Okta Active Directory Agent Version History

This page lists current and past versions of the Okta Active Directory AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.. This page is updated whenever a new version of the agent is released to General Availability (GA) and/or Early Access (EA). It was last updated June 14, 2017 (preview release 2017.24).

Important: To ensure that you have up-to-date functionality and get optimum performance from your Okta AD agent(s), we strongly recommend that you download and install the latest version of the agent on your designated domain server(s). If you are running multiple Okta AD agents, make sure that all of them are the same version. Running different versions can cause all agents to function at the level of the oldest agent.

Current GA Version 3.4.3
Current EA Version 3.4.7

Version Description Release
3.4.7

This Early Access release now sends the following time stamps in milliseconds, instead of seconds:

  • when the agent GETs an Okta request

  • when the agent POSTs a result

  • when the agent sends a request to a Domain Controller

  • when the agent receives a response from the Domain Controller

2017.31
3.4.6 This Early Access release provides various improvements to the agent log, and improves the way that the Okta AD agent interprets the date formats sent by AD. 2017.24
3.4.5

This Early Access release fixed an issue where Okta failed to recognize usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control.' AD group memberships following JIT profile creation and updates.

Note: This update was initially documented in the release notes for 2017.05.

2017.08
3.4.4

This Early Access release provides the following:

  • SSL certificate pinning is enabled by default for new installations. For agent upgrades, your current state of enablement is preserved. Note: This release reverses the default state of SSL pinning enablement that was provided by version 3.4.3.
  • Internal improvements.
2016.40
3.4.3

This Generally Available release provides the following:

  • All the fixes and enhancements provided by Early Access (EA) versions 3.4.1 and 3.4.2.
  • Support for writing binary data to an AD object's attribute.
  • SSL certificate pinning is disabled by default for new installations. For agent upgrades, your current state of enablement is preserved. Note: This release reverses the default state of SSL pinning enablement that was provided by version 3.4.0.
2016.35
3.4.2

This Early Access release provides the following enhancements:

  • If your AD agent fails to start because the service account on the domain controller is missing the Log on as a service permission, you can now repair the account with just a few clicks.
  • To allow admins to register the Okta AD agent in our EMEA production environment, we have added a Production-EMEA option to the agent installer.
  • To improve the security of AD integrations, we now default to the TLS1.2 security protocol in orgs running .NET Framework 4.5 or later. Orgs running earlier versions of the .NET Framework continue to use TLS1.1.
  • Okta no longer imports duplicate Universal Security GroupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. if they are moved to a different domain.
2016.31
3.4.1 This release allows admins to enforce Active Directory's password policy for end usersIn Okta literature, we refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. who have forgotten their password. 2016.04
3.4.0

This version provides support for SSL certificate pinning. By default, pinning is enabled for new installations. For agent upgrades, your current state of enablement is preserved. †

To allow new installations to complete in environments where SSL pinning may prevent communication with the Okta server, this version also includes a command line option in the installer that lets admins disable SSL pinning. †

Note: The default state of this feature was reversed in GA release 3.4.3.

2015.52
3.3.5 This version combines the best features of existing Classic Imports and Federated Profiles integration options. For details, see About Okta's Enhanced Active Directory Integration GA – 2015.51

EA – 2015.48
3.3.4

This release uses the FIPS-compliant implementation to perform some cryptographic functions.

2015.41
3.3.3

Fixed an issue that caused the agent to send empty User Agent strings.

2015.35
3.3.2

Fixed an issue that prevented the agent from shutting down.

2015.29
3.2.1

Fixed an issue where, when AD_FEDERATED_PROFILES was enabled, the user AD Group membership information was not always updated.

2015.14
3.2.0 This update includes repair of a memory leak. This improvement should reduce instances of delegated authentication timeouts. 2015.10
3.1.0.3 This update changes the default connection configuration to increase scalability in the throughput of processes between Active Directory and Okta. 2014.44
3.1.0.2 This update now enforces MFA policy during setup of AD. For Universal Directory users, this update also includes enhancements in configuring your AD schema in UD. 2014.41
3.0.9.7 Changes include several logging enhancements, including performance data. Also includes the following bug fixes:
  • OKTA-24749 - Fixed an issue in which Okta Groups without text in the Description field could not be successfully pushed.
  • OKTA-32138 - Fixed an issue where particular password types caused the AD Agent installation to fail.
6/16/2014
3.0.7 This update provides multithreaded polling for AD agents. 07/23/2013
3.0.6 This update supports Federated Profiles. 05/10/2013
3.0.5 This update includes a security enhancement: Currently the agent token is stored in plain text in the configuration file, and with this update it will be encrypted, making it more secure. If you use a proxy, the password you enter will also be encrypted. There are no functional changes to the agent and you can update at your convenience. 02/05/2013
3.0.4.x The AD agent 3.0.4.x supports IWA redundancy. 12/05/2012
3.0.3 You can now configure a proxy server during installation. 10/17/2012
3.0.2 This includes all updates from earlier releases.
Updates to support the following:
  • Provisioning by security groups.
  • AD password reset.
  • AD import improvements.
08/20/2012
3.0.1 This update includes the following bug fixes:
  • The AD Agent Manager will fill the combo-box with all Domains of the current Forest and allows you to type the DNS-name of any additional Domain.
  • Agent will now prompt for elevation or administrator credentials when necessary.
05/30/2012
3.0 This update includes:
  • Registering Multiple Domains on one agent.
  • Provisioning by security groups.
05/14/2012
2.1.4 This update includes:
  • The domain user account for the AD Agent is created by the installer, so that the credentials are not stored in the Okta service.
  • Multiple Domain Support.
  • AD Password Reset.
5/14/2012

Note: After October 13, 2014, releases are named by release number; prior to that, they are named by release date. Release numbers indicate the year and week in which the release became available. Occasionally, there are gaps in the numbers.