Okta Verify for Identity Engine release notes

Version: 6.7.1

Deployment date: August 18, 2021

Release summary

• Users can launch the Okta End-User Dashboard from Okta Verify. The Launch Dashboard button provides users with an easy way to access their apps from the mobile browser. See Open the Okta End-User Dashboard from Okta Verify.
• Users can now run Push Notification Diagnostics in Okta Verify to troubleshoot problems. The diagnostics tool checks device configurations and notification details and provides troubleshooting suggestions. See Troubleshoot missing Okta Verify push notifications on iOS devices.
• Other internal fixes.

Version: 6.5.1

Deployment date: July 14, 2021

Release summary

• From the Settings menu, users can now select the Okta Verify display theme: light, dark, or system default.
• Other internal fixes.

Version: 6.4.0

Deployment date: May 17, 2021

Release summary

• Some users who were signing in with an Okta Verify push notification were prompted for Face ID although the administrator configured Okta Verify to no longer require biometrics. (OKTA-387895)
• If the biometrics settings in Okta Verify are no longer valid, end users are now guided through the remediation steps. (OKTA-373285, OKTA-373298)
• Existing Okta Verify users no longer have to provide the username when they enable or reset biometrics, or when they set up the account for the Sign in with Okta Verify on this device option. (OKTA-376589)
• Other internal fixes.

Version: 6.3.0

Deployment date: March 22, 2021

Release summary

• In non-English versions of Okta Verify, some content on the Enter Key page of the account setup wizard wasn’t localized. (OKTA-364753)

Version: 6.2.0

Deployment date: February 8, 2021

Release summary

• In non-English versions of Okta Verify, on the Enter Key page of the account setup wizard, the Add Account button label wasn’t localized. (OKTA-355619)
• On the Enter Key page of the Okta Verify account setup wizard, users weren’t notified if the passcode they entered wasn’t valid. (OKTA-351780)
• The sign-in notification tips for end users were missing from the Okta Verify Settings page. (OKTA-346177)
• Other internal improvements.

Version: 6.1.3

Deployment date: January 6, 2021

Release summary

• Okta Verify is not supported on Apple Watch versions lower than watchOS 6. (OKTA-352262)
• The Okta Verify translation was updated. (OKTA-355449)
• Other internal improvements.

Version: 3.6.1

Features and enhancements

• Okta Verify supports localized text strings.
• In some Okta FastPass scenarios where user presence is required and users enabled biometrics, Okta Verify didn't prompt users to open the lid to use Touch ID. (OKTA-498555)
• Other internal fixes.

Version: 3.5.0

Features and enhancements

• Okta Verify can detect if a Magic Keyboard with Touch ID is connected to a macOS device. If a Magic Keyboard with Touch ID is connected to a device in closed screen clamshell mode, Okta Verify can authenticate users without prompting them to open the laptop lid.

Version: 3.4.0

Features and enhancements

• If more than one certificate is available on a device, Okta Verify uses the most recently issued certificate to attest that the device is managed.

Version: 3.3.2

Deployment date: May 9, 2022

Features and enhancements

• This version includes various internal improvements and fixes.

Version: 3.2.0

Deployment date: March 8, 2022

Features and enhancements

• The Use Touch ID to verify it's you screen now appears in additional Touch ID scenarios.

• Okta Verify now detects Touch ID lockout and provides remediation support.

Bug fix

• Enrollment wasn't canceled if a user clicked the Back link in Okta Verify before entering sign-in credentials in the browser. (OKTA-441819)

Version: 3.1.1

Deployment date: February 14, 2022

Bug fixes

• The User Consent screen displayed an incorrect app name when users attempted to sign in to an app and an existing sign in session already existed for a different app on a different browser tab. (OKTA-462202)

• The central processing unit (CPU) usage on macOS 10.15 (Catalina) devices increased when users waited too long to authenticate. (OKTA-460132)

• Error messages related to account health now appear when a user clicks an account. (OKTA-451023)

• When attempting to remove an account, the account is now removed when the user clicks Go Back if they aren't able to complete authentication in a browser. (OKTA-443773)

Version: 3.0.4

Deployment date: February 8, 2022

Bug fix

• When users on macOS 10.15 (Catalina) authenticated with Okta Verify on Chrome, Okta Verify elevated CPU levels. (OKTA-468403)

Version: 3.0.3

Deployment date: January 5, 2022

Features and enhancements

• A warning message now appears if Touch ID corruption is detected during authentication.

