Okta Access Gateway release notes

Release: 2025.10.0

Deployment date: October 23, 2025

Download: Okta Admin Console (SettingsDownloads)

See also Okta Access Gateway API release notes.

Release summary

This version is now Generally Available. It includes new features, bug fixes, security enhancements, and documentation updates.

Deployments begin on the specified release date and are rolled out gradually to all cells over a one-week period. Dates for upcoming releases aren't final and are subject to change.

Before you begin

• The Access Gateway admin node must be able to reach your org URL at <your-org>-admin.okta.com. Verify that it's excluded from SSL decryption. See Access Gateway deployment prerequisites.
• If you're upgrading from any version, upgrade the admin node after you've upgraded all worker nodes.
• If you're upgrading from version 2024.7.0 or earlier, upgrade all of your nodes in the same maintenance window. This ensures that all app configurations are updated after the PHP upgrade. If you can't upgrade all of your nodes at the same time, see this Okta Support article.

Install this version

1. Take a snapshot of the appliance or make a backup before you start the upgrade process. See your virtualization platform's documentation for instructions on taking snapshots. See Backup and restore.
2. Sign in to the Access Gateway Management console.
3. Select 5 - System2 - Install Package.
4. This step is only required if you're running Access Gateway version 2023.7.2 or earlier. If your Access Gateway version is 2023.8.1 or later, skip to step 6.
   1. Select 2 - Install Package.
   2. When the installer prompts you for a package name, enter okta-mgmt-user-2023.9.1-64a0a16e6 and press Enter.
5. When the upgrade is complete, close the Management console.
6. Open the Management console and sign in again.
7. Select 5 - System4 - Update. Follow the prompts to update the remaining Access Gateway packages.

   The Upgrade in-progress page may appear blank after the upgrade has finished. If this happens, validate the upgrade:

   1. Enter CTRL+C on your keyboard to return to the previous page. It may show an upgrade failure message.
   2. Sign in to Shell and run the following command:

      sudo tail -1 /opt/oag/upgrades/current/yumUpdateOutput.log

      Shell displays "Complete!" when the upgrade finishes successfully.

   3. Follow the remaining steps in the installation instructions.
8. Reboot the node after you complete the upgrade. See the Reboot section of the System menu for instructions. The app update process starts after the reboot. See How to check if application update is in progress post-upgrade.
9. Clear the browser cookies from the client computer. Do this before you access the Access Gateway Admin UI console after rebooting.
10. Enable trusted domains on admin nodes if it isn't already. If you don't enable this option, Single Logout fails. See the Manage Trusted Domains section of the Access Gateway Network Setup menu.

Features and enhancements

Okta Access Gateway API

You can now configure Okta Access Gateway identity providers (IdPs) and apps using REST API calls. This is a convenient way to configure apps programmatically or on the fly. See Enable or disable the Access Gateway API.

Fixes

• OKTA-890952: Admins couldn't access the Access Gateway Admin UI Console when upgrading to Access Gateway version 2025.3.0.

Release: 2025.9.0

Deployment date: October 1, 2025

Download: Okta Admin Console (SettingsDownloads)

Release summary

This version is now Generally Available. It includes new features, bug fixes, security enhancements, and documentation updates.

Deployments begin on the specified release date and are rolled out gradually to all cells over a one-week period. Dates for upcoming releases aren't final and are subject to change.

Before you begin

• The Access Gateway admin node must be able to reach your org URL at <your-org>-admin.okta.com. Verify that it's excluded from SSL decryption. See Access Gateway deployment prerequisites.
• If you're upgrading from any version, upgrade the admin node after you've upgraded all worker nodes.
• If you're upgrading from version 2024.7.0 or earlier, upgrade all of your nodes in the same maintenance window. This ensures that all app configurations are updated after the PHP upgrade. If you can't upgrade all of your nodes at the same time, see this Okta Support article.

