA-175548)

  • FastMail (OKTA-173347)

  • FPI Portfolio (OKTA-177374)

  • GTA Travel (OKTA-175171)

  • Health Wise Global (OKTA-175660)

  • IBM Partner World (OKTA-178902)

  • iTunes Podcasts Connect (OKTA-177007)

  • JumpCloud (OKTA-176802)

  • Pinnacle Financial Partners (OKTA-174891)

  • Profitstars (OKTA-179309)

  • Quick Base (OKTA-179540)

  • Revenue NSW (OKTA-179226)

  • SkyKick (OKTA-177199)

  • StiPP (OKTA-177420)

ClosedMobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Dialpad (OKTA-174331)

  • SwiftKey (OKTA-177039)

Closed2018.29
ClosedApplication Updates

The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:

ClosedNew Application Integrations
ClosedNew SCIM

The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:

ClosedSAML for the following Okta Verified applications

  • CloudSaver (OKTA-178376)

  • Fuel Cycle (OKTA-177763)

  • IMIchat (OKTA-172672)

  • Luminate Secure Access Cloud (OKTA-177980)

  • PitchBook (OKTA-178524)

  • Spoke (www.askspoke.com) (OKTA-176635)

  • Ultimo (OKTA-176636)

  • Symsys (OKTA-178538)

ClosedSWA for the following Okta Verified applications

  • FrameIO (OKTA-175531)

  • Grove (OKTA-176622)

  • GTA Travel (OKTA-175171)

  • My NS Business (OKTA-176453)

  • Track My Backflow (OKTA-175785)

  • Wire (OKTA-173345)

ClosedMobile application for use with Okta Mobility Management (OMM) (Android and iOS)

  • Microsoft Dynamics CRM Online (OKTA-175795)

Closed2018.28
ClosedApplication Updates

The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:

ClosedNew Application Integrations
ClosedNew SCIM

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

ClosedSAML for the following Okta Verified applications

  • eFront (OKTA-176299)

  • Federated Directory (OKTA-177196)

  • Process Plan (OKTA-176823)

  • Torii (OKTA-176916)

Closed2018.27 (combines app integrations from 2018.26 and 2018.27 releases)
ClosedApplication Updates

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:

ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • Autotask Endpoint Backup (OKTA-175184)

  • Beneplace G3 (OKTA-173834)

  • Egress (OKTA-174618)

  • Forter (OKTA-174571)

  • getSayDo (OKTA-173822)

  • Mind Tools (OKTA-172557)

  • MockFlow (OKTA-170692)

  • ProsperWorks (OKTA-172832)

  • StatusHub (OKTA-174984)

  • Tiled (OKTA-173560)

ClosedSWA for the following Okta Verified applications

  • BeValuedUk (OKTA-175212)

  • Cylance Partner (OKTA-173385)

  • Explorer for ArcGIS (OKTA-166173)

  • MRI Software (OKTA-177190)

  • Symsys Selmore (OKTA-174360)

  • Telmediq (OKTA-177265)

Closed2018.25
ClosedApplication Updates

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:

We removed support for provisioning for the imeetcentral app.

ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • Nvoicepay (OKTA-172287)

  • Sigma (OKTA-174900)

  • TrackVia (OKTA-171562)

ClosedSWA for the following Okta Verified applications

  • Carrick Capital Partner (OKTA-173141)

  • Cisco (OKTA-173291)

Closed2018.24
ClosedApplication Updates

The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:

We support SHA2 for the following integration:

  • Litmos (OKTA-169369)

ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • AppDynamics v4.5+ (with SAML Encryption) (OKTA-172601)

  • Mambu (OKTA-171083)

ClosedSWA for the following Okta Verified applications

  • Hippo CMMS (OKTA-173145)

  • TruQu (OKTA-172875)

Closed2018.23
ClosedApplication Updates

The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:

ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • Paladin (OKTA-172501)

  • Talkdesk (OKTA-170361)

ClosedSWA for the following Okta Verified applications

  • Cadence (OKTA-172519)

  • Guidewire Community (OKTA-171779)

  • Ipreo (OKTA-170892)

  • Mimecast Secure Messaging (OKTA-166261)

  • Portico Property Management (OKTA-171052)

  • Quadient Cloud (OKTA-166195)

  • SecureWorks (OKTA-172818)

  • WebAdvisor (OKTA-167409)

  • Wells Fargo (Commercial Electronic Office) (OKTA-172565)

ClosedMobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Namely (OKTA-171365)

  • VMware Horizon View VDI (OKTA-171494)

ClosedMobile applications for use with Okta Mobility Management (OMM) (Android

  • Cadence (OKTA-171772)

Closed2018.22
ClosedApplication Updates

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • Built.io Flow (OKTA-170655)

  • Collective Health Employer Portal (OKTA-170658)

  • FOSSA (OKTA-170095)

  • Guru (OKTA-170656)

  • iDeals VDR (OKTA-166918)

  • Korbyt (OKTA-171463)

  • Marvelapp (OKTA-170657)

  • OpenEye Web Services (OKTA-167710)

ClosedSWA for the following Okta Verified applications

  • 1Password Business (OKTA-172516)

  • Amazon DE (OKTA-167431)

  • Benchmarking (OKTA-168838)

  • Dell Boomi (OKTA-171444)

  • DocsCorp Support (OKTA-168878)

  • Granite Group Advisors Education (OKTA-167734)

  • HP Channel Services Network (OKTA-170175)

  • HP Express Decision Portal (OKTA-166576)

  • IBM MaaS360 (OKTA-167146)

  • ITSupport247 (OKTA-167960)

  • Kronos: SaaShr Payroll (OKTA-169641)

  • LA Times (OKTA-166855)

  • Qlikid (OKTA-171593)

  • Rabobank Internetbankieren (OKTA-171384)

  • Rippe and Kingston LMS (OKTA-168601)

  • SAP Fiori Client (OKTA-170853)

  • ShowClix Organizer Login (OKTA-168649)

  • Spot.IM (OKTA-170306)

  • WebEx (Cisco) (OKTA-165568)

  • WorkFusion Forum (OKTA-168914)

  • xpenditure (OKTA-171605)

  • Yodeck (OKTA-170597)

ClosedMobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • G Suite (OKTA-170627)

  • Palo Alto Networks - GlobalProtect (OKTA-170860)

  • Zoho One (OKTA-171114)

ClosedMobile applications for use with Okta Mobility Management (OMM) (Android

  • Confluence On-Premise SAML (OKTA-168082)

Closed2018.20
ClosedApplication Updates

The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:

ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • LaunchDarkly (OKTA-169378)

  • Saleshood (OKTA-169149)

ClosedSWA for the following Okta Verified applications

  • EOLIS (OKTA-166337)

  • HP Partner First Portal (OKTA-166039)

  • HSB Connect (OKTA-167254)

  • Pandora (OKTA-162880)

  • Samsara (OKTA-166084)

Closed2018.19
ClosedApplication Updates

The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:

The following partner-built provisioning integration app is now available in the OIN as partner-built Okta VerifiedEach integration found in the Okta Integration Network is either Okta Verified, Community Created, or Community Verified. Integrations can receive Okta Verification status in one of the following ways: 1) If the integration is Okta-built and is tested and verified by Okta. 2) If the integration is ISV-built (partner-built) and tested by Okta, then verified by a customer in production.:

ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • BeyondTrust (OKTA-166383)

  • Fivetran (OKTA-168577)

  • SmartDraw (OKTA-168214)

ClosedSWA for the following Okta Verified applications

  • Collector (OKTA-168887)

