Okta Access Gateway release notes

2022 releases
2021 releases
2020 releases
2019 releases

(missing or bad snippet)
(missing or bad snippet)
(missing or bad snippet)

(missing or bad snippet)
(missing or bad snippet)
(missing or bad snippet)
(missing or bad snippet)
(missing or bad snippet)
(missing or bad snippet)
(missing or bad snippet)
(missing or bad snippet)
(missing or bad snippet)

Release: 2021.03.6

Deployment date: March 4, 2021

Download: Okta Admin Console (Settings > Downloads)

Release summary

Okta Access Gateway 2021.03.6 is now Generally Available. This release includes new features, bug fixes, and updated documentation.

Features

Access Gateway Management console now requires password reset on first use. Please note, all new installs and upgrades will require a Management console password reset. See Access Gateway Managementコンソールに初めてサインインする.

Enhancements

Access Gateway Admin UI console now requires an IDP be configured before a support connection can be enabled. See OktaテナントをIDプロバイダーとして設定する for details of configuring your Okta org as an identity provider.
Please note that in addition to vpn.oag.okta.com.com, support.oag.okta.com should now be allow listed. See Access Gatewayデプロイメントの前提条件 for more information.
Access Gateway Admin UI console now displays Tunnel IP address when the support connection is enabled. See Access GatewayサポートVPNについて.

Fixes

OKTA-356503 - After removing all workers from a high availability cluster re-adding a second or subsequent worker failed with synchronization errors.
OKTA-366367 - On Access Gateway versions 2020.12.3 and 2021.01.0 log rotation sometimes failed with an error.
OKTA-367735 - After a certificate was successfully deleted, the Access Gateway management console continued to display the deleted certificate.
OKTA-372468 - When a no proxy list was specified with an Access Gateway proxy, configuration errors occurred because the list was ignored.

Release: 2021.02.1

Deployment date: February 3, 2021

Download: Okta Admin Console (Settings > Downloads)

Release summary

Okta Access Gateway 2021.02.1 is now Generally Available. This release includes new features, bug fixes, and updated documentation.

Features

Access Gateway now supports both case-sensitive and insensitive policy URIs. Case-insensitive URIs allow customers to apply the same URI policy regardless of case. This helps admins create a single policy for all case variations instead of managing multiple advanced policies for the same URI. Creating one policy for all case variations saves admins time and makes URIs less vulnerable.
Because most customers want to treat URIs of different case variants as the same resource, case-insensitive URIs will become the default behavior for all new policies starting with v2021.02.1. Existing policies created prior to v2021.02.1 remain unchanged and will continue to be case-sensitive.
Okta recommends that customers review all existing policy statements to confirm their behavior matches expectations.
See アプリケーションポリシーの優先順位について and アプリケーションポリシーの管理 for more information.

Enhancements

Documentation has been extended and improved around application session timeouts. See アプリケーション詳細設定の管理 and アプリケーションセッションタイムアウトの相互作用 for more information.

Fixes

OKTA-320621 - During Oracle EBS app integration, selecting an OID Data Source would cause the associated attribute to be removed from the attribute list and caused all application settings to be uneditable.
OKTA-340130 - In situations where a DHCP assigned IP address was not assigned to Access Gateway, the syslog-ng service wouldn't start and the Access Gateway Management console would be unavailable.
OKTA-350962 - In the Chrome browser, because the SameSite application attribute was set to none rather than true, requests that originated from a different application resulted in the error iframe is not able to share cookies from browser."
OKTA-353959 - When using static networking, the Access Gateway Management console couldn't persist network setting changes if no DHCP server was available.
OKTA-361165 - When application session settings were configured as:
- Browser Session Expiration: disabled
- Idle Session Duration: disabled
- Maximum Session Duration: enabled
Cookies were incorrectly marked as session rather than persistent, and required the user to re-authenticate after reopening the browser, even if maximum session duration hadn't been exceeded.

Release: 2021.01.0

Deployment date: January 9, 2021

Download: Okta Admin Console (Settings > Downloads)

Release summary

Okta Access Gateway 2021.01.0 is now Generally Available. This release includes new features, bug fixes, and updated documentation.