Install this version

1. Take a snapshot of the appliance or make a backup before you start the upgrade process. See your virtualization platform's documentation for instructions on taking snapshots. See Backup and restore.
2. Sign in to the Access Gateway Management console.
3. Select 5 - System2 - Install Package.
4. This step is only required if you're running Access Gateway version 2023.7.2 or earlier. If your Access Gateway version is 2023.8.1 or later, skip to step 6.
   1. Select 2 - Install Package.
   2. When the installer prompts you for a package name, enter okta-mgmt-user-2023.9.1-64a0a16e6 and press Enter.
5. When the upgrade is complete, close the Management console.
6. Open the Management console and sign in again.
7. Select 5 - System4 - Update. Follow the prompts to update the remaining Access Gateway packages.

   The Upgrade in-progress page may appear blank after the upgrade has finished. If this happens, validate the upgrade:

   1. Enter CTRL+C on your keyboard to return to the previous page. It may show an upgrade failure message.
   2. Sign in to Shell and run the following command:

      sudo tail -1 /opt/oag/upgrades/current/yumUpdateOutput.log

      Shell displays "Complete!" when the upgrade finishes successfully.

   3. Follow the remaining steps in the installation instructions.
8. Reboot the node after you complete the upgrade. See the Reboot section of the System menu for instructions. The app update process starts after the reboot. See How to check if application update is in progress post-upgrade.
9. Clear the browser cookies from the client computer. Do this before you access the Access Gateway Admin UI console after rebooting.
10. Enable trusted domains on admin nodes if it isn't already. If you don't enable this option, Single Logout fails. See the Manage Trusted Domains section of the Access Gateway Network Setup menu.

Fixes

• OKTA-1007845: Access Gateway appended a default port number in the Host Header Value field.
• OKTA-947737: Admins received an error message when they tried to view the Kerberos list.

Release: 2025.8.0

Deployment date: August 13, 2025

Download: Okta Admin Console (SettingsDownloads)

Release summary

This version is now Generally Available. It includes new features, bug fixes, security enhancements, and documentation updates.

Deployments begin on the specified release date and are rolled out gradually to all cells over a one-week period. Dates for upcoming releases aren't final and are subject to change.

Before you begin

• The Access Gateway admin node must be able to reach your org URL at <your-org>-admin.okta.com. Verify that it's excluded from SSL decryption. See Access Gateway deployment prerequisites.
• If you're upgrading from any version, upgrade the admin node after you've upgraded all worker nodes.
• If you're upgrading from version 2024.7.0 or earlier, upgrade all of your nodes in the same maintenance window. This ensures that all app configurations are updated after the PHP upgrade. If you can't upgrade all of your nodes at the same time, see this Okta Support article.

Install this version

1. Take a snapshot of the appliance or make a backup before you start the upgrade process. See your virtualization platform's documentation for instructions on taking snapshots. See Backup and restore.
2. Sign in to the Access Gateway Management console.
3. Select 5 - System2 - Install Package.
4. This step is only required if you're running Access Gateway version 2023.7.2 or earlier. If your Access Gateway version is 2023.8.1 or later, skip to step 6.
   1. Select 2 - Install Package.
   2. When the installer prompts you for a package name, enter okta-mgmt-user-2023.9.1-64a0a16e6 and press Enter.
5. When the upgrade is complete, close the Management console.
6. Open the Management console and sign in again.
7. Select 5 - System4 - Update. Follow the prompts to update the remaining Access Gateway packages.

   The Upgrade in-progress page may appear blank after the upgrade has finished. If this happens, validate the upgrade:

   1. Enter CTRL+C on your keyboard to return to the previous page. It may show an upgrade failure message.
   2. Sign in to Shell and run the following command:

      sudo tail -1 /opt/oag/upgrades/current/yumUpdateOutput.log

      Shell displays "Complete!" when the upgrade finishes successfully.

   3. Follow the remaining steps in the installation instructions.
8. Reboot the node after you complete the upgrade. See the Reboot section of the System menu for instructions. The app update process starts after the reboot. See How to check if application update is in progress post-upgrade.
9. Clear the browser cookies from the client computer. Do this before you access the Access Gateway Admin UI console after rebooting.
10. Enable trusted domains on admin nodes if it isn't already. If you don't enable this option, Single Logout fails. See the Manage Trusted Domains section of the Access Gateway Network Setup menu.