  • Collector for ArcGIS (OKTA-166172)

  • ManageEngine ServiceDesk Plus (OKTA-164522)

  • Onfido (OKTA-168265)

  • Survey123 For ArcGIS (OKTA-166171)

ClosedMobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • G Suite (OKTA-165929)

  • SAP Fiori Client (OKTA-166524)

ClosedMobile application for use with Okta Mobility Management (OMM) (Android)

  • OrgWiki (OKTA-166365)

Closed2018.18
ClosedApplication Updates

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • Amazon Web Services Redshift (OKTA-165274)

  • Duo Admin Panel (encrypted assertions) (OKTA-167692)

  • Enplug (OKTA-166192)

  • Everlaw (OKTA-167870)

  • SecurityCompass (OKTA-164352)

  • Verkada (OKTA-167421)

  • Xton Access Manager (OKTA-167253)

  • Yodeck (OKTA-166898)

ClosedSWA for the following Okta Verified applications

  • Amadeus Selling Platform Connect (OKTA-164289)

  • Amazon JP (OKTA-165793)

  • Braze (OKTA-165681)

  • Cognito Forms (OKTA-165816)

  • Fiserv ServicePoint (OKTA-164827)

  • MasterControl (OKTA-164742)

  • Mercado Pago Chile (OKTA-164690)

  • MileIq (OKTA-166676)

  • Percipio (OKTA-164973)

  • Stampli (OKTA-166043)

  • StormWind Studios (OKTA-163355)

  • The Library (OKTA-165278)

  • Trafalgar (OKTA-164559)

ClosedMobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Condeco Desk Booking v2 (OKTA-165976)

  • InFlight Mobile (OKTA-165974)

  • InVironMobile (OKTA-165975)

  • INX (OKTA-165973)

  • ProsperWorks (OKTA-165092)

Closed2018.17 (combines app integrations from 2018.16 and 2018.17 releases)
ClosedApplication Updates

The following partner-built provisioning integration apps are now available in the OIN as Okta Verified:

ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • Braze (OKTA-164730)

  • EZRentOut (OKTA-165985)

  • Peakon (OKTA-164574)

  • Podbean (OKTA-165001)

  • ReadCube (OKTA-165511)

  • ScreenSteps (OKTA-166666)

  • Shareworks (OKTA-166193)

  • Visual Paradigm Online (OKTA-164575)

  • Ziflow (OKTA-165510)

ClosedSWA for the following Okta Verified applications

  • Columbia Bank: Columbia Connect Login (OKTA-164598)

  • DemandCaster (OKTA-162686)

  • eNett (OKTA-161969)

  • Helpshift (OKTA-164347)

  • Meditta Customer Portal (OKTA-164125)

  • Mood Mix (OKTA-163389)

  • MT Bank: Web InfoPLUS Login (OKTA-163923)

  • Registro.br (OKTA-163594)

  • The Alabama Department of Revenue Motor Vehicle Division (OKTA-164095)

ClosedMobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Dialpad (OKTA-162928)

  • Sequr (OKTA-165140)

Closed2018.15
ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • CGR Foundation (OKTA-163834)

  • SimpleLegal (OKTA-162488)

  • TradeShift (OKTA-163383)

ClosedSAML for the following Community Created application

  • ArcGIS Online (OKTA-163206)

ClosedSWA for the following Okta Verified applications

  • Alacriti: OrbiPay Payments (OKTA-162622)

  • Ascensus (OKTA-158493)

  • Bendigo Bank (OKTA-162125)

  • Boxed (OKTA-161706)

  • Colorado CDOT Maps (OKTA-162497)

  • Join Handshake (OKTA-162160)

  • Okta Ice: Gourmet Ice Cream (OKTA-163277)

Closed2018.14
ClosedApplication Updates

The following partner-built provisioning integration app is now available in the OIN as partner-built Early Access:

ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • Givitas (OKTA-163560)

  • SSOGEN (OKTA-163382)

  • Zoom (OKTA-161971)

ClosedSAML for the following Community Created application

  • Appsulate (OKTA-162836)

ClosedSWA for the following Okta Verified applications

  • Aurilo (OKTA-160566)

  • CBS Helpdesk (OKTA-161425)

  • Creditsafe (OKTA-163255)

  • ESET: License Administrator (OKTA-157798)

  • FamilySearch (OKTA-160772)

  • MYOB Essentials (OKTA-160212)

  • Northpass (OKTA-161830)

  • StatusHub (OKTA-161879)

  • WEXOnline Client Login (OKTA-161332)

ClosedMobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Impraise SAML (OKTA-163703)

  • Nexus Payables (OKTA-162012)

Closed2018.13
ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • IrisPR (OKTA-161401)

  • LCVista (OKTA-161816)

  • LeanKit (OKTA-161594)

  • LeaseEagle (OKTA-161705)

ClosedSWA for the following Okta Verified applications

  • AccessNS (OKTA-161378)

  • AirTriQ (OKTA-159849)

  • Circulation (OKTA-160516)

  • EduServices (OKTA-163277)

  • Fido SSP (OKTA-159156)

  • Go365 (OKTA-160329)

  • Kaseya Virtual System Administrator (OKTA-160565)

  • Kids A-Z Kids Login (OKTA-160556)

  • LumApps (OKTA-160612)

  • Veritas Support (OKTA-160843)

Closed Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • G Suite (OKTA-160751)

Closed Mobile applications for use with Okta Mobility Management (OMM) (Only iOS)

  • VTS (OKTA-161423)

Closed2018.12
ClosedNew Partner-Built Provisioning apps

The following partner-built provisioning integration apps are now available in the OIN as Okta Verified:

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • Duo Admin Panel (OKTA-157272)

  • Supermood (OKTA-161747)

  • T&E Express (OKTA-161402)

  • TalentWall (OKTA-161809)

ClosedSWA for the following Okta Verified applications

  • Allinial Global (OKTA-159690)

  • AnswerForce (OKTA-159091)

  • InstaMed Online for Providers (OKTA-159927)

  • Jive (OKTA-158828)

  • Lucky Mobile OneView (OKTA-159151)

  • OpenX Community (OKTA-159626)

  • Rogers SSP (OKTA-159155)

  • Update OIN App (OKTA-162277)

  • Virgin Mobile OneView (OKTA-159150)

Closed Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Impraise (OKTA-160452)

  • Microsoft Flow (OKTA-158687)

  • Microsoft Planner (OKTA-158691)

  • Microsoft Power BI (OKTA-158690)

  • Microsoft StaffHub (OKTA-158688)

  • Microsoft Sway (OKTA-158686)

  • Microsoft Visio Viewer (OKTA-158846)

  • Names & Faces (OKTA-160449)

  • Office 365 Message Encryption Viewer (OKTA-158847)

  • Office Delve (OKTA-158685)

Closed2018.11
ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • iLobby (OKTA-160231)

  • PROLEAZ (OKTA-159605)

  • Samepage (OKTA-159604)

  • Sonar (OKTA-160236)

ClosedSWA for the following Okta Verified applications

  • InstartLogic (OKTA-159557)

  • iNSYNQ (OKTA-156377)

  • San Diego Tribune (OKTA-158974)

Closed2018.10
ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • Bersin (OKTA-158347)

  • CA Technologies Continuous Delivery Director (OKTA-159230)

  • TeamViewer (OKTA-158486)

ClosedSWA for the following Okta Verified applications

  • Comcast Business (OKTA-158584)

  • First Republic Bank: Corporate Online Sign In (OKTA-158497)

  • First Tennessee Digital Banking (OKTA-157454)

  • Oakland Public Library Catalog (OKTA-158490)