Features

Early Access Access Gateway now supports Certificate validation behavior. This provides better security for legacy apps, and more control for administrators. It uses a set of predetermined and validated certificate chains to authenticate user requests - all from a centralized admin interface.
See クライアント証明書の検証動作について, 証明書チェーンの操作 and Client Certificate Validation in アプリケーションの動作を管理する

Enhancements

Documentation has been extended and improved around firewall requirements.
See Firewall rules and requirements in Access Gatewayデプロイメントの前提条件

Fixes

OKTA-327549 - When a certificate previously associated with an application was deleted on the Access Gateway Management console and application changes were later made on the Access Gateway Admin UI console, user requests for the original application returned Unknown Host.
OKTA-329724 - When Browser Session Expiration was enabled on the Access Gateway Admin UI console and the browser session had not expired but reached either idle or maximum session limit, users were unexpectedly redirected to the No session / Session Expired link.
OKTA-351762 - On CentOS8, the Access Gateway Management console sometimes displayed subject information for certificate issuer instead of certificate name.

Release: 2020.12.3

Deployment date: December 15, 2021

Download: Okta Admin Console (Settings > Downloads)

Release summary

Okta Access Gateway2020.12.3 is now Generally Available. This release includes new features, bug fixes, and both new and updated documentation.

Important notes

Oracle VirtualBox is only supported for development and testing and is not intended for production use.
An upgrade to the Access Gateway Admin UI components is causing the text in the topology view to be enlarged on some browsers. This will be resolved in a future release.

Features

Access Gateway worker instances can now be synchronized on demand. See 高可用性の構成オペレーション.
Administrators can now use the Access Gateway Admin UI console to control log verbosity as well as view current log and disk usage statistics. See ログレベルについて and ログ詳細度の管理

Enhancements

New documentation has been added for implementing SAML pass through applications. See SAMLパススルーアプリケーションを追加する for more information.
The Oracle EBS, Oracle JD Edwards, Oracle PeopleSoft and generic Kerberos application integration documentation has been updated and now includes reference architecture diagrams, step clarification and overall process flow improvements.
Added and extended documentation about managing SSL/TLS termination and load balancers. See SSL/TLS有効期限の管理 for more information.
The Access Gateway support VPN has been updated to perform additional validation during initial connection setup. See Access GatewayがサポートするVPNの管理 for details.

Fixes

OKTA-322679 - When Access Gateway had multiple network interfaces, some interfaces didn’t return the instance hostname, and localhost was reported in corresponding log messages.
OKTA-350471 - When Access Gateway 2020.11.2 was deployed to VMWare vSphere on a DHCP-disabled network, the instance became unusable if an invalid IP/netmask combination was specified.

Release: 2020.11.2

Deployment date: November 9, 2020

Download: Okta Admin Console (Settings > Downloads)

Release summary

Okta Access Gateway 2020.11.2 is now Generally Available. This release includes vulnerability hardening, new features, bug fixes, and both new and updated documentation.

Features

The Access Gateway Management console can now specify a proxy username and password in support of proxy authentication. See the Network > Proxy in the Command Line Management Consoleのリファレンス.

Enhancements

The Access Gateway Management console now displays a security banner prior to login.
New documentation has been added on working with Dynamic application attributes.
See ダイナミックアプリケーション属性を追加する for more information.
New documentation has been added on creating portal based applications.
See ポータルアプリケーションを追加する for more information.
New documentation has been added on creating applications which support WebSockets.
See WebSocketベースのアプリケーションを追加する for more information.
Additional advanced access policy examples have been added.
See 高度なAccess Gatewayポリシーの例.

Fixes

OKTA-301413 -Access Gateway returned the default Access Gateway icon instead of the protected web resource icon.
OKTA-340130 - When Access Gateway was not assigned a DHCP IP address, the network service failed to start and the Access Gateway Management console failed to start after logging in.
OKTA-329128 - When validating database-based datastores, valid Table names were evaluated as invalid unless Advanced query mode was enabled.

Release: 2020.10.5

Deployment date: October 12, 2020

Download: Okta Admin Console (Settings > Downloads)

Release summary

Okta Access Gateway 2020.10.5 is now Generally Available. This release includes bug fixes, and both new and updated documentation.