Features and enhancements

Support for host headers that include port numbers

Okta Access Gateway now supports host headers that include port numbers. For existing apps, Access Gateway automatically generates a host header value that includes the port. This occurs the first time an app that's configured for a private domain is edited after the upgrade. Subsequent edits retain this value. For new apps, admins must manually define the host header value, including the port, if required. In both scenarios, verify that the host header value is correct to prevent errors when accessing the app. See App-protected web resources.

Fixes

• OKTA-544844: Access Gateway didn't set the port with the host header.
• OKTA-935619: Requests to the status endpoint failed and displayed a 421 HTTP response.
• OKTA-955015: Users couldn't sign in to Access Gateway from computers that either lacked a network interface card or didn't have DHCP configured.

Release: 2025.7.1

Deployment date: July 16, 2025

Download: Okta Admin Console (SettingsDownloads)

Release summary

This version is now Generally Available. It includes new features, bug fixes, security enhancements, and documentation updates.

Deployments begin on the specified release date and are rolled out gradually to all cells over a one-week period. Dates for upcoming releases aren't final and are subject to change.

Before you begin

• The Access Gateway admin node must be able to reach your org URL at <your-org>-admin.okta.com. Verify that it's excluded from SSL decryption. See Access Gateway deployment prerequisites.
• If you're upgrading from any version, upgrade the admin node after you've upgraded all worker nodes.
• If you're upgrading from version 2024.7.0 or earlier, upgrade all of your nodes in the same maintenance window. This ensures that all app configurations are updated after the PHP upgrade. If you can't upgrade all of your nodes at the same time, see this Okta Support article.

Install this version

1. Take a snapshot of the appliance or make a backup before you start the upgrade process. See your virtualization platform's documentation for instructions on taking snapshots. See Backup and restore.
2. Sign in to the Access Gateway Management console.
3. Select 5 - System2 - Install Package.
4. This step is only required if you're running Access Gateway version 2023.7.2 or earlier. If your Access Gateway version is 2023.8.1 or later, skip to step 6.
   1. Select 2 - Install Package.
   2. When the installer prompts you for a package name, enter okta-mgmt-user-2023.9.1-64a0a16e6 and press Enter.
5. When the upgrade is complete, close the Management console.
6. Open the Management console and sign in again.
7. Select 5 - System4 - Update. Follow the prompts to update the remaining Access Gateway packages.

   The Upgrade in-progress page may appear blank after the upgrade has finished. If this happens, validate the upgrade:

   1. Enter CTRL+C on your keyboard to return to the previous page. It may show an upgrade failure message.
   2. Sign in to Shell and run the following command:

      sudo tail -1 /opt/oag/upgrades/current/yumUpdateOutput.log

      Shell displays "Complete!" when the upgrade has been completed successfully.

   3. Follow the remaining steps in the installation instructions.
8. Reboot the node after you complete the upgrade. See the Reboot section of the System menu for instructions. The app update process starts after the reboot. See How to check if application update is in progress post-upgrade.
9. Clear the browser cookies from the client computer. Do this before you access the Access Gateway Admin UI console after rebooting.
10. Enable trusted domains on admin nodes if it isn't already. If you don't enable this option, Single Logout fails. See the Manage Trusted Domains section of the Access Gateway Network Setup menu.

Features and enhancements

Access Gateway log enhancements

The unbound log entry now includes the DNS server that Access Gateway queries and indicates whether they responded. See Manage logging.

The monitorLogs entry now includes Nginx debug information. See Manage logging.

Fixes

• OKTA-946386: Input fields on the Set schedule menu overlapped with UI field names.
• OKTA-319529: Some users were returned to the wrong menu after canceling changes to DNS servers.

Release: 2025.6.0

Deployment date: June 11, 2025

Download: Okta Admin Console (SettingsDownloads)

Release summary

This version is now Generally Available. It includes new features, bug fixes, security enhancements, and documentation updates.

Deployments begin on the specified release date and are rolled out gradually to all cells over a one-week period. Dates for upcoming releases aren't final and are subject to change.