  • Twenty20 Stock (OKTA-158185)

Closed Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Nine (OKTA-158954)

  • Sonos (OKTA-158254)

Closed2018.09 (combines app integrations from 2018.09 and 2018.08 releases)
ClosedApplication Integration Updates
ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • AlertOps (OKTA-158941)

  • Atiim (OKTA-156758)

  • Honey (OKTA-159100)

  • Oktopost (OKTA-158746)

  • PathSavvy (OKTA-159590)

  • Sapling (OKTA-157436)

  • Templafy (OKTA-158476)

  • TextExpander (OKTA-154028)

  • TraceGains (OKTA-157106)

ClosedSWA for the following Okta Verified applications

  • AppNexus: Customer Support Portal (OKTA-158053)

  • Associated Bank (OKTA-157218)

  • Bizequity (OKTA-158244)

  • ECP (OKTA-155556)

  • Guidewire Live (OKTA-157445)

  • Humana Military (OKTA-158412)

  • ISOnet (OKTA-158232)

  • Jetstar AgentHub (OKTA-156973)

  • Parker: PHconnect Login (OKTA-158386)

  • Quay (OKTA-156972)

  • VocabularySpellingCity (OKTA-157236)

Closed Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Microsoft Dynamics CRM Online (OKTA-157274)

  • OpenVPN Connect (OKTA-157442)

  • Pocket (OKTA-157815)

  • Virtru (Google Login) (OKTA-157353)

Closed2018.07
ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • CultureHQ (OKTA-156714)

  • Databook (OKTA-157722)

  • InstaCheckin (OKTA-157452)

  • PlanGrid (OKTA-156180)

ClosedSWA for the following Okta Verified applications

  • Burgiss: Cash Management (OKTA-154713)

  • DataServ (OKTA-157609)

Closed2018.06
ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • R and D Manage (OKTA-156454)

  • Sharpr (OKTA-156588)

  • Stackla (OKTA-156474)

ClosedSWA for the following Okta Verified applications

  • ABN AMRO (OKTA-156308)

  • Everest 7.0 (OKTA-155695)

  • Express VPN: Affiliates (OKTA-156499)

  • Instapage (OKTA-156197)

  • OUI.sncf (OKTA-156191)

  • Phone2Action (OKTA-156595)

  • Sling TV (OKTA-156708)

  • State of Wisconsin DWD: Insurer Reports (OKTA-152447)

  • WordPress.com (OKTA-156182)

Closed2018.05 (combines app integrations from 2018.04 and 2018.05 releases)
ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • Civis Platform (OKTA-155135)

  • ContractWorks (OKTA-153656)

  • Givitas (OKTA-155684)

  • Iggy (OKTA-155258)

  • ITProTV (OKTA-155248)

  • Pritunl (OKTA-154499)

  • PurchaseControl (OKTA-152586)

  • Supermood (OKTA-148675)

  • Wordpress by MiniOrange (OKTA-151125)

ClosedSWA for the following Okta Verified applications

  • BootcampSpot v2 (OKTA-153220)

  • Crimson Hexagon (OKTA-155976)

  • Delivery Slip (OKTA-155537)

  • EverBank (OKTA-152736)

  • Franklin Synergy Bank (OKTA-152727)

  • Haaretz (OKTA-154551)

  • Leaseplan FleetReporting NL (OKTA-152941)

  • LinkPoint Connect Cloud Edition (OKTA-155230)

  • MassBio (OKTA-155241)

  • Milestone XProtect Smart Client (OKTA-153239)

  • Rapt Brand Fonts (OKTA-152869)

  • ReadyRefresh (OKTA-154418)

  • Salesgenie (OKTA-155096)

  • TPG (OKTA-154455)

  • Vertafore Agency Platform (OKTA-153643)

  • XpertHR (OKTA-155946)

  • Zoho Wiki (OKTA-154570)

ClosedMobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Gboard (OKTA-154398)

  • NMBRS (OKTA-154804)

Closed2018.03
ClosedNew Application Integrations
ClosedSAML for the following Okta Verified application

  • Arxspan (OKTA-154479)

ClosedSWA for the following Okta Verified applications

  • Booking (OKTA-153126)

  • FHA Connection (OKTA-153897)

  • United Fire Group (OKTA-151261)

  • Wayfair (OKTA-152399)

ClosedMobile application for use with Okta Mobility Management (OMM) (Android and iOS)

  • Expensewatch (OKTA-154005)

Closed2018.02 (combines app integrations from 2018.01 and 2018.02 releases)
ClosedNew Application Integrations
ClosedSAML for the following Okta Verified applications

  • Plex Apps (OKTA-153104)

  • Spoke (OKTA-153512)

  • Trustwave SWG Cloud (OKTA-153108)

  • Zoho One (OKTA-153517)

ClosedSWA for the following Okta Verified applications

  • Addepar (OKTA-151872)

  • Adobe Stock (OKTA-152449)

  • ANZ Internet Banking Australia (OKTA-152515)

  • Ascensus (OKTA-151756)

  • CAI: Capital (OKTA-152732)

  • Carval: User Portal (OKTA-149880)

  • Health Plans (OKTA-153613)

  • Indiana Association of Realtors (OKTA-152450)

  • Instant Payroll (OKTA-152081)

  • Intuit Developer (OKTA-151109)

  • Kentik (OKTA-152102)

  • MIBOR (OKTA-143980)

  • MyShaw (OKTA-149352)

  • SAFE Credit Union (OKTA-152425)

  • UFG Agent (OKTA-151261)

  • VIA Rail (OKTA-152013)

  • Visionplanner (OKTA-152186)

ClosedMobile application for use with Okta Mobility Management (OMM) (Android)

  • Astea (OKTA-152017)

ClosedMobile applications for use with Okta Mobility Management (OMM) (Android and iOS)

  • Moo.do (OKTA-152690)

  • Square (OKTA-152355)

  • UltiPro (OKTA-151970)

2018 Bug Fixes

Closed2018.48 Bug fixes (combines 2018.47 and 2018.48)
  • OKTA-168628 – Self assignment of a Federation Broker Mode app failed without any error message to the user.
  • OKTA-187446 – The error message when adding an empty dynamic zone contained minor grammatical mistakes.
  • OKTA-188556 – The Android for Work app appeared on Okta end-user dashboard even though the app was configured in the Okta Admin console not to display.
  • OKTA-189358 – Two Authentication of user via MFA and Evaluation of sign-on policy events were generated in the System Log for each user login.
  • OKTA-189803 – When configuring policy assignment for Factor Enrollment, Sign-On, and Password policies, Group searches did not return more than 10 results.
  • OKTA-191151 – Norwegian translations in Okta plugin had minor inconsistencies.
  • OKTA-192504 – AD-mastered users were able to edit the Secondary Email attribute even when it was set to Read-Only.
  • OKTA-193456 – Some Sign-On policies using a behavior rule did not display the correctly used rule in the System Log event.
  • OKTA-193955 – User Profile labels were sometimes displayed in languages other than English when an admin tried to view the profile.
  • OKTA-194153 – The UTF-8 encoding of the SCIM Server URL in the SCIM App Template was not RFC compliant.
  • OKTA-194195 – When all MFA factors in an app Sign-On policy were set to optional, a new user after successfully enrolling in a factor was redirected to the app instead of the enrollment page to enroll in multiple MFA factors.
  • OKTA-195093 –If an app had more than 20 instances that appeared above the option to select All <app name> Instances, it was not possible to select that option.
  • OKTA-195582 – The interstitial page had an invalid HTML.
  • OKTA-195906 – Saving custom email templates for MFA Factor Enrollment and MFA Factor Reset did not display an error when one or more required fields were missing.
  • OKTA-197175 – Self service registration error messages displayed in the sign-in widget were not correctly localized.
  • OKTA-197256 – The French translation of registration.error.minLength was incorrect.
Closed2018.48 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed

