Production

May 2019

2019.05.0: Monthly Production release began deployment on May 13

* Features may not be available in all Okta Product SKUs.

Generally Available Features

New Features

Password Expiry settings for Active Directory

You can specify the password expiry policies for Active Directory for all preview organizations to set the number of days before password expiry when the user receives a warning.

Improved mobile Device Trust enablement flow for admins

The new mobile Device Trust enablement flow uses a 2-step wizard for a clearer, more consistent adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. experience. Existing enablement settings are migrated automatically to the new flow, so there's no need for customers with existing Device Trust deployments to change their configuration. For details, see Okta Device Trust for Mobile Devices.

Assign admin privileges to an Okta group

Super admins can now assign Okta admin privileges to Okta groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups., making it easier to onboard large numbers of admins quickly. Everyone in the group receives the admin privileges assigned to the group. For details, see Assign admin privileges.

Configure a custom URL domain

You can customize your Okta orgThe Okta container that represents a real-world organization. by replacing the Okta domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). name with a custom URL domain name that you specify. For example, if the URL of your Okta org is https://example.okta.com, you can configure a custom URL for the org such as https://id.example.com. For details, see Configure a custom URL domain.

Active Directory agent, version 3.5.7

This version of the AD agent includes fixes to close and recreate connection groups and add a retry in response to 502 errors during import.

For agent version history, see Okta Active Directory agent version history.

System Log events for blacklisted countries

When a country is added or deleted from a blacklist, the System Log tracks the action, as shown below. For more information on blacklisting, see Networks.

Generally Available Enhancements

Accounts locked after ten successive lockouts without a successful sign-in attempt

If an account has ten successive account lockouts followed by auto-unlocks with no successful sign-in attempts, Okta ceases auto-unlocks for the account and logs an event. For more information on account locking, see Security Policies.  

LDAP incremental imports, new check box

For customers who have the incremental import Early Access (EA) feature enabled there is a new check box to allow LDAP users to enable or disable incremental import. For new and existing LDAP instances, the check box is enabled by default. For details, see Install and Configure the Okta Java LDAP Agent.

UI Improvements for Security Email Notifications

Settings for end user email notifications have been moved to their own section: Security Notification Emails. For more information, see General Security.

WebEx additional attributes

We have added more extensible attributes to the WebEx application. For details, see the WebEx Provisioning Guide.

DocuSign authentication mode change

We are switching the authentication mode of our DocuSign provisioning integration to OAuth. For more information, see the DocuSign Provisioning Guide.

Okta Browser Plug-in version 5.28.0 for all browsers except Internet Explorer

This version includes the following enhancements:

  • Accessibility improvements
    • ARIA attributes for UI elements
    • Alt text for logos and images
    • Access to controls and tooltips through keyboard
  • Real-time reflection of the end user dashboard (currently an Early Access feature). For more information, see Browser Plugin Version History.

Early Access Features

New Features

Add Inline Hooks

Admins can now add Inline Hooks from the admin console. Inline Hooks enable admins to integrate custom functionality into Okta process flows. For more information, see Inline Hooks.

Okta Browser Plug-in reflects real-time app and profile changes in the end user dashboard

The Okta Browser Plug-in now reflects the real-time state of the end user dashboard, eliminating the need to refresh the dashboard for the plug-in to reflect the latest app and profile changes. This feature is available through EA Feature Manager in the Admin Console to all browsers except Internet Explorer on Okta Browser Plug-in version 5.28.0 or higher. For more information, see About the Okta Browser Plugin.

ThreatInsight Threat Detection

Admins can now configure ThreatInsight — a new feature that detects credential-based attacks from malicious IP addresses. ThreatInsight events can be displayed in the admin system log and also be blocked once this feature is configured. For more information, see ThreatInsight.

Web Authentication for MFA

Admins can enable Web Authentication as a factor as defined by WebAuthn standards. Web Authentication supports both security key authentication such as YubiKey devices and platform authenticators. For more information, see Web Authentication (FIDO2) .