Before you begin

• The Access Gateway admin node must be able to reach your org URL at <your-org>-admin.okta.com. Verify that it's excluded from SSL decryption. See Access Gateway deployment prerequisites.
• If you're upgrading from any version, upgrade the admin node after you've upgraded all worker nodes.
• If you're upgrading from version 2024.7.0 or earlier, upgrade all of your nodes in the same maintenance window. This ensures that all app configurations are updated after the PHP upgrade. If you can't upgrade all of your nodes at the same time, see this Okta Support article.

Install this version

1. Take a snapshot of the appliance or make a backup before you start the upgrade process. See your virtualization platform's documentation for instructions on taking snapshots. See Backup and restore.
2. Sign in to the Access Gateway Management console.
3. Select 5 - System2 - Install Package.
4. This step is only required if you're running Access Gateway version 2023.7.2 or earlier. If your Access Gateway version is 2023.8.1 or later, skip to step 6.
   1. Select 2 - Install Package.
   2. When the installer prompts you for a package name, enter okta-mgmt-user-2023.9.1-64a0a16e6 and press Enter.
5. When the upgrade is complete, close the Management console.
6. Open the Management console and sign in again.
7. Select 5 - System4 - Update. Follow the prompts to update the remaining Access Gateway packages.

   The Upgrade in-progress page may appear blank after the upgrade has finished. If this happens, validate the upgrade:

   1. Enter CTRL+C on your keyboard to return to the previous page. It may show an upgrade failure message.
   2. Sign in to Shell and run the following command:

      sudo tail -1 /opt/oag/upgrades/current/yumUpdateOutput.log

      Shell displays "Complete!" when the upgrade has been completed successfully.

   3. Follow the remaining steps in the installation instructions.
8. Reboot the node after you complete the upgrade. See the Reboot section of the System menu for instructions. The app update process starts after the reboot. See How to check if application update is in progress post-upgrade.
9. Clear the browser cookies from the client computer. Do this before you access the Access Gateway Admin UI console after rebooting.
10. Enable trusted domains on admin nodes if it isn't already. If you don't enable this option, Single Logout fails. See the Manage Trusted Domains section of the Access Gateway Network Setup menu.

Features and enhancements

New Auto-Update metrics

Last update timestamp is now available as an Auto Update metric. See Supported metrics.

Stopped updates metrics are now available as an Auto-Update metric. See Supported metrics.

New log forwarder feed options

The ACCESS, AUDIT & MONITOR and AGGREGATE feed options are now available. See Configure log forwarders.

Fixes

• OKTA-310289: Log-forwarder feeds didn't allow all sources to be sent to a single SIEM.

Release: 2025.5.4

Deployment date: May 22, 2025

Download: Okta Admin Console (SettingsDownloads)

Release summary

Access Gateway version 2025.5.4 is now Generally Available. This release includes new features, bug fixes, security enhancements, and documentation updates.

Before you begin

• Access Gateway must be able to reach your org URL at <your-org>-admin.okta.com. Verify that it's excluded from SSL decryption. See Access Gateway deployment prerequisites.
• If you're upgrading from any version, upgrade the admin node after you've upgraded all worker nodes.
• If you're upgrading from version 2024.7.0 or earlier, follow these instructions:
  1. Make a note of any customizations that you've made in Okta so that you can reapply them after the upgrade. Apps are updated to use the upgraded PHP version through the admin node after you reboot after upgrading.
  2. If there are more than 50 apps in your Access Gateway environment, update the API token rate limit to 75%. See Manage Okta API tokens.
  3. Upgrade all of your nodes in the same maintenance window. This ensures that all app configurations are updated after the PHP upgrade. If you can't upgrade all of your nodes at the same time, see this Okta Support article.

Install this version

1. Take a snapshot of the appliance or make a backup before you start the upgrade process. See your virtualization platform's documentation for instructions on taking snapshots. See Backup and restore.
2. Sign in to the Access Gateway Management console.
3. Select 5 - System2 - Install Package.
4. This step is only required if you're running Access Gateway version 2023.7.2 or earlier. If your Access Gateway version is 2023.8.1 or later, skip to step 6.
   1. Select 2 - Install Package.
   2. When the installer prompts you for a package name, enter okta-mgmt-user-2023.9.1-64a0a16e6 and press Enter.
5. When the upgrade is complete, close the Management console.
6. Open the Management console and sign in again.
7. Select 5 - System4 - Update. Follow the prompts to update the remaining Access Gateway packages.