  • Amplitude (OKTA-197221)

  • AvaTax Admin Console (OKTA-196830)

  • Benelogic (OKTA-197354)

  • ChannelAdvisor Forum (OKTA-196813)

  • Circulation (OKTA-196990)

  • DNSPod (OKTA-196832)

  • EVA Air (OKTA-197596)

  • Lynda.com (OKTA-196839)

  • National Car Rental (OKTA-73276)

  • Okta Org2Org (OKTA-197198)

  • Salesforce: Marketing Cloud (OKTA-196079)

  • SAM.gov (OKTA-197595)

  • Seek (AU) - Employer (OKTA-196831)

  • Swiftype (OKTA-197936)

  • viewfinity (OKTA-197594)


Closed2018.46 Bug fixes
  • OKTA-187113 – Emails sent to test a custom email template incorrectly used the default template instead.
  • OKTA-188863 – After modifying metadata for a SAML app, URL metadata for the new Identity Provider Certificate in the SAML Setup instructions for the app was not updated.
  • OKTA-190755 – On some Windows machines, attempts to open a document through Microsoft SharePoint failed with the error message: This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.
  • OKTA-191466 – For orgs that had configured and enabled iOS Device Trust, users on Okta Mobile on iOS accessing a SAML application (with ForceAuthn flag enabled ) were not able to complete the flow.
  • OKTA-192955 – In some cases, when the Application Username Format was changed for an app on the Sign On tab, the username did not update accordingly in the app.

  • OKTA-197844H - In some cases, user imports failed with a Resource not found error.

  • OKTA-197850H - App icons did not load in Okta Plugin for Google Chrome when the CDN was disabled.
Closed2018.46 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed

  • Carta (OKTA-195136)

  • CBT Nuggets (OKTA-194884)

  • CH Robinson Navisphere 2.0 (OKTA-193943)

  • eDataSource (OKTA-192665)

  • General Motors GlobalConnect (OKTA-196112)

  • IBM Workspace (OKTA-194887)

  • Inspectlet (OKTA-196109)

  • MassMutual Retirement Access (OKTA-194881)

  • MidFirst Bank iManage Personal Banking (OKTA-194622)

  • Olapic (OKTA-196110)

  • PaloAlto Networks Support (OKTA-196076)

  • Rackspace Admin Control Panel (OKTA-194888)

  • Rubicon Project (OKTA-196217)

  • Safeware (OKTA-194880)

  • SonicWall (OKTA-195177)

  • UPS CampusShip (OKTA-194141)

  • Walmart (OKTA-196204)

Closed2018.45 Bug fixes
  • OKTA-150759 – System Log events for the iOS Device Trust did not display CredentialType value.
  • OKTA-182989 – Admins could access the deprecated System Log V1 UI by directly pasting the URL in the browser.
  • OKTA-191057 – Temporary passwords generated by an admin password reset included hard-to-distinguish characters that could be confusing to users.
  • OKTA-189249 – IdP Discovery rule with a Sharepoint On-Premise app condition was not routing properly on SP-initiated login flows.
  • OKTA-189512 – Mobile admins did not receive an email notification if a user was deprovisioned from Android For Work or Google apps.
  • OKTA-192009 – Enrolling in Okta Verify using SMS on mobile devices resulted in a message Okta Verify Not Detected instead of a message to open the app or to download the app from the relevant app store.
  • OKTA-194096 – The MFA Usage report incorrectly listed Okta Verify as an enrolled factor for a user even when the factor was reset and was no longer enrolled for the user.
  • OKTA-194735 – The Device Trust message displayed while adding an app sign-on rule did not reflect correct platform names.
  • OKTA-194899 – The set of roles allowed access to system log information by the [Events API](/docs/api/resources/events) did not match the set of roles allowed access by the [System Log API](/docs/api/resources/system_log).
Closed2018.45 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed

  • CGarchitect (OKTA-194273)

  • Check Point (OKTA-194916)

  • Google AdWords (OKTA-195109)

  • IBM Partner World (OKTA-194275)

  • Intouch Tech Data (OKTA-194276)

  • Leaseplan FleetReporting NL (OKTA-194272)

  • Santander (OKTA-194277)

  • ShowingTime (OKTA-194896)

ClosedThe following SAML apps was not working correctly and is now fixed

  • FCm Travel Solutions Client Portal (OKTA-195584)

Closed2018.44 Bug fixes (combines 2018.43 and 2018.44)
  • OKTA-141857 – Some SAML Capable Apps reports incorrectly prompted to convert the app to SAML, even when the app was already using SAML 1.1 or SAML 2.0.
  • OKTA-151933 – A race condition caused Group Push Mappings to be re-associated with a deleted Group Push Mapping Rule. This caused the mappings to be hidden from the Group Push UI and prevented changes to Group Push Mappings in case modifications are needed to address failures.
  • OKTA-165757 – Changed user attributes in Active Directory sometimes were not properly updated in Okta.
  • OKTA-168628 – Self service was not disabled for an implicit app instance, resulting in an error in the logs.
  • OKTA-179336 – App Embed Link in the General tab of the Application page was greyed out in Firefox browsers and could not be copied.
  • OKTA-182143 – Save and Add Another group in the Group Push UI did not work the first time.
  • OKTA-184312 – API integration for a SCIM app failed when the app had no users.
  • OKTA-185043 – Custom Authorization Server dialog was too large and hid the Add button when more than 30 clients were added to access policies at a time.
  • OKTA-186068 – When looking up System Log entries for a six-month period, an incorrect date error was displayed even when the selected From date was six months away from the To date.
  • OKTA-188600 – In some cases, when app provisioning failed, retrying tasks either in bulk or individually on the Task page failed.
  • OKTA-190204 – When the MFA for admins feature was enabled, upon signing into support.okta.com, admins were redirected to the Okta admin console instead of support.okta.com.
  • OKTA-190313 – In some cases, end-users signing into Okta using Integrated Windows Authentication were displayed an incomplete technical contact email address.
  • OKTA-190610 – When the MFA for admins feature was enabled and a sign-on policy prevented admins from signing in to Okta, admins configured to be allowed temporary access were still locked out.
  • OKTA-191811, OKTA-194143 – When specifying a regex for user matches in an IdP discovery routing rule, the following error was returned: We found some errors. Please review the form and make corrections.
  • OKTA-193127 – Running Application Usage reports sometimes failed with a timeout error.
  • OKTA-193871 – Pushing the Exchange ActiveSync mail profile to OMMAn acronym for Okta Mobility Management. OMM enables you to manage your users' mobile devices, applications, and data. Your users enroll in the service and can then download and use managed apps from the Apps Store. Managed apps are typically work-related, such as Box or Expensify. As an administrator, you can remove managed apps and associated data from users' devices at any time. You can configure policies, such as data sharing controls, on any of your managed apps. See Configuring Okta Mobility Management for more information.-managed iOS devices failed for AD-mastered users in orgs with Delegated Authentication configured.
  • OKTA-194116 – A PUT call did not remove the postalAddress value from the user profile as expected.
  • OKTA-194502 – In the System Log, the client IP address displayed did not correctly match the client geo-location when the Dynamic Zones feature is enabled.
  • OKTA-194909 – Provisioning a user to Office 365 through User Sync or Universal Sync failed with the error: Got exception Unable to create the DirSync response object ProvisionResponse.
  • OKTA-196801H - Attempt to match an imported user to an existing Okta user using the option “Existing Okta user I specify” did not retrieve the desired account even when it existed in Okta.
  • OKTA-196665H - Attempt to edit an inactive group rule returned an internal server error.
  • OKTA-196612H - Some end-users signing into Okta received password hints in another language even when the display language was English.
Closed2018.44 App Integration Fixes (combines 2018.43 and 2018.44)
ClosedThe following SWA apps were not working correctly and are now fixed