New macOS Device Trust Registration Task, version 1.2.1

This release provides the following:

For details, see Device Trust for macOS Registration Task Version History.

Early Access Enhancements

Microsoft Intune selection now available in Okta Device Trust for managed iOS devices

Along with other popular MDM options already available for enabling Device Trust, you can now select Microsoft Intune as your MDM provider when you configure the Device Trust solution for Native Apps and Safari on managed iOS devices. While it was possible to configure Intune prior to this change by selecting the Other option, the addition of an Intune option simplifies the implementation. For more about this Okta Device Trust solution, see Enforce Okta Device Trust for Native Apps and Safari on MDM-managed iOS devices.

Note: This notice was updated in 2019.05.1 to more accurately describe this enhancement.

Schema Discovery for Cornerstone On Demand

The Cornerstone On Demand provisioning app now supports Universal Directory and Schema DiscoveryAbility to import additional attributes to Okta. For more information, see the Cornerstone On Demand Provisioning Guide.

Fixes

General Fixes

OKTA-215983

Email templates translations for MFA Factor Enrolled and MFA Factor Reset did not work when the Thai language was selected.

OKTA-217878

For Self Service app registration for apps with provisioning enabled, when admins changed the Approval setting from Required to Not Required the resulting error message was misleading.

OKTA-218001

System Log entries for Device Trust displayed incorrect spacing for some entries.

OKTA-220849

The SuccessFactors app import API did not work.

OKTA-221717

Routing rules for Identity Provider discovery were ignored when both IWA Desktop SSO and Agentless SSO were enabled.

OKTA-221914

Identity Provider routing rules that set User Matches to User Attribute matches Regex were not evaluated correctly.

OKTA-222256

CSV Directory scheduled incremental imports failed.

OKTA-222632

Admins who manage two groups, one granted via individual assignment, and the other via group assignment, could not assign users from one group into the other.

OKTA-222660

When using the LDAP interface, pagination on groups containing more than 1000 users failed.

OKTA-224104

Users assigned admin roles by group did not get assigned the correct default admin email settings.

App Integration Fixes

The following SWA apps were not working correctly and are now fixed

  • Adobe Fonts (OKTA-222877)

  • Air France (OKTA-223010)

  • The Australian (OKTA-221618)

  • FINRA IARD (OKTA-223775)

  • Keap (OKTA-222416)

  • LastPass (OKTA-206231)

  • Metropolitan Bank US (OKTA-222451)

  • Mimecast Personal Portal v2 (OKTA-221490)

  • Nationale Nederlanden: Pensioen Service Online for Business (OKTA-222412)

  • Nextdoor (OKTA-223774)

  • Nmbrs (OKTA-223801)

  • Oakland Public Library Catalog (OKTA-222415)

  • Onfido (OKTA-223804)

  • Optimal Blue (OKTA-223500)

  • Plooto (OKTA-223747)

  • Poll Everywhere (OKTA-223776)

  • The San Diego Union-Tribune (OKTA-223015)

  • WhiteHat Sentinel (OKTA-222784)

  • Wrike (OKTA-223803)

Applications

New Integrations

New SCIM Integration Application

The following partner-built provisioningThe Provisioning features of some OIN apps are built by a third-party, typically the vendor of the app product or service. These features are Okta Verified through a rigorous Okta review process. Partners-Built EA: Partner-Built EA application features have been verified and tested by Okta but may not have been deployed or used by a customer in an Okta production environment. We recommend that you fully test these integrations for your own provisioning use-cases before deploying in production for your end users. Okta Verified: A Partner-built EA application becomes Okta Verified after a customer has verified the integration in production. integration apps are now available in the OINAn acronym for the Okta Integration Network. The OIN is comprised of thousands of public, pre-integrated business and consumer applications. As an on-demand service, OIN integrations are continuously validated, always up to date, and constantly growing both in number and capability. Okta performs a single integration with an ISV or SP, providing thousands of end users with point-and-click customization for their orgs. as partner-built Early Access:

SAML for the following Okta Verified applications

SWA for the following Okta Verified applications

  • Dynatrace (OKTA-221851)

  • Legislative Tracking System (OKTA-219355)

  • Park-line (OKTA-222807)

  • Tax Workflow (OKTA-222999)

Mobile application for use with Okta Mobility Management (OMM) (Android and iOS)

  • RescueAssist (OKTA-220114)

Weekly Updates

April 2019

2019.04.0: Monthly Production release began deployment on April 15

* Features may not be available in all Okta Product SKUs.