Important updates

The operating system that powers Access Gateway has been updated to take advantage of the more modern capabilities, security features, and performance benefits. Customers should not expect any visible differences and are not required to upgrade at this time. Please note, in late 2021 we expect to stop supporting older OS versions.
For details on how to upgrade now, see Access Gateway OSをアップデートする

Enhancements

New documentation has been added on Bootstrapping Access Gateway for development use.
DNS documentation has been extended and enhanced. See Access GatewayのDNSの使用について.
Troubleshooting documentation has been extended and enhanced. For more information see:
Documentation enhanced to include support for adding IDP specific Access Gateway Admin UI console applications.
See Access Gateway Admin UIコンソールアプリケーションを追加する for more information.

Fixes

OKTA-324582 - When adding or modifying applications, valid IP addresses entered in the Public Domain field failed validation with Invalid domain format errors.

Release: 2020.10.5

Deployment date: October 12, 2020

Download: Okta Admin Console (Settings > Downloads)

Release summary

Okta Access Gateway 2020.9.3 is now Generally Available. This release includes enhancements, bug fixes, and both new and updated documentation.

Enhancements

Documentation enhanced to include support for adding IDP specific Access Gateway Admin UI console applications.
See Access Gateway Admin UIコンソールアプリケーションを追加する for more information.
All application documentation pages have been updated to include supported version information.
Getting started has been updated to include development and test focused Access Gatewayのブートストラップ documentation.
Additional documentation has been included on how to:

Fixes

OKTA-300184 - When using the Access Gateway Admin UI console to update an application, the updates overwrote the Okta org Cross-Origin Resource Sharing (CORS) settings.
OKTA-313764 - When configuring the No Session/Session Expired setting on the Access Gateway Admin UI console to force reauthentication, the Resource not found error occurred.
OKTA-324392 - When the number of entries for a given host name decreased before a valid Domain Name System (DNS) host name resolution request was initiated, the error attempt to index a nil value appeared in the Lua log and the process timed out.
OKTA-325103 - After an upgrade where the Access Gateway node was using a proxy, the Access Gateway Admin UI console would become unreachable with error Admin UI service is not Available.
OKTA-325545 - When using the Access Gateway Admin UI console to add or modify an application, valid URLs failed to resolve and the error Domain must resolve in DNS and connect with TCP/IP appeared.

Release: 2020.8.4

Deployment date: August 12, 2020

Download: Okta Admin Console (Settings > Downloads)

Release summary

Okta Access Gateway 2020.8.4 is now Generally Available. This release includes bug fixes only.

Fixes

OKTA-321124 - When validating an advanced policy directive, valid directives failed with a Config generation error.

Release: 2020.8.3

Deployment date: August 6, 2020

Download: Okta Admin Console (Settings > Downloads)

Release summary

Okta Access Gateway 2020.8.3 is now Generally Available. This release includes new features, bug fixes, and both new and updated documentation.

Features

Administrators can now define and use Trusted domains.
For more information see 信頼できるドメインについて and Manage Trusted domains in Command Line Management Consoleのリファレンス.
Administrators can now perform Admin renomination.
See 管理者の再指名について and 管理者の再指名を実行する.
Administrators can now better manage certificates in the Access Gateway Admin UI console.
See Access Gateway証明書について and Managing certificate tasks.
Access Gateway now supports deploying into Oracle Cloud Infrastructure.
See Oracle Cloud Infrastructure（OCI）デプロイタスク for more information.

Enhancements

Documentation has been enhanced to include new log events in support of Trusted domains, Admin renomination and Certificate management.
See Monitor log Access Gateway監視ログ for more information.
Documentation restructured and extended for Monitor, Access and Audit logs.

Fixes

OKTA-277067 - When adding worker nodes to an Access Gateway cluster, the immutable flag for resolve.conf was not reset, leading to potential DNS issues.
OKTA-304742 - Applications updated using the Access Gateway Admin UI console overwrote some Okta Org application settings.
OKTA-278891 - Corrects an issue with unauthenticated open redirects.

Release: 2020.7.1

Deployment date: July 7, 2020

Download: Okta Admin Console (Settings > Downloads)

Release summary

The Okta Access Gateway 2020.7.1 is now Generally Available. This release includes new features, bug fixes, and both new and updated documentation.