  • ADP Payline (AU) (OKTA-192607)

  • AliMed (OKTA-192595)

  • Amazon Marketing Services (AMS) (OKTA-194123)

  • Blue Sky Factory (OKTA-192127)

  • Cisco (OKTA-188488)

  • Google Analytics (OKTA-192899)

  • Google Data Studio (OKTA-192135)

  • IBM Cloud (OKTA-192612)

  • Jell (OKTA-192132)

  • LumApps (OKTA-187691)

  • MyCitrix (OKTA-193111)

  • Norex (OKTA-192594)

  • Ravti (OKTA-190349)

  • Salesforce - Marketing Cloud (OKTA-194482)

  • SignNow (OKTA-190434)

Closed2018.42 Bug fixes
  • OKTA-151397 – Group admins were erroneously able to view users who were outside the Active Directory groups being managed by them.
  • OKTA-174550 – The incorrect password error message displayed for AD-mastered users and Okta-mastered users was inconsistent.
  • OKTA-175568 – Messages that were sent to devices using the Factors API sometimes returned a 500 error if the message could not be sent.
  • OKTA-176446 – Attempts to complete new user activation using JIT failed for users in a state of Pending Activation.
  • OKTA-183303 – The Managed column on the Group Assignment page incorrectly appeared to be sortable/clickable.
  • OKTA-184763 – Workday to Okta imports failed for users with Organizations that had a null Organization_Type_Reference.
  • OKTA-187876 – Yubikey reports that included deleted users were not fully viewable, and displayed the following error message: Error, Service is in Read Only Mode.
  • OKTA-189519 – In rare cases, a custom domain could not be removed using the Restore to Default link.
  • OKTA-191750 – When setting up Admin Email Notifications, changing the Notification Preferences For dropdown option from Global Enablement to My Preference failed.
Closed2018.42 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed
  • A Cloud Guru (OKTA-187786)
  • ADP Workforce Now (Employee) (OKTA-191089)
  • Amazon Marketing Services (AMS) (OKTA-192124)
  • Backblaze (OKTA-191414)
  • Dun & Bradstreet (OKTA-189723)
  • Fusebill (OKTA-189915)
  • Instagram (OKTA-192593)
  • MURAL (OKTA-192126)
  • StatusCake (OKTA-192416)
  • TravelCube Pacific (OKTA-190067)
  • Zerto: DRaaS Service Portal (OKTA-189985)
ClosedThe following SAML app was not working correctly and is now fixed
  • Atlassian Cloud (OKTA-188779)
Closed2018.41 Bug fixes
  • OKTA-183216 – When a device enrollment operation failed, the error message was incorrect. 
  • OKTA-186779 – For the AWS app, credentials verification failed when adding multiple accounts IDs belonging to China AWS region.
  • OKTA-188601 – When a user account was deactivated in a provisioned app then imported to Okta and then to AD, the user account was not deprovisioned as expected.
  • OKTA- 191753 – System Log query parameters prior to the allowed time range returned an unknown error (HTTP status code 500).
Closed2018.41 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed

  • Akamai Enterprise Application Access (OKTA-187781)

  • Cisco (OKTA-188488)

  • Cisco Partner Login (OKTA-188281)

  • Integral Ad Science (OKTA-189258)

  • Juice (OKTA-187782)

  • Mapbox (OKTA-188752)

  • MURAL (OKTA-189084)

  • Pingdom (OKTA-190166)

  • PleaseReview (OKTA-187779)

  • Tumblr (OKTA-189894)

  • Verizon Wireless Business (OKTA-189357)

ClosedThe following SAML app was not working correctly and is now fixed

  • Saba (OKTA-164211)

Closed2018.40 Bug fixes
  • OKTA-178657 – When multiple attempts were simultaneously made to update a user's phone number for SMS or voice factors, the user was unable to enroll the phone number.
  • OKTA-181134 – For Dropbox for Business app, group memberships were not imported while importing users and groups.
  • OKTA-182512 – Okta was incorrectly pushing to the SCIM app memberships for users who were not previously provisioned to the app.
  • OKTA-182770 – On updating Jira apps on Atlassian Cloud, the API rate limit of Atlassian often prevented pushing groups from Okta to Atlassian.
  • OKTA-185451 – When an app admin with permission to administer a specific app attempted to save the app settings using the API Endpoint {{url}}/api/v1/apps/{{AppID}} failed with an insufficient permissions error message.
  • OKTA-185620 – The Microsoft Forms chiclet on the enduser dashboard did not log in the user automatically when the sign on mode was SWA.
  • OKTA-190057 – If Device Trust certificate issuance, enrollment, or renewal failed while the Okta service was in Read Only mode, the failure was not logged in the System Log.
Closed2018.40 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed:

  • Datadog (OKTA-185125)

  • Glassdoor (OKTA-189125)

  • Prezi (OKTA-188694)

  • Salesforce: Marketing Cloud (OKTA-189073)

  • Ascensus: Partner Login (OKTA-184944)

Closed2018.39 Bug Fixes
  • OKTA-124052 – Profile sync from Okta to third-party apps failed instead of ignoring users not already provisioned to the third-party app.
  • OKTA-180603 – The Variable Name for enumerated attributes was not displayed in the user profile.
  • OKTA-182976 – Admins could not see all Microsoft Office 365 apps assigned to a user when previewing the end-user Dashboard on the Customization page.
  • OKTA-184730 – When setting up AWS GovCloud with multiple accounts, testing the API credentials or saving provisioning configuration failed with an invalid client token ID error.
  • OKTA-188112 – When multiple attempts were simultaneously made to update a user’s phone number for SMS or voice, an HTTP 500 error occurred intermittently.
  • OKTA-188212 – Links to Device Trust version history documents on the Settings > Downloads page were broken.
  • OKTA-188697 – The Norwegian language was listed as Bokmål instead of Norsk Bokmål in the Display Language options.
  • OKTA-188880 – Admins could not change the username format for OIDC apps in the Profile Mappings editor.
  • OKTA-189139 – In some Preview orgs, Symantec VIP settings were not displayed in Internet Explorer 10 and 11 when configuring the factor for MFA.
Closed2018.39 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed

  • ADP Portal (Admin) (OKTA-188716)

  • Comcast Business (OKTA-188339)

  • eWallet ADP (OKTA-188414)

  • OneSignal (OKTA-188704)

  • Visionplanner (OKTA-188355)

  • VMware Partner Network (OKTA-188299)

  • Wrike (OKTA-188554)