Generally Available Features

New Features

Enhanced Group Push for Litmos

Group Push now supports the ability to link to existing groups in Litmos. While this option is currently only available for some apps, we’ll periodically add this functionality to more provisioning-enabled apps. For details about this feature, see Using Group Push.

Schema Discovery for Litmos

The Litmos provisioning app now supports UD and Schema Discovery. For more information, see the Litmos Provisioning Guide.

Enhanced Okta Mobile Security Settings for Android and iOS

Applies to:

  • Okta Mobile 3.8.1+ for Android
  • Okta Mobile 5.22.0+ for iOS

From the admin console, you can configure the following security settings for devices running specific versions of Okta Mobile:

  • Specify the PIN length.
  • Allow/disallow use of a simple PIN (repeating/ascending/descending numeric sequences).
  • (Android only) Allow/disallow users taking screenshots, recording videos, or sharing their screen.

For details, see Okta Mobile Settings.

Enhanced search for Group membership rules

You can now search for group rules by name, target groups, and expression conditions. For more information about Group membership rules, see Create group rules.

Change to Reset Password page

When Administrators navigate to Directory > People > Reset Password, the default view is now Locked Out users instead of All. This has been changed for performance reasons. For details, see Reset user passwords.

LDAP Agent, version 5.5.7

This release includes the following:

  • Bug fixes for incremental import.
  • A new System Log event fires when the modifyTimestamp attribute in LDAP is null for users or groups, which causes incremental import to be converted to a full import. One event per import session is logged:

For agent version history, see Okta Java LDAP agent version history.

Admin change to org settings requires additional reauthentication

To increase security on admin accounts, additional authentication is required when an admin makes changes to the org's User Account settings (Settings > Customization > User Account). If it has been more than 15 minutes since they last entered their pass- word, the admin is asked to enter their password again to reauthenticate. If multifactor authentication is configured, the admin will be prompted for MFA verification as well. For details, see Configure whether user passwords and personal information are managed by Okta or externally.

New Template App

The Template Two Page Plug-in App has been added to the OIN. This plugin template app enables org admins to create private SWAAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully. apps for the two-page sign in flow, where the username field is on the first page, and the password field is on the second page. It works much like the Template Plug-in App and Template Plug-in App 3 Fields. For more information about Template apps, see Configure the Okta Template App and Okta Plugin Template App.

Okta Browser Plug-in version 5.27.0 for Chrome and Internet Explorer

This version includes the following enhancements:

  • For Chrome and Internet Explorer, a keyboard shortcut to open the Okta Browser Plug-in. Users will see a recommendation to use the shortcut when they click on the plugin popover window. This recommendation is only shown once.

  • For Internet Explorer, you can disable the shortcut in the Registry Editor.
  • Users can also close Okta Browser Plug-in popups using keyboard shortcuts.

  • For Chrome, the Okta Secure Web Authentication Plug-in is renamed to the Okta Browser Plug-in.

For more information about these shortcuts, see Keyboard shortcuts for Okta Browser Plugin.

Okta Browser Plug-in version 5.26.2 for Safari

This version includes backend enhancements. For version history, see Browser Plugin Version History

Generally Available Enhancements

EA Feature Manager enhancement

The EA Feature Manager now allows you to more easily discover and enable functional dependencies for EA product features. Any EA product feature with dependencies highlights its dependencies and provides a link to that dependency so that you can enable the dependencies before enabling the EA product feature. For details, see Manage Early Access features

Trust site links renamed to Status

The Trust site links in the Admin footer and error pages have been renamed to Status.

