On-Prem MFA Agent Version History

This page displays current and past versions of the Okta On-Prem MFA AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. (formerly Okta RSA SecurID Agent) and is updated accordingly to coincide with General Availability (GA) and Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. (EA) releases.


Current GA Version 1.3.8
Current EA Version



Version Description Release
1.4.1 This version addresses various security enhancements. 2019.09.0 EA
1.4.0 This release replaces the JRE with the Amazon Corretto 8.0 version of OpenJDK JRE 2019.03 EA
1.3.10 This release contains an updated JRE version 1.8.182. 2018.46 EA
1.3.8 This version contains security enhancements.

2018.3 GA

2018.2 EA

1.3.7 This version disables CDN during install. 2018.23
1.3.4 Supports TLS 1.2 2018.12
1.3.6 This EA version adds additional NAS-IP identifiers, including the NAS-IP-Address field, to find clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. configurations in server policies. 2018.07
1.3.3 This version fixes an issue that prevented users from installing the agent in environments in which internet access is available only through a proxy server.

2016.40 GA

2016.38 EA

1.3.2 This release provides internal improvements. 2016.30
1.3.1 This release fixes a potential security vulnerability. 2016.21
1.3.0 With this release, Okta introduces the Okta On-Premises MFA Agent. This new agent replaces the Okta RSA SecurID agent. It includes the following enhancements:
  • SSL Certificate Pinning is enabled by default when you upgrade from the RSA SecurID agent to On-Prem MFA Agent version 1.3.0
  • To allow admins to register the On-Prem MFA agent in our EMEA production environment, we have added a Production-EMEA option to the agent installer.
1.1.0 Adds support for SSL certificate pinning. 2015.51
1.0.3 Disables SSL3 encryption protocol to address the Poodle security vulnerability. 2015.15
1.0.2 Adds OAuth support to RSA and RADIUS agents during installation 2014.44
1.0.0 Adds support for RSA SecurID tokens as a second factor for authentication with Okta. The Okta RSA SecurID Agent acts as a RADIUS client for communication with user's RSA AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. manager. 05/01/13
1.0.1 Introduces version 1.0.1 of the Okta RSA SecurID Agent. 04/14/14


Note: After October 13, 2014, releases are named by release number; prior to that, they are named by release date. Release numbers indicate the year and week in which the release became available. Occasionally, there are gaps in the numbers.