Closed2018.38 Bug Fixes
  • OKTA-167649 – When configuring an LDAP instance, the text description of when to use the User Attribute field was not clear.
  • OKTA-175504 – Kosovo was missing from the Country dropdown list when setting up a phone number for MFA.
  • OKTA-179460 – In the Org2Org app, when a user was not activated in the target system, pushing user updates failed.
  • OKTA-180472 – The System Log displayed duplicate entries to Org admins for enrolling and auto-activating MFA factors.
  • OKTA-181897 – The error message on the Add Person pop-up was not descriptive enough.
  • OKTA-184400 – The Activation email link failed for imported AD users, displaying an error message about a non-existent security question.
  • OKTA-184613 – When the App admin was assigned an app that included the "|" character in its name, app search did not work.
  • OKTA-184982 – The Multifactor page displayed UI elements such as the Edit button to Read Only admins.
  • OKTA-185195 – SP-initiated logins for SAML 2.0 apps were not logged in the System Log when access was denied by an App Sign On policy.
  • OKTA-185215 – For self service registration, password policy descriptions and error messages were not localized correctly, and defaulted to English.
  • OKTA-186200 – Help Desk and Read Only admins received a blank pop-up screen when trying to activate or deactivate an MFA factor type on the Multifactor page.
  • OKTA-186269 – The RSA SecurID username format dropdown did not display AD-related options.
  • OKTA-186780 – The Reset Password page did not accept some usernames that were not in email format.
  • OKTA-187597 – The Feedback button on the admin dashboard directed users to a wrong path.
  • OKTA-187720 – If a company name contained the "&" character, the name was only displayed up to the "&" character on the New Account Registration page.
  • OKTA-187875 – The download buttons on the Download page were inactive for some admins during maintenance.
Closed2018.38 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed

  • Dealer Daily Lexus (OKTA-188063)

  • IRMLS Indiana Regional MLS - Safemls (OKTA-186105)

  • Procore (OKTA-187722)

Closed2018.37 Bug Fixes
  • OKTA-172556 – Technical Contact on the Account Pending Activation page did not appear when staged users tried to log in to Okta.

  • OKTA-185863H – After CLOUD_DESKTOP_SSO was enabled, in certain situations the Allowed Network Zone list in the admin UI was duplicated multiple times. Once the list became too large, IWA began to fail and users were prompted to login.

  • OKTA-185863 – Users could not enroll their phone number for Self Service as they were prompted with the error message "Password or factor verification has expired" even when the session was just created.
  • OKTA-186848 – Okta Verify push notifications were not displayed immediately on Android devices when the device screen was turned off.
  • OKTA-187067 – Subscribed admins did not receive the deactivation email when a user with assigned apps was deactivated through the Okta Admin UI.

  • OKTA-187726H – externalName and externalNamespace fields were missing from the Add Profile Attribute dialog for OIN SCIM apps.

Closed2018.37 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed

  • Cisco WebEx Meeting Center (OKTA-185731)

  • D2L (OKTA-184842)

  • DeltaSkymiles (OKTA-185635)

  • Kamer van Koophandel (OKTA-187153)

  • Moodlerooms (OKTA-186579)

  • mySonitrol (OKTA-185824)

  • myATT (OKTA-185885)

Closed2018.36 Bug Fixes
  • OKTA-83725 – The Zendesk app removed the admin role of an admin user required for Zendesk API access.
  • OKTA-166236– The Sign In page did not render properly when the user agent was empty.
  • OKTA-173065 – On the admin dashboard, the warning dialog displayed active buttons to Read-only admins.
  • OKTA-175981 – API Token link reference for the On-Prem MFA Agent was linking to /admin/access/rsa-securid page instead of /admin/access/on-prem page.
  • OKTA-181650 – Deprovisioning users from the Workplace by Facebook app failed due to an API rescheduling error if the user's manager could not be imported from AD.
  • OKTA-184540 – Changing the list of Network Zones enabled for Desktop SSO did not generate a System Log event as expected.
  • OKTA-184731 – In Chromebooks, when IdP Discovery was enabled, users were unable to login to certain IDPs.
  • OKTA-185632 – Mapping from a user's primary email to their username was not enforced when the user's primary email was changed by an admin.
  • OKTA-185819 – Bulk activate option for onboarding on the People page has been restored. This affects Preview orgs only.
Closed2018.36 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed

  • Apple Store for Business (OKTA-185638)

  • Codility (OKTA-186038)

  • Factual (OKTA-185681)

  • ManageEngine ServiceDesk Plus (OKTA-185481)

  • MURAL (OKTA-185636)

  • Okta Help Center (OKTA-185639)

  • PR Newswire (OKTA-186572)

  • Siteimprove (OKTA-185464)

ClosedThe following SAML app was not working correctly and is now fixed

  • LogMeIn Central/Pro (OKTA-180957)

Closed2018.35 Bug Fixes
  • OKTA-163542 – Newly imported Okta users were sometimes not added to an Okta push group in Slack.
  • OKTA-169041 – In the Office 365 app, if a user had no licenses assigned, deleting that user during de-provisioning failed.
  • OKTA-178599 – JIT Delegated Authentication failed in some cases when Okta was in safe mode.
  • OKTA-180070 – In Browser Plugin settings, Enable Okta toolbar for group dropdown had no group selected by default on new orgs causing on-the-fly functionality to fail.
  • OKTA-180348 – Linked Object property names were incorrectly allowed to begin with a digit or contain characters other than digits, ASCII letters, and underscores.
  • OKTA-180375 – If an externally-mastered user was created by an API and an email factor was required, when the user's email address was updated in the externally-mastered source, the previous email address was still active and authentication codes could still be sent to it.
  • OKTA-182523 – If a user had email and another factor enrolled for an app-level MFA policy, selecting email as a second factor in Okta Mobile on iOS 11.4.1 displayed 'L10N error' instead of a localized message.
  • OKTA-182572 – Users were blocked when upgrading to Okta Verify Push if there was an app sign-on policy that prompted for MFA but no sign-on policy that prompted for MFA. 
  • OKTA-182744 – The device trust client could not be installed on domain-joined computers when IdP discovery was enabled and an IdP routing rule was configured.
  • OKTA-183830 – When the Okta Sign-In Widget was set to use a language other than English, and configured with IdP Discovery, the Next button in the identity first login form was not translated.
  • OKTA-186441H – Users and admins were prompted with an "500 Internal Server Error" whenever they tried to access ServiceNow UD.
  • OKTA-186530H – For MS Office apps on iOS devices, the end user flow failed when an App Sign On rule to “Block EAS” was above a Device Trust rule.
  • OKTA-187161H – SCIM connectors implemented with new created apps did not work on Preview.
Closed2018.35 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed

  • Amazon UK (OKTA-183801)

  • Boxed (OKTA-183746)

  • Cisco Partner Login (OKTA-183727)

  • Insightly (OKTA-184701)

  • MIBOR (OKTA-183652)

  • My Jive (OKTA-184864)

  • QuickBooks (OKTA-184915)

  • SHI (OKTA-183447)

  • ThrivePass (OKTA-183453)

  • WorkFusion Forum (OKTA-184843)

ClosedThe following SAML app was not working correctly and is now fixed

  • Micro Focus Connected MX (OKTA-184531)