Sensitive values masked

For values of attributes marked as sensitive, the values are masked with asterisks in OpenID Connect and Access Token Preview. For more information on these types of tokens, see Test Your Authorization Server Configuration.

Custom Sign-in Pages can use Sign-in Widget version 2.18

Custom Sign-in Pages can now use Sign-in Widget version 2.18. Selecting the latest option automatically uses 2.18. For more information on the Sign-In Widget, see Okta Sign-in Widget.

Self-service OIDC Apps

OIDC apps are eligible for self-service registration. For more information about self-service registration, see Enable self-service registration.

Amazon AWS app updates

The Amazon AWS app integration has been updated as follows:

  • Dynamic mapping of multiple accounts/roles within AWS: This feature allows dynamic mapping of multiple accounts/roles within AWS by using group assignments from Okta. For more information, see Connect Okta to Multiple AWS Instances via User Groups. Note that previously this was available as an Early Access feature. This functionality is now available as a option on the Sign On tab.
  • Join all roles: A new Join all roles option is available on the Amazon AWS app Sign On page that allows admins to specify that AWS SAML uses all roles (users and groups).
  • Improved security: The Amazon AWS app integration's App Filter application property on the Sign On tab is updated to provide better security and maintainability.

Rate Limits Updated

Okta's API rate limits have been updated: OAuth 2 rate limits were updated and clarified for all orgs. The limit for the api/v1/apps endpoint was updated for Enterprise orgs. For more information, see Rate Limits at Okta.

Enhanced user experience on end user dashboard

This includes the following enhancements:

For more information about the dashboard, see Manage dashboard tabs for end users

Early Access Features

New Features

SAML Inline Hook

The SAML Inline Hook enables you to customize the authentication flow by allowing you to add attributes or modify existing attributes in outbound SAML assertions. For details, see our SAML Inline Hook page.

Early Access Enhancements

Automation Policies enhancement

Run Once Automation policies can be optionally run without any conditions. For more information about Automations, see Add a new automation

Fixes

General Fixes

OKTA-191963

Some G Suite license options were missing from the Okta Integration Network.

OKTA-198767

Loading a Custom Sign On Page with a configured Custom Domain returned a 404 error if the web browser was configured with a primary language other than English.

OKTA-207897

When importing user profiles from WebEx, the country code did not convert to the country name.

OKTA-208292

While creating a new contact in the SFDC Customer Portal, Okta provisioning did not search for matching existing Contact objects in Salesforce.

OKTA-208907

When a new LDAP instance was configured, settings related to Delegated Authentication were overwritten.

OKTA-209762

End users could not upgrade from Okta Verify with a One Time Passcode (OTP) to Okta Verify with Push if their org Sign On policy did not prompt for an MFA, but their app Sign On policy did.

OKTA-210250

The lastDownloadToken field in agent logs did not update after incremental imports.

OKTA-211709

Litmos did not automatically reschedule and import a job once a rate limit was reached.

OKTA-213074

The App Admin role could not be assigned when an org had a significantly large number of deleted apps.

OKTA-213122

Pushing groups from Okta to G Suite failed when group member was already in a group, or had been already removed.

OKTA-213291

When importing users via a CSV file, the Do not create a password and only allow login via Identity Provider option could not be selected.

OKTA-213293

When conducting an import from Workday to Okta, boolean properties were not handled properly and did not map to the actual values.

OKTA-214020

In Agentless Desktop SSO settings, only the first 20 instances were editable.

OKTA-216082

When pushing users from Okta to Salesforce Federated ID, the profile attribute could not be set to not required.

OKTA-218007

Identity Providers did not support matching the user with an Okta username or email when the IdP Extensible Matching Rules feature was enabled.