   The Upgrade in-progress page may appear blank after the upgrade has finished. If this happens, validate the upgrade:

   1. Enter CTRL+C on your keyboard to return to the previous page. It may show an upgrade failure message.
   2. Sign in to Shell and run the following command:

      sudo tail -1 /opt/oag/upgrades/current/yumUpdateOutput.log

      Shell displays "Complete!" when the upgrade has been completed successfully.

   3. Follow the remaining steps in the installation instructions.
8. Reboot the node after you complete the upgrade. See the Reboot section of the System menu for instructions. The app update process starts after the reboot. See How to check if application update is in progress post-upgrade.
9. Clear the browser cookies from the client computer. Do this before you access the Access Gateway Admin UI console after rebooting.
10. Enable trusted domains on admin nodes if it isn't already. If you don't enable this option, Single Logout fails. See the Manage Trusted Domains section of the Access Gateway Network Setup menu.

Features and enhancements

Universal Logout for Access Gateway

Access Gateway now supports Universal Logout. This enables admins to automatically sign users out of this app when Universal Logout is triggered. See Universal Logout supported apps.

Access Gateway Auto-Update

Auto-Update lets you configure a schedule to update Access Gateway automatically. This lets admins choose a suitable time for downloading and updating Access Gateway instances, like when the fewest number of users are online. See Configure Auto-Update.

Fixes

• OKTA-830480: Access Gateway didn't process Regex expression modifiers in the Resource Path field on the Add/Edit Custom Policy page correctly.
• OKTA-843211: An error appeared when a user attempted to authenticate, and the attempt wasn't recorded in the System Log.
• OKTA-854340: A server error appeared when admins tried to validate a database.
• OKTA-856082: The Access Gateway 'AdminUI' template was visible to some users in Access Gateway instances where SSO wasn't implemented for Customer Identity Cloud users.
• OKTA-870821: An error appeared instead of the main menu when users accessed Access Gateway using Secure Socket Shell (SSH).
• OKTA-874964: The Driver field on the Create New DataStore page didn't display values.
• OKTA-889015: When users reached their maximum idle time, Access Gateway displayed an error message instead of requiring users to reauthenticate.
• OKTA-891747: Admins couldn't add or edit apps in the Access Gateway Admin UI console when their Okta org used a custom domain.
• OKTA-898326: A server error appeared instead of the correct error message when Access Gateway couldn't validate a Customer Identity Cloud IdP.
• OKTA-890945: Users couldn't access the Oracle Access Gate app after Access Gateway was upgraded to version 2024.9.2 or higher.
• OKTA-904404: Some apps weren't rendered correctly when they were linked to an additional resource.
• OKTA-917984: Some worker nodes incorrectly displayed a prompt to change the admin password after setting up Access Gateway for the first time.

Release: 2025.3.1

Deployment date: March 25, 2025

Download: Okta Admin Console (SettingsDownloads)

Release summary

Access Gateway version 2025.3.1 is now Generally Available. This release includes new features, bug fixes, security enhancements, and documentation updates.

Before you begin

• Access Gateway must be able to reach your org URL at <your-org>-admin.okta.com. Verify that it's excluded from SSL decryption. See Access Gateway deployment prerequisites.
• If you're upgrading from any version, upgrade the admin node after you've upgraded all worker nodes.
• If you're upgrading from version 2024.7.0 or earlier, follow these instructions:
  1. Make a note of any customizations that you've made in Okta so that you can reapply them after the upgrade. Apps are updated to use the upgraded PHP version through the admin node after you reboot after upgrading.
  2. If there are more than 50 apps in your Access Gateway environment, update the API token rate limit to 75%. See Manage Okta API tokens.
  3. Upgrade all of your nodes in the same maintenance window. This ensures that all app configurations are updated after the PHP upgrade. If you can't upgrade all of your nodes at the same time, see this Okta Support article.