Features

Administrators can now assign IP addresses and routes to network interfaces.
For more information see Managing network interfaces and overview of about network interfaces.

Enhancements

Documentation of events for Access, Audit and Monitoring has been expanded and improved. See also Access Gatewayログについて
Documentation added for Log forwarding Trouble Shooting and Frequently asked questions.
Documentation added for Managing network interfaces and overview of about network interfaces.
Documentation added for copying Microsoft Azure disks for use with high availability.
Documentation added for creating Microsoft Azure load balancers.
Documentation added for creating AWS EC2 load balancers.
Documentation for application behaviors has been updated and now includes state diagrams.
Documentation added for Qlik applications.
Documentation for Oracle EBS applications has been expanded to include Oracle side configuration.

Fixes

OKTA-270300 - In some situations, the Access Gateway Management console didn’t accurately reflect the latest updates.
OKTA-270924 - After upgrading to the latest version of Okta Access Gateway, the child menu elements in the Access Gateway Management console still displayed the previous version number.
OKTA-294411 - After restoring from a previous backup to a new instance of Okta Access Gateway, the Access Gateway Admin UI console displayed an error message “Admin UI has invalid token.”
OKTA-297153 - Attributes weren't correctly persisted to LDAP data stores during concurrent updates.
OKTA-303208 - During upgrades benign errors were displayed.
OKTA-303956 - When using the Access Gateway Management console, admins were able to enter invalid DNS entries.
OKTA-304058 - When checking advanced policy during a session timeout where a session integrity check failed, an incorrect error code was returned.
OKTA-306020 - After upgrading from Access Gateway 2020.1.0 to 2020.6.3, Admins were unable to login to the Access Gateway Admin UI console. This also happened when upgrading from 2019.4.2 and 2019.4.5 to 2020.6.3.
OKTA-309427 - The default Access Gateway error page had a typo.

Release: 2020.6.3

Deployment date: June 3, 2020

Download: Okta Admin Console (Settings > Downloads)

Features

Administrators can now delete and rename backups in the Access Gateway Admin UI console.
For more information see バックアップの管理.

Enhancements

Access Gateway documentation as a whole was restructured to improve structure and usability.
Documentation added for Oracle Application Express applications.
Documentation added for Oracle Forms applications.
Documentation added for including JavaScript into pages to support AJAX session timeout handing. See 高度なAccess Gatewayポリシーの例.
When downloading backups, administrators can now choose to hide or show passwords.

Fixes

OKTA-254374 - When localhost was configured as the DNS nameserver, the Access Gateway Management console displayed the loopback address instead of the hostname.
OKTA-286718 - Adding a high availability worker node to an Access Gateway cluster failed with an initialization error.
OKTA-288224 - When an Access Gateway disk was at or near full capacity, the SNMP agent stopped working.
OKTA-295495 - Duplicate log entries were created when some SNMP error messages were incorrectly marked as INFO instead of ERROR.
OKTA-295590 - In some situations, during initial session creation when submitting forms, Access Gateway would redirect GET requests as POST requests.
OKTA-298878 - When trying to remove an LDAP data store on the Access Gateway Admin UI console, some data stores incorrectly reported their status as in use.
OKTA-298939 - On high availability clusters, worker node events were missing when capturing log events using system loggers.

Release: 2020.5.5

Deployment date: May 5, 2020

Download: Okta Admin Console (Settings > Downloads)

Features

Administrators can now backup and restore Okta tenant, application, data store and related configuration.
For more information see, バックアップと復元, バックアップの管理, and 復元を実行する.

Enhancements

Documentation added for Oracle Hyperion applications.
Documentation added for Oracle BI Enterprise Edition applications.
Documentation added for Oracle Demantra applications.
Target specific download links added for Amazon EC2, Microsoft Azure, and VMWare virtual environments.
User authentication events are now written to logs.

Fixes

OKTA-283885 - In some situations, the Network Connectivity Test in the Access Gateway Management console would fail with an invalid host name error for valid hosts.
OKTA-290632 - Access Gateway didn't honor the maximum session duration setting. Some sessions were still valid after the maximum session duration was exceeded.
OKTA-291181 - When there was no user session and the behavior Force reauthentication at IdP was enabled, reauthentication didn't occur as expected.