App Integration Fixes

The following SWA apps were not working correctly and are now fixed

  • Amadeus Selling Platform Connect (OKTA-217081)

  • Amplitude (OKTA-215291)

  • Answer 1 Zapier (OKTA-215720)

  • AT&T Cybersecurity (formerly AlienVault) (OKTA-217657)

  • Atlassian (OKTA-215304)

  • Basecamp (OKTA-215286)

  • BB&T (OKTA-217648)

  • Buffer (OKTA-217890)

  • CareFirst (OKTA-215296)

  • CyberSource (OKTA-217636)

  • FINRA Web CRD (OKTA-215277)

  • HipChat (OKTA-215244)

  • IBM Partner World (OKTA-215287)

  • Loggly (OKTA-215999)

  • Pacer (OKTA-216799)

  • RingCentral (OKTA-215283)

  • Smallpdf (OKTA-217685)

  • SmartyStreets (OKTA-217661)

  • T. Rowe Price (OKTA-214661)

  • TruQu (OKTA-216808)

  • Vungle (OKTA-215348)

  • WePay (OKTA-215245)

  • WP Engine (OKTA-217760)

  • Yelp Biz (OKTA-215074)

  • YouCanBook.me (OKTA-215253)

Applications

Application Updates

The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:

New Integrations

New SCIM Integration Application

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

SAML for the following Okta Verified applications

  • Area 1 Security (OKTA-216838)

  • BuiltWith (OKTA-216847)

  • Kiva (OKTA-215932)

  • Palo Alto Networks - Aperture (Reverse Proxy) (OKTA-214670)

  • Workable (OKTA-212879)

SWA for the following Okta Verified applications

  • American Express vPayment (OKTA-212465)

  • B of A Automative Dealer Services (OKTA-214379)

  • BigBlueOnline (OKTA-214709)

  • BrickFTP for Las Vegas Nevada (OKTA-214142)

  • Cal Bank Trust (OKTA-213107)

  • Comcast Payment Center (OKTA-217425)

  • Connect CDK Global (OKTA-216063)

  • DigiDip (OKTA-217112)

  • European Union (OKTA-209889)

  • FIS E-Banking Services: Generic Login Flow (OKTA-209723)

  • Frontier Communications (OKTA-214708)

  • Frontier Communications (OKTA-217302)

  • FSRS gov Awardees (OKTA-217427)

  • Greenwaste (OKTA-217198)

  • IOI Payroll V2 (OKTA-214471)

  • Leumi Bank UK (OKTA-215922)

  • Metropolitan Bank US (OKTA-215923)

  • MyMerrill (OKTA-213642)

  • Nationale Nederlanden: Pensioen Service Online for Business (OKTA-214224)

  • Obeo (OKTA-210256)

  • PNC Foreign Currency (OKTA-215697)

  • Premium Haystack (OKTA-215438)

  • Rookout (OKTA-213093)

  • Schoox (OKTA-215053)

  • Signature Bank (OKTA-201621)

  • Silvergate Bank (OKTA-201618)

  • Ski Data for 2145 Parkplace (OKTA-214361)

  • Van Lanschot (OKTA-214922)

Weekly Updates

March 2019

2019.03.0: Monthly Production release began deployment on March 11

* Features may not be available in all Okta Product SKUs.

Generally Available Features

New Features

Security Tips on admin console

Security Tips now appear on the admin console. These tips suggest a list of security features that can be enabled to improve the security posture of an org. For more information, see Security Checklist.

Default sign on rule set to Deny in Client Access Policies for new Office 365 app instances

In Client Access Policies for new Office 365 app instances, the Default sign on rule is now set to Deny access (formerly set to Allow). Additionally, we've provided a rule above the Default sign on rule that allows access to only web browsers and apps that support Modern Authentication. This change is designed to help customers implement more secure policies by default. Note: Existing O365 app instances are unaffected by this change. For more information, see Office 365 Client Access Policies.

Skip importing groups during Office 365 user provisioning

While provisioning Office 365 in Okta, you can choose to skip importing Office 365 user groups and group memberships into Okta. This allows you to focus initially on user provisioning and take care of group assignments later in the deployment process. For more information, see Skip importing groups during Office 365 user provisioning.

Additional Custom Attributes for Webex integration

Our Webex integration is enhanced by adding support several new custom attributes. Okta imports these attributes that you can then map as additional custom properties. For more information see the Webex Provisioning Guide.