Install this version

1. Take a snapshot of the appliance or make a backup before you start the upgrade process. See your virtualization platform's documentation for instructions on taking snapshots. See Backup and restore.
2. Sign in to the Access Gateway Management console.
3. Select 5 - System2 - Install Package.
4. This step is only required if you're running Access Gateway version 2023.7.2 or earlier. If your Access Gateway version is 2023.8.1 or later, skip to step 6.
   1. Select 2 - Install Package.
   2. When the installer prompts you for a package name, enter okta-mgmt-user-2023.9.1-64a0a16e6 and press Enter.
5. When the upgrade is complete, close the Management console.
6. Open the Management console and sign in again.
7. Select 5 - System4 - Update. Follow the prompts to update the remaining Access Gateway packages.

   The Upgrade in-progress page may appear blank after the upgrade has finished. If this happens, validate the upgrade:

   1. Enter CTRL+C on your keyboard to return to the previous page. It may show an upgrade failure message.
   2. Sign in to Shell and run the following command:

      sudo tail -1 /opt/oag/upgrades/current/yumUpdateOutput.log

      Shell displays "Complete!" when the upgrade has been completed successfully.

   3. Follow the remaining steps in the installation instructions.
8. Reboot the node after you complete the upgrade. See the Reboot section of the System menu for instructions. The app update process starts after the reboot. See How to check if application update is in progress post-upgrade.
9. Clear the browser cookies from the client computer. Do this before you access the Access Gateway Admin UI console after rebooting.
10. Enable trusted domains on admin nodes if it isn't already. If you don't enable this option, Single Logout fails. See the Manage Trusted Domains section of the Access Gateway Network Setup menu.

Fixes

• OKTA-891747: Admins couldn't add or edit apps in the Access Gateway Admin UI console when their Okta org used a custom domain.

Release: 2025.3.0

Deployment date: March 6, 2025

Download: Okta Admin Console (SettingsDownloads)

Release summary

Access Gateway version 2025.3.0 is now Generally Available. This release includes new features, bug fixes, security enhancements, and documentation updates.

Before you begin

If you're upgrading from version 2024.7.0 or earlier, follow these instructions:

1. Apps are updated to use the upgraded PHP version through the admin node after you reboot after upgrading. Make a note of any customizations that you've made in Okta so that you can reapply them after the upgrade.
2. If there are more than 50 apps in your Access Gateway environment, update the API token rate limit to 75%. See Manage Okta API tokens.
3. Upgrade all of your nodes in the same maintenance window. This ensures that all app configurations are updated after the PHP upgrade. If you can't upgrade all of your nodes at the same time, see this Okta Support article.

If you're upgrading from any version, upgrade the admin node after you've upgraded all worker nodes.

Install this version

1. Take a snapshot of the appliance or make a backup before you start the upgrade process. See your virtualization platform's documentation for instructions on taking snapshots. See Backup and restore.
2. Sign in to the Access Gateway Management console.
3. Select 5 - System2 - Install Package.
4. This step is only required if you're running Access Gateway version 2023.7.2 or earlier. If your Access Gateway version is 2023.8.1 or later, skip to step 6.
   1. Select 2 - Install Package.
   2. When the installer prompts you for a package name, enter okta-mgmt-user-2023.9.1-64a0a16e6 and press Enter.
5. When the upgrade is complete, close the Management console.
6. Open the Management console and sign in again.
7. Select 5 - System4 - Update. Follow the prompts to update the remaining Access Gateway packages.

   The Upgrade in-progress page may appear blank after the upgrade has finished. If this happens, validate the upgrade:

   1. Enter CTRL+C on your keyboard to return to the previous page. It may show an upgrade failure message.
   2. Sign in to Shell and run the following command:

      sudo tail -1 /opt/oag/upgrades/current/yumUpdateOutput.log

      Shell displays "Complete!" when the upgrade has been completed successfully.

   3. Follow the remaining steps in the installation instructions.
8. Reboot the node after you complete the upgrade. See the Reboot section of the System menu for instructions. The app update process starts after the reboot. See How to check if application update is in progress post-upgrade.
9. Clear the browser cookies from the client computer. Do this before you access the Access Gateway Admin UI console after rebooting.
10. Enable trusted domains on admin nodes if it isn't already. If you don't enable this option, Single Logout fails. See the Manage Trusted Domains section of the Access Gateway Network Setup menu.