Closed2018.34 Bug Fixes
  • OKTA-96203 – The Approvals inbox showed All tasks completed message instead of Nothing to show message when there were no completed tasks.
  • OKTA-161648 – IWA authentication failed for users who had the same UPN across multiple AD domains.
  • OKTA-177378 – For apps with Provisioning enabled, when the Update application username on field was set to Create Only, it reverted to Create and Update when the page was refreshed.
  • OKTA-178803 – Clicking on the U2F factor Setup button for the first time on the end user Settings page displayed a message saying the factor was not supported by the browser but the flow worked normally upon second click.
  • OKTA-179236 – If an API PUT request to update a user profile omitted a sensitive property, that sensitive property was not properly removed from the user profile.
  • OKTA-179407 – Some error pages containing non-lower ASCII characters were not localized.
  • OKTA-179766 – While setting up a phone number for Forgot Password Text Message, users with a Mauritian phone number received an invalid number message at the first attempt but were able to send code to verify the number on the second attempt.
  • OKTA-181454 – When a user belonged to an MFA Enrollment policy where the Email factor was Required and the SMS factor was Optional, calling the /api/v1/authn/endpoint (Primary Authentication with Trusted Application) to authenticate the user for the first time resulted in the user being prompted to setup an Optional factor instead of receiving the Email OTP.
  • OKTA-182947 – Enabling the Self-Service Registration feature with the Add to Sign-In widget checkbox selected displayed a horizontal scroll bar on the end user Sign In page.
  • OKTA-183411 – Active app approval templates were not deactivated when Self Service for the app was disabled.
  • OKTA-183667 – Attempts to delete a Group Rule resulted in a 500 error.
  • OKTA-183882 – Deactivated admins received user locked out emails.
  • OKTA-184762 – IdP Discovery stopped the processing of policy rules for a policy if a rule was being evaluated without a user and the rule contained a user attribute condition.
Closed2018.34 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed

  • Air Canada Travel Agency (OKTA-182036)

  • AmeriHome Correspondent Connect (OKTA-182918)

  • BetterLesson (OKTA-182740)

  • CitiManager (OKTA-182916)

  • Citrix XenApp (OKTA-182034)

  • Cloudability (OKTA-182781)

  • Critical Mention (OKTA-183368)

  • FileWave (OKTA-183176)

  • Hulu (OKTA-183663)

  • MailGun (OKTA-183490)

  • MedBridge (OKTA-184387)

  • MyRackspace Portal (OKTA-183616)

  • New York Times (OKTA-183479)

  • ProfitStars (OKTA-182311)

  • Verizon Wireless Business (OKTA-182929)

  • Virgin Pulse (OKTA-182902)

  • Yardi (OKTA-182913)

  • ZeroFox (OKTA-182915)

ClosedThe following SAML app was not working correctly and is now fixed

  • NetDocuments (OKTA-181142)

Closed2018.33 Bug Fixes
  • OKTA-165796 – When the user had both Okta Verify with Push enabled and Duo Security, ignoring auto Push from Okta Verify to switch to Duo Security displayed an error message.
  • OKTA-174349 – Applications configured as Administrator sets username and password prevented users from enabling Auto-launch option for that app.
  • OKTA-177385 – Okta Expession Language was incorrectly treating the character "_" as a single wildcard character.
  • OKTA-177768 – IdP Discovery policy routing rule did not display disabled app instances.
  • OKTA-178568 – If an SMS factor was used within 30 seconds of the factor being auto-activated, authentication would fail without displaying an error.
  • OKTA-179126 – IdP Discovery policy inactive rules could be re-activated if pointed to an inactive IdP.
  • OKTA-179325 – AD-mastered users, who were logging into Okta for the first time and had not used their enrolled MFA factors to log in, were unable to add their phone number for SMS and Voice Call self-service password recovery options on the Welcome page.
  • OKTA-165507 – The System Log displayed an incorrect time calculation when the selection included a daylight savings time change.
  • OKTA-184793H – With Device Trust enabled and only modern auth client application configured for the Office 365 app, some iOS users whose devices were managed by AirWatch were unable to access O365 from native apps.
Closed2018.33 App Integration Fixes
ClosedThe following SWA app was not working correctly and is now fixed
  • Pantheon (OKTA-181500)
Closed2018.32 Bug Fixes
  • OKTA-159579 – The San Diego Union-Tribune app had a different login URL in Okta Plugin for Microsoft Edge.
  • OKTA-172164 – Invalid EL expressions for attributes and claims in API AM, OIDC, and SAML displayed a 500 error, rather than causing an exception and returning an appropriate error.
  • OKTA-173204 – AD-mastered users were unable to edit their Mobile Phone configured with ALM in Okta even when the User Permission for the attribute was set to Read-Write.
  • OKTA-174211 – Custom domains and Okta-hosted custom sign-in pages rendered a blank page in Internet Explorer when the domain was added to Compatibility View.
  • OKTA-176335 – When configuring a Custom Domain and a Custom Email Sender using the same custom subdomain, the admin was directed to place both CNAME and TXT records to be the same subdomain host, violating RFC 1034 Sec. 3.6.2.
  • OKTA-178982 – When assigning apps to a group, next page returned a 500 error if an admin didn't have rights to view all apps.
  • OKTA-180364 – Ambiguous dialog box was displayed after a successful MFA transaction.
  • OKTA-180642 – Changing the Okta username format from the Active Directory > Settings page in Okta failed to also update existing users' usernames.
  • OKTA-182574 – Applying admin-managed tabs to all users did not send emails upon success or failure due to NPEs.
  • OKTA-180932 – In rare cases, a del-Auth user appeared to be active when locked out and vice versa.
Closed2018.32 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed
  • 451Research (OKTA-179132)
  • BB&T (OKTA-180836)
  • BioCentury (OKTA-181201)
  • GoGoAir (OKTA-180854)
  • Hosting (OKTA-180837)
  • Kentik (OKTA-180843)
  • MIBOR (OKTA-181155)
  • Morgan Stanley ClientServ (OKTA-180844)
  • My Atlassian (OKTA-179519)
  • Sailthru (OKTA-180418)
  • UMR (OKTA-177842)
  • US Bank - Pivot (OKTA-181941)
  • VerticalResponse (OKTA-180437)
  • Wayfair (OKTA-180840)
  • WebEx Premium (OKTA-180841)
  • Zappos (OKTA-180842)
ClosedThe following SAML app was not working correctly and is now fixed
  • Illumio ASP (OKTA-182517)
Closed2018.31 Bug Fixes (combines 2018.30 and 2018.31 releases)
  • OKTA-165762 – AD profile attributes did not write back to UltiPro-mastered user profiles.
  • OKTA-166150 – End user names did not display correctly in Dashboard > Tasks if the user account did not include user first and last names.
  • OKTA-167437 – Some profile attributes for User Sync provisioning type for Office 365 could only be mapped using group app assignment (scope: Group) as opposed to user app assignment (scope: Personal).
  • OKTA-167701, OKTA-170446 – In some cases, the user's manager attribute did not provision to Office 365 when the user's manager DN changed in AD.
  • OKTA-170588 – The Timeout for API Calls threshold for Okta On-Premise Provisioning timed out before the set threshold.
  • OKTA-170844 – Users received a blank page when logging into the Jonas Premier app using the Okta dashboard.
  • OKTA-173525 – SAML docs were sometimes populated with incorrect Signature Algorithm certificates.
  • OKTA-175838 – Group admins were unable to create API tokens because the Security tab was missing from the Okta admin dashboard.
  • OKTA-178335 – Removed System Logs for granting refresh tokens in token requests with the refresh token grant type. This applies to both API Access Management and OpenID Connect.
  • OKTA-178359 – Some group rules did not trigger after users were imported into Okta.
  • OKTA-178522 – IDP Discovery routing rules deemed domains containing the special character "-" as invalid.
  • OKTA-178978 – Provisioning sometimes failed during Okta service maintenance.
  • OKTA-181649H – New users that were mastered in Google Suite, Workday, or Salesforce and subsequently provisioned from Okta into Active Directory, were not enabled in AD when AD password policy required more than 16 characters long passwords.
Closed2018.31 App Integration Fixes (combines 2018.30 and 2018.31 releases)
ClosedThe following SWA apps were not working correctly and are now fixed

  • Admin America Participant (OKTA-179417)

  • AI Insight (OKTA-179419)