System Log enhancement

We’ve enhanced our System Log to take advantage of our new Network Zones feature. Admins can now hover over an IP address that's part of an event and navigate through the series of menus to add that IP address to either the gateway or proxy list of IP addresses.

SCIM App Wizard

Okta supports SCIM (System for Cross-domain Identity Management specification) provisioning for apps created with the Okta App Integration Wizard (AIW).

For more information about SCIM, see SCIM-Based Provisioning Integration. For instructions to enable SCIM for app-wizard apps, see The SCIM App Wizard.

View admin list by role

Super admins can now filter the list of admins by role and type for easier searching.

Social Identity Providers

This feature allows your end users to self-register with your custom applications by first authenticating through their existing social identity accounts, such as Facebook, Google, Yahoo, or LinkedIn. For new users of your custom application, Okta creates a Just In Time (JIT) Okta user profile based on attributes stored in their social profiles.

For more information see Identity Providers.

System Log events for YubiKey Seed

New System Log events have been added when a user uploads or revokes a YubiKey Seed successfully.

System Log events for Active Directory imports

A new System Log event appears when an Active Directory import is converted from an incremental to a full import.

A new System Log event appears when a full Active Directory import is required.

Admin role behavior changes

Admin roles assigned by adding a user to an Admin group can no longer be edited or customized for individual users. To edit or remove admin privileges from a user that were assigned by adding the user to an admin group, you must remove the user from the group. Additionally, if a user has individual admin privileges assigned to them as well as admin privileges they received due to being in an admin group, each admin privilege will be listed separately. The icons indicate whether the privilege was assigned individually or as a result of group membership. For details, see Admin assignment page overview and Assign admin privileges.

Use Expression Language (EL) to map AD attribute to Workplace by Facebook

Okta now uses EL to map manager from AD to the Workplace by Facebook app for all new apps. For more information about Workplace by Facebook provisioning, see the Workplace by Facebook Provisioning Guide.

CPC app operations throttling

To ensure execution of all customers’ provisioning operations in a timely manner, operations for CPC apps are now throttled on a per org basis.

Generally Available Enhancements

Documentation links for Security Checklist

The Security Checklist on the admin console is updated to include documentation links for each setting. For more information about this feature, see Security Checklist.

Region codes updated for network zones

Network zones region codes are updated to adhere to the specifications of the ISO-3166 standard. This update includes changes to region names within Mexico, the Democratic Republic of the Congo, and Czech Republic. For more information about using country and region codes, see Networks.

Early Access Features

New Features

Okta LDAP agent, version 5.5.5

This release contains:

  • Support for a configurable number of agent polling threads  
  • Internal fixes

For details, see Okta Java LDAP agent version history and Change the number of Okta LDAP agent threads.

App condition for MFA enrollment policy

Admins can now use a new condition when setting a rule for an MFA enrollment policy. When this condition is configured, end users are prompted for factor enrollment when accessing all of their applications or only for those selected by their org admin. For more information, see App Condition for MFA Enrollment Policy.

Review prompt on Okta Mobile for iOS

End-users using Okta Mobile on iOS are prompted to provide an App Store rating for the app. When they provide a rating in the app and click Submit, they are taken to the App Store page for the Okta Mobile app to provide more optional feedback about the app. They can click Not now to dismiss the option. For more information, see Review prompt on Okta Mobile (iOS only).

Schedule user imports

When you set up Provisioning to import users from an app or from a CSV directory to Okta, you can set up a schedule for imports at regular intervals on an hourly, daily, or weekly basis. If your app supports incremental imports, then you can set up both full and incremental import schedules. This integration applies to all non-AD and LDAP applications that support imports such as CSV directory, Workday, SuccessFactors, BambooHR, Salesforce, and so on. For more information, see Schedule imports.

Okta On-Prem MFA Agent, version 1.4.0

This release replaces the JRE with the Amazon Corretto 8.0 version of OpenJDK JRE. For the agent version history, see Okta On-Prem MFA Agent Version History.

OIN Manager supports multiple application submissions

When submitting a new application integration for review by Okta, the OIN Manager now supports multiple concurrent application submissions (for new orgs only).