Features and enhancements

Connections to Access Gateway consoles are restricted to the local network

You can now only connect to the Access Gateway Management console and Access Gateway Admin UI console from specific IP address ranges in your local private network. See Manage network interfaces.

Change the default password on first sign-in

The flow for changing the default password when you sign in to the Access Gateway Management console and Access Gateway Admin UI console for the first time has been simplified. See Sign in for the first time: Access Gateway Admin UI console and Sign in for the first time: Access Gateway Management console.

Global Token Revocation

Access Gateway now lets you terminate the user's Access Gateway and app sessions from Okta. See Define app behaviors. This feature isn't enabled by default. Contact Okta Support to enable it.

Fixes

• OKTA-849073: An error message appeared when admins tried to check the Access Gateway SNMP service status.
• OKTA-845866: An nginx error message obscured an Access Gateway error message.
• OKTA-835739: The Edit log verbosity page displayed UI elements incorrectly.
• OKTA-834735: The Maximum Session Duration setting didn't translate values correctly from one time unit to another.
• OKTA-822024: The favicon didn't appear in Access Gateway apps that used Load Balancing.
• OKTA-816472: App access failed if a SRV record existed in the FQDN for a protected resource.

Release: 2025.1.1

Deployment date: January 24, 2025

Download: Okta Admin Console (SettingsDownloads)

Release summary

Access Gateway version 2025.1.1 is now Generally Available. This release includes new features, bug fixes, security enhancements, and documentation updates.

Before you begin

If you're upgrading from version 2024.7.0 or earlier, follow these instructions:

1. Apps are updated to use the upgraded PHP version through the admin node after you reboot after upgrading. Make a note of any customizations that you've made in Okta so that you can reapply them after the upgrade.
2. If there are more than 50 apps in your Access Gateway environment, update the API token rate limit to 75%. See Manage Okta API tokens.
3. Upgrade all of your nodes in the same maintenance window. This ensures that all app configurations are updated after the PHP upgrade. If you can't upgrade all of your nodes at the same time, see this Okta Support article.

If you're upgrading from any version, upgrade the admin node after you've upgraded all worker nodes.

Install this version

1. Take a snapshot of the appliance or make a backup before you start the upgrade process. See your virtualization platform's documentation for instructions on taking snapshots. See Backup and restore.
2. Sign in to the Access Gateway Management console.
3. Select 5 - System2 - Install Package.
4. This step is only required if you're running Access Gateway version 2023.7.2 or earlier. If your Access Gateway version is 2023.8.1 or later, skip to step 6.
   1. Select 2 - Install Package.
   2. When the installer prompts you for a package name, enter okta-mgmt-user-2023.9.1-64a0a16e6 and press Enter.
5. When the upgrade is complete, close the Management console.
6. Open the Management console and sign in again.
7. Select 5 - System4 - Update. Follow the prompts to update the remaining Access Gateway packages.

   The Upgrade in-progress page may appear blank after the upgrade has finished. If this happens, validate the upgrade:

   1. Enter CTRL+C on your keyboard to return to the previous page. It may show an upgrade failure message.
   2. Sign in to Shell and run the following command:

      sudo tail -1 /opt/oag/upgrades/current/yumUpdateOutput.log

      Shell displays "Complete!" when the upgrade has been completed successfully.

   3. Follow the remaining steps in the installation instructions.
8. Reboot the node after you complete the upgrade. See the Reboot section of the System menu for instructions. The app update process starts after the reboot. See How to check if application update is in progress post-upgrade.
9. Clear the browser cookies from the client computer. Do this before you access the Access Gateway Admin UI console after rebooting.
10. Enable trusted domains on admin nodes if it isn't already. If you don't enable this option, Single Logout fails. See the Manage Trusted Domains section of the Access Gateway Network Setup menu.

Features and enhancements

Unused authentication modules have been deprecated

Obsolete authentication modules have been removed from Access Gateway.

Fixes

• OKTA-854992: The Driver field on the Create New DataStore page didn't display values.