Release: 2020.4.4

Deployment date: April 8, 2020

Download: Okta Admin Console (Settings > Downloads)

Features

Forwarding log events to syslog systems, such as Graylog, is now available.
For more information see Administering Log Forwarding.
Administrators can now download all Access Gateway log files.
For more information see ログのダウンロード, and Access Gatewayログについて.

Enhancements

Documentation added for Oracle Application Express applications.
Documentation added for Oracle Forms applications.
Documentation added for Oracle WebCenter applications.

Fixes

OKTA-275433 - When importing attributes in datastore’s, commas were inserted at the start and end of the attribute list. Removing the commas resulted in a partial list.

Release: 2020.3.3

Deployment date: March 3, 2020

Download: Okta Admin Console (Settings > Downloads)

Enhancements

Documentation added for Oracle Access Gate application.
Documentation added for Oracle WebLogic application.
Documentation added for Okta Access Gateway One Day Admin tutorial.

Fixes

OKTA-275362- When modifying the field list in an existing LDAP datastore, removing all fields resulted in a field list with a single non-editable field with a blank name.
OKTA-278510 - When initially accessing the Access Gateway Management console, the string "Repodata is over N weeks old. Install yum-cron? Or run yum makecache fast." was inadvertently displayed.
OKTA-280578 - After upgrading from Access Gateway version 2020.01.0 or earlier, configuring high availability through the Access Gateway Management console caused the console to stop responding.
OKTA-280615 - After upgrading from Access Gateway version 2020.1.0 or earlier, when attempting to place an application in maintenance mode, the Access Gateway Admin UI console would redirect to the application page rather than the maintenance page.

Release: 2020.2.1

Deployment date: February 13, 2020

Download: Okta Admin Console (Settings > Downloads)

Features

High Availability is now available.

Enhancements

Documentation updates for Adding Kerberos Applications and Adding Oracle PeopleSoft Applications.
Documentation added for Adding Oracle JD Edwards Applications.
Documentation added for Configuring High Availability.
Documentation added for Access Gateway One Day Administration.
Documentation added for Add an Oracle WebLogic Server Application.

Fixes

OKTA-257420 - When the system time was updated through the Access Gateway Management console, the User-Defined Cookie Domain value and Access Gateway Hostname values were reset.
OKTA-274930 - The Unbound networking service log events weren't being captured to the syslog.
OKTA-274975 - When using the Access Gateway Admin UI console to create or update EBS applications in high availability clusters, the changes weren't propagated to worker nodes.
OKTA-275416 - When performing updates on worker nodes in high availability clusters, the bootstrap process produced an invalid configuration causing the node not to start.
OKTA-275757 - The Okta Access Gateway update process deleted the high availability configuration file on admin nodes.
OKTA-276986 - When using the Access Gateway Admin UI console to configure datastore definitions in high availability clusters, definitions with names that contain spaces weren't synchronized with worker nodes.

Release: 2020.1.0

Deployment date: January 8, 2020

Download: Okta Admin Console (Settings > Downloads)

Features

Documentation is enhanced for examples applications.

Enhancements

Documentation added on administering Application Behaviors. For more information see アプリケーション動作について
Documentation added on administering Advanced Policies. For more information see 高度なAccess Gatewayポリシー.
Documentation added on administering the support VPN. For more information see Access GatewayがサポートするVPNの管理.
Documentation added for all currently supported application versions. For more information see サポート対象テクノロジー.
Documentation added on supported sample applications. For more information see Access Gateway対応アプリケーション.

Fixes

OKTA-252228 - When setting the system time via the Access Gateway Management console (Services > NTP > Set system time), the current date and time was not displayed.
OKTA-252305 - When escaping from either of the NTP entry menus the user was returned to the Services menu rather than the NTP menu.
OKTA-258911 - When changing session cache, the fixed MB example shows 100MB for the 1000MB example. For more information see the Command Line Console > Services menu.
OKTA-262774 - When resetting the system using the management console (System> Reset) Access Gateway as incorrectly identified as SPGateway.
OKTA-269513 - When configuring NIC bonding using the management console (Networking >Setup NIC bonding)
"Error command not found" was displayed and the command failed.

