This page lists current and past versions of the Okta Active Directory AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.. This page is updated whenever a new version of the agent is released to General Availability (GA) and/or Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. (EA).
Important: To ensure that you have up-to-date functionality and get optimum performance from your Okta AD agent(s), we strongly recommend that you download and install the latest version of the agent on your designated domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). server(s). If you are running multiple Okta AD agents, make sure that all of them are the same version. Running different versions can cause all agents to function at the level of the oldest agent.
|Current GA Version||
|Current EA Version||3.5.5|
This EA release includes:
|3.5.4||This EA release includes a security fix and memory performance improvements when streaming data.||2018.44|
|3.5.3||This EA release includes a fix to an issue with installing the agent on a server that requires Duo multi-factor authentication.||2018.34|
This EA release includes the following:
This GA release includes the following changes:
This EA release includes the following changes:
|3.5.0||This EA release fixes an install issue that occurred when registering a secondary AD domain on a new installation.||2018.19|
This GA release provides internal fixes to the installer.
This includes a change to the installation folder permissions to prevent it from inheriting permissions from a parent folder, Okta strongly recommends that you upgrade to 3.4.12 or higher.
|3.4.11||This Early Access release includes internal fixes to the installer.||2018.12|
This Generally AvailableGenerally Available features are available to all orgs automatically according to each customer's SKU. You don’t need to enable them in the console or contact Okta Support. release provides the following:
This Generally Available release provides the following:
This Early Access release includes a number of performance improvements which will reduce import times significantly.
This Early Access release now sends the following time stamps in milliseconds, instead of seconds:
|3.4.6||This Early Access release provides various improvements to the agent log, and improves the way that the Okta AD agent interprets the date formats sent by AD.||2017.24|
This Early Access release fixed an issue where Okta failed to recognize users' AD group memberships following JIT profile creation and updates.
Note: This update was initially documented in the release notes for 2017.05.
This Early Access release provides the following:
This Generally Available release provides the following:
This Early Access release provides the following enhancements:
|3.4.1||This release allows admins to enforce Active Directory's password policy for end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. who have forgotten their password.||2016.04|
This version provides support for SSL certificate pinning. By default, pinning is enabled for new installations. For agent upgrades, your current state of enablement is preserved. †
To allow new installations to complete in environments where SSL pinning may prevent communication with the Okta server, this version also includes a command line option in the installer that lets admins disable SSL pinning. †
†Note: The default state of this feature was reversed in GA release 3.4.3.
|3.3.5||This version combines the best features of existing Classic Imports and Federated Profiles integration options. For details, see About Okta's Enhanced Active Directory Integration||GA – 2015.51
EA – 2015.48
This release uses the FIPS-compliant implementation to perform some cryptographic functions.
Fixed an issue that caused the agent to send empty User Agent strings.
Fixed an issue that prevented the agent from shutting down.
Fixed an issue where, when AD_FEDERATED_PROFILES was enabled, the user AD Group membership information was not always updated.
|3.2.0||This update includes repair of a memory leak. This improvement should reduce instances of delegated authentication timeouts.||2015.10|
|188.8.131.52||This update changes the default connection configuration to increase scalability in the throughput of processes between Active Directory and Okta.||2014.44|
|184.108.40.206||This update now enforces MFA policy during setup of AD. For Universal Directory users, this update also includes enhancements in configuring your AD schema in UD.||2014.41|
|220.127.116.11||Changes include several logging enhancements, including performance data. Also includes the following bug fixes:
|3.0.7||This update provides multithreaded polling for AD agents.||07/23/2013|
|3.0.6||This update supports Federated Profiles.||05/10/2013|
|3.0.5||This update includes a security enhancement: Currently the agent token is stored in plain text in the configuration file, and with this update it will be encrypted, making it more secure. If you use a proxy, the password you enter will also be encrypted. There are no functional changes to the agent and you can update at your convenience.||02/05/2013|
|3.0.4.x||The AD agent 3.0.4.x supports IWA redundancy.||12/05/2012|
|3.0.3||You can now configure a proxy server during installation.||10/17/2012|
|3.0.2||This includes all updates from earlier releases.
Updates to support the following:
|3.0.1||This update includes the following bug fixes:
|3.0||This update includes:
|2.1.4||This update includes:
Note: After October 13, 2014, releases are named by release number; prior to that, they are named by release date. Release numbers indicate the year and week in which the release became available. Occasionally, there are gaps in the numbers.Top