  • Amadeus Selling Platform Connect (OKTA-177982)

  • Ambassador (OKTA-179233)

  • BNY Mellon - Connect Portal (OKTA-179106)

  • Pond5 (OKTA-180160)

  • PPM Roadmap (OKTA-179413)

  • S&P Capital IQ (OKTA-178570)

  • Spectrum Time Warner Cable (OKTA-179415)

  • Staples NetXpress New Zealand (OKTA-179414)

  • Sysomos (OKTA-179340)

  • The Courier Mail (OKTA-179225)

  • The Economist (OKTA-179108)

  • WebStudy (OKTA-179412)

  • Zeplin (OKTA-179714)

ClosedThe following SAML apps were not working correctly and are now fixed

  • Fuel Cycle (OKTA-179998)

  • Illumio ASP (OKTA-179985)

  • Spoke (www.askspoke.com) (OKTA-179597)

Closed2018.29 Bug Fixes
  • OKTA-90737 – The Permission set for user assignments was not showing up for the Replicon app. For existing Replicon app instances please contact Okta support to upgrade to latest schema.
  • OKTA-119389H – Imported users for the Org2Org app had mismatched username and email values.
  • OKTA-166720 – Allow administrators to consent for Advanced API Access setting was not saved for O365 app’s API credentials, in cases where WS-Fed was used and set to MANUAL on the Sign On tab.
  • OKTA-173411 – Reveal Password did not show the password for SWA apps when the user is logged in by external social login providers.
  • OKTA-173928 – When the Do not display application icon to users option was unchecked on the General tab of an On-Prem SAML app, the On-Prem settings on the Provisioning tab disappeared.
  • OKTA-174179 – Not all SuccessFactors user attributes were imported into Okta.
  • OKTA-176035 – Users that were deleted from a Group that was managed by a rule, still showed up in the Group.
  • OKTA-177400 – The Zendesk provisioning API failed and returned a 403 Forbidden error for some customers.
  • OKTA-178619 – The API Access Management authorization server token preview resulted in an error when previewing a token for client credentials grant type.
  • OKTA-179489H – Admin password reset functionality was disabled for LDA- mastered users when the Group Password Policy feature was enabled.
  • OKTA-180446H – Setting up provisioning or imports for a new G Suite app instance failed. Testing API credentials for any existing G Suite instances returned a 503 Service unavailable error.
Closed2018.29 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed

  • FedEx Canada (OKTA-177987)

  • MIBOR (OKTA-178869)

  • NatureBox (OKTA-177974)

  • VoterVoice (OKTA-177979)

  • WebEx (Cisco) (OKTA-178499)

Closed2018.28 Bug Fixes
  • OKTA-131104 – For customers with G Suite, duplicate email accounts were configured in Gmail after Android users enrolled their device in OMM (work profile).
  • OKTA-159102 – When a user launched an iOS app that uses Okta to log in, the Okta widget displayed Please enter a password as soon as it was tapped.
  • OKTA-163843 – Okta unnecessarily provided information about specific browsers on all browsers when end users set up a Security Key (U2F) making the instructions confusing on some browsers.
  • OKTA-166582 – When multiple SMS requests for MFA were sent within a 30 second window, the error message returned was SMS recently sent instead of Too many requests.
  • OKTA-168180 – The AD Domain or AD Agent fields were missing in AD agent connect and disconnect System Log events.
  • OKTA-168338 – The okta-signin-widget did not include the accept-language header when making an API call.
  • OKTA-175427H – The IDP Discovery page did not redirect the user to the IDP defined in the Routing Rule on an SP initiated flow.
  • OKTA-176556 – During Self Service Registration some user accounts defaulted to Staged instead of Pending user action status as expected.
  • OKTA-177435 – Category name in the app list showed L10N_ERROR as a category.
  • OKTA-178668 – The Delegated Authentication page did not load properly.
Closed2018.28 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed

  • Apple Store (OKTA-177813)

  • Atlassian Cloud (OKTA-175339)

  • EdgeCast (OKTA-175363)

  • Qualtrics (OKTA-178233)

  • SallieMae (OKTA-173895)

  • UMR (OKTA-177991)

  • Unicorn HRO Customer Center (OKTA-177995)

  • UsabilityHub (OKTA-177376)

  • WebEx Premium (OKTA-173896)

Closed2018.27 Bug Fixes
  • OKTA-124352 – It was possible to select an inactive PIV IdP for certificate-based login.
  • OKTA-146511 – Attempting to activate Okta Verify by an email link or code after having already attempted activation by SMS link resulted in a 500 error instead of a proper error message.
  • OKTA-156179 – The Workplace by Facebook Manager field was only updated following reassignment changes in AD/Okta, not for other changes.
  • OKTA-156459 – User reactivation failed for customers using the Graph API provisioning for the Microsoft Office 365 app.
  • OKTA-160214 – Attempts to enable provisioning for the JIRA On-Prem app failed with a 500 error.
  • OKTA-164208 – Network Zones were not displayed properly under Security -> Delegated Authentication -> Network Zones in IE.
  • OKTA-165596 – The Send Push Automatically checkbox was deselected when reopening a new IE browser with Update KB4096040 in Windows 7Pro-32Bit.
  • OKTA-165636 – The Help Desk Admin role could incorrectly click the Groups link without receiving an error. However, when clicking on any of the groups listed, the admin would receive a 403 error.
  • OKTA-165849 – RSA SecurID MFA enrollment in Okta carried over the FOB token into the PIN field (at the Enter a new PIN having from 4 to 8 digits prompt).
  • OKTA-166847 – The Okta plugin continued to fill out forms with stored values for User/Name and Password fields beyond the initial login.
  • OKTA-167553 – The text on the interstitial page appeared jumbled when using Firefox browser version 59.0.2.
  • OKTA-167623 – Upgrading the IWA agent caused the Network Zones under IWA Settings to be cleared.
  • OKTA-168428 – Some users who were deactivated in Okta were not deactivated in Workplace by Facebook.
  • OKTA-168629 – Calls to API AM /authorize with an invalid okta_key parameter resulted in a 500 error.
  • OKTA-168648 – No error was shown when user activation failed due to a session timeout.
  • OKTA-169454 – Desktop - Windows traffic from Microsoft BITS/7.5 (Microsoft Background Intelligent Transfer Service) was incorrectly filtered as non-Windows traffic by Office365 Client Access Policies.
  • OKTA-171775 – Admins given the right to only administer one specific app (specific-app admin role) were unable to access the Provisioning tab for that app.
  • OKTA-172284 – The SuccessFactors personal email attribute was removed by an Okta Push operation.
  • OKTA-172556 – The IWA pending account activation page did not show the Technical Contact email address.
  • OKTA-174625 – Users could not be assigned the Silver Partner role in Salesforce.
  • OKTA-175748 – Clicking OIDC default scopes in an Authorization Server (AS) policy rule, incorrectly added all scopes for a custom AS.
  • OKTA-175919 – For orgs with subdomain names containing mixed cases, the banner prompting users to grant access to apps continued to display even after the user trusts the domain.
  • OKTA-175991 – A 500 error was returned when adding more than one hundred network zones.
  • OKTA-176329 – The ContactDirSyncMapping event was not recorded in the System Log.
  • OKTA-176736 – The enum attribute did not display a zero value correctly in edit mode (Admin > Directory > Profile Editor > Profile > Edit Custom Attribute).
  • OKTA-177400H – Zendesk Provisioning threw a 403 error after performing a Cloudfare migration.
Closed2018.27 App Integration Fixes
ClosedThe following SWA apps were not working correctly and are now fixed