Release: 2019.4.5

Deployment date: December 1, 2019

Download: Okta Admin Console (Settings > Downloads)

Features

Access Gateway has been hardened around certain vulnerability issues.
Documentation is enhanced for applications, and capacity planning.

Enhancements

Documentation added to include how to add Kerberos applications. See Kerberosアプリケーションを追加する.
Capacity planning guidance has been expanded and improved with respect to disk requirements.
See the Capacity Planning and Sizing section inAccess Gatewayデプロイメントの前提条件 for more information.
New documentation has been added on use of the Support VPN. See Access GatewayがサポートするVPNの管理 for more information.

Fixes

OKTA-258541 - Okta Access Gateway upgrades incorrectly prompted for passwords via sudo.
OKTA-257725 - Okta Access Gatewayupgrades failed with EBS SSO Agent errors.

Release: 2019.4.2

Deployment date: October 31, 2019

Download: Okta Admin Console (Settings > Downloads)

Features

Access Gateway has been hardened around certain vulnerability issues.
Documentation is enhanced for applications, capacity planning and sizing, and ports and protocols. SeeAccess Gatewayデプロイメントの前提条件 for more information.

Enhancements

Documentation added to include how to add Oracle EBS applications. See Oracle E-Business Suite アプリケーションを追加する for more information.
Documentation added to include how to add PeopleSoft applications. See Oracle PeopleSoftアプリを追加する for more information.
Documentation added on application behaviors. See アプリケーション動作について for more information.
Documentation extended to include all required port and protocol information.
See the Firewall Rules section in Access Gatewayデプロイメントの前提条件 for a complete list of all ports and protocols used by Access Gateway.
Capacity planning guidance has been expanded and improved.
See the Capacity Planning and Sizing section in Access Gatewayデプロイメントの前提条件 for more information.
Access Gateway is now available for download from the Admin Console Settings > Downloads menu. For Access Gateway version history see Okta Access Gatewayのバージョン履歴.

Fixes

OKTA-245678 - Validation failed when API token is Org + App Admin-scoped.
OKTA-252302 - Input validation errors caused Access Gateway to unexpectedly delete ciphers.
OKTA-256348 - AutoSession expired when user session creation exceeded one second.
OKTA-256778 - NGINX did not restart when updated certificates were in place.
OKTA-256796 - Hostname updates in the management console displayed an error.

Release: 2019.2.0

Deployment date: October 2, 2019

Download: Okta Admin Console (Settings > Downloads)

Features

Admins can now use the Access Gateway Management console to upgrade their instance of Access Gateway. For more information see Access Gatewayノードをアップグレードする .
Admins can more easily add, update and manage certificates. For more information see 証明書および証明書チェーンを管理する.
All Access Gateway product and documentation has been updated and re-branded.

Fixes

OKTA-249758 - Okta Access Gateway updated to address a reporting error during start up.
OKTA-249457 - Okta Access Gateway has been updated to correctly reload its configuration on start or restart.
OKTA-247108 - When configuring static networks DNS server is now set correctly.
OKTA-244460 - On application logout Access Gateway now correctly destroys session cookies in Internet Explorer 11.
OKTA-244453- When editing an existing IWA application, Kerberos realm drop down list is populated with realm selected while adding the application.
OKTA-242871- Rapid SSO w/EBS updated to support Internet Explorer.
OKTA-251020- Management console now displays memcache statistics.
OKTA-249510- Access Gateway Management console enable/disable debug option now functions as expected.
OKTA-240656- Duplicate realms no longer displayed when setting Kerberos realm in IIS IWA applications.
OKTA-240544- Mixed case public domain entries are now correctly treated as all lower case.
OKTA-251603- Application short name is now visible via tooltip when mouse hovers over the application name in the Admin UI.
OKTA-243275- Access Gateway Admin UI console now raises errors when invalid domain names are entered due to illegal characters.
OKTA-241517- Access Gateway now supports certificate generation in the advanced application settings.
OKTA-241516- Empty Protected Web Resource field are now handled correctly.
OKTA-241515- Access Gateway now supports custom delimiters and disabling default csv splitting for attribute import.