 

Early Access Enhancements

Custom domain HTTP to HTTPS redirect

Custom domain can redirect from HTTP to HTTPS. For more information about custom domains, see Configure a custom URL domain.

Fixes

General Fixes

OKTA-135037

Disabled users in the Roambi app were incorrectly imported into Okta.

OKTA-205616

The tooltip for username was missing on the Identifier-first login page when using IdP Discovery.

OKTA-205713

The Okta Interstitial page used an incorrect font on Windows OS.

OKTA-205734

The authentication process took more time than expected when the "Permit Automatic Push for Okta Verify Enrolled Users option for the RADIUS application was activated.

OKTA-207282

End-users could not see the Zip Code on the Personal Information page on the end user dashboard despite having read-write permissions.

OKTA-207634

Customers were not properly redirected to the correct JIRA On-Prem instance after updating to JIRA On-Prem version 3.0.7.

OKTA-208446

Updates to the Okta Reporting Path were not saved on the first attempt and failed with errors when configuring API integration for the UltiPro app.

OKTA-209118

When configuring an OPP app with a SCIM connector, authentication headers were sometimes misconfigured.

OKTA-210624

For Desktop Device Trust flows, authentication failures reported in the System Log lacked sufficient detail.

OKTA-211769

When Single Line Prompt was enabled in the Radius app, login using a soft token generated duplicate events in the System Log.

App Integration Fixes

The following SWA apps were not working correctly and are now fixed

  • Allegra False Creek (OKTA-211577)

  • Amazon Web Services (OKTA-200754)

  • Basecamp (OKTA-210785)

  • Bitbucket (OKTA-209277)

  • Citi Velocity (OKTA-211570)

  • CrazyEgg (OKTA-208795)

  • Expensify (SWA Only) (OKTA-209343)

  • Glance (OKTA-211569)

  • Google AdSense (OKTA-208416)

  • Meetup (OKTA-208796)

  • MSCI ESG Manager (OKTA-210231)

  • SecureMail Cloud (OKTA-210230)

  • Stamps.com (OKTA-211576)

  • T. Rowe Price (OKTA-208929)

Applications

Application Updates

  • The following partner-built provisioning integration app is now Generally Available in the OIN as partner-built:

  • Namely now supports the following Provisioning features (in addition to the Profile Master feature that it already supports):

    • Create users

    • Update user attributes

    For users that have set-up the Namely integration and enabled Provisioning before July 23, 2018, they have to follow the migration steps detailed in the Namely Configuration Guide if they want to use the new feature.

New Integrations

New SCIM Integration Application

The following partner-built provisioning integration apps are now available in the OIN as partner-built Early Access:

Mobile application for use with Okta Mobility Management (OMM) (Android and iOS)

  • Zscaler 2.0 (OKTA-210280)

SAML for the following Okta Verified applications

  • Idiomatic (OKTA-210213)

  • Stack Overflow Enterprise (OKTA-211271)

SWA for the following Okta Verified applications

  • 1st Global: Identity Server (OKTA-203266)

  • Amazon Incentives (OKTA-205373)

  • ClickToTweet (OKTA-206100)

  • Cumberland (OKTA-202677)

  • ForeScout (OKTA-203181)

  • Fremont Bank (OKTA-205715)

  • GoodHabitz (OKTA-206150)

  • HR Certification Institute (OKTA-204048)

  • Johnson & Johnson (OKTA-207334)

  • LinkedIn Sales Navigator (OKTA-202984)

  • LivePerson LiveEngage (OKTA-206681)

  • Lutron (OKTA-206149)

  • PNC Retirement Directions Participant Login (OKTA-206676)

  • SagicoreLife: Agent Login (OKTA-202262)

  • SecurePay (OKTA-210232)

  • Supermetrics (OKTA-205909)

  • Template Two Page Plugin App (OKTA-207162)

  • Texas Mutual (OKTA-207028)

  • Zscaler 2.0 (OKTA-210280)

Weekly Updates

2018 Production Releases

2018 Application Integrations and Updates