• End users are now notified when their account is invalidated for use with Okta Verify. If Re-enroll is available, they can click it to re-enroll the invalidated account.



See Re-enroll an Okta Verify account on macOS devices.

• The Account added screen now includes a Touch ID enabled and Default for Okta FastPass indicator when applicable.



• The How it works screen now includes an Automatically send crash reports to Okta checkbox.



• The Set Up Touch ID on this device? screen now includes a Back button

• The macOS Okta Verify app icon now conforms with BigSur UX design guidelines.

• The Terms & conditions page has an updated copyright year.

Bug fix

• The device name from macOS was missing UTF-8 4-byte characters. (OKTA-443681)

Version: 2.7.3

Deployment date: November 16, 2021

Features and enhancements

• End users can now have multiple Okta FastPass accounts in the same org.
• End users can now set the default Okta FastPass account when multiple accounts exist in the same org.

See Add an account to Okta Verify by using a sign-in URL on macOS devices, Add an account to Okta Verify by accessing an app on macOS devices, and Set a default Okta FastPass account on macOS devices.

• When an end user enters their username or email during authentication, Okta Verify uses that account for Okta FastPass authentication. If a username or email is not entered, Okta Verify uses the default Okta FastPass account, or a random account if a default account is not set up.
• The Settings screen now includes a Share anonymous diagnostic information with Okta when the app crashes checkbox that end users can select, depending on the admin configuration.



See Share diagnostic information with Okta from your macOS device, and macOS managed app configurations.

Version: 2.6.0

Deployment date: October 12, 2021

Features and enhancements

• End users now see an error message if they sign in to the wrong account to update user verification information.

• End users now see a Check your browser screen before being prompted to sign in.
  See Get started with Okta Verify on macOS devices, Add an account to Otka Verify by using a sign-in URL, and Add an account to Okta Verify by accessing an Okta-protected app

Bug fix

• When updates were made to Okta Verify using a PKG file, updates didn't take effect until Okta Verify was manually closed and re-opened. (OKTA-422189)

Version: 2.5.3

Deployment date: September 21, 2021

Features and enhancements (visible to end-users when the functionality is available to administrators)

• The Sign in using Okta Verify on this device button has been changed to Sign in with Okta FastPass.
• End users are prompted to set up Touch ID and, depending on the admin configuration, can click Set up or Not now.
  See Disable Touch ID, Enable Touch ID, Add an account to Otka Verify by using a sign-in URL, and Add an account to Okta Verify by accessing an Okta-protected app

Bug fixes

• When an end user clicked Cancel after being prompted for Touch ID to confirm account removal, Okta Verify canceled the request without prompting the user for an alternate authentication factor. (OKTA-389429)
• Some users were asked to open their laptop lids to provide Touch ID even though it wasn't required for authentication. (OKTA-420956)
• Various internal improvements and fixes. (OKTA-423258, OKTA-425026, and OKTA-423634)

Version: 2.4.2

Deployment date: August 23, 2021

Features and enhancements

• In Okta Identity Engine orgs, a title bar is now included on macOS Okta Verify screens.
• In Okta Identity Engine orgs, admins can deploy a managed app configuration containing the org URL to pre-populate the sign-in URL in the First, enter your sign-in URL screen, so end users don't need to enter it. See Managed app configurations for macOS devices

  

Bug fixes

• In Okta Identity Engine orgs, when device enrollment was triggered by authentication, the account displayed the Okta URL. (OKTA-402110)
• Enrollment failed for end users who added an account to Okta Verify by accessing an Okta-protected app. (OKTA-422167)

Version: 2.3.0

Deployment date: July 12, 2021

Features and enhancements

• This version includes various internal improvements and fixes.

Bug fix

• The Accounts information displayed the first name only. (OKTA-401390)

Version: 2.2.2

Deployment date: June 18, 2021

Features and enhancements

• Okta Verify is now a Universal build.
• User interface changes: 
  • The menu now includes Settings, which allows users to set a system display theme for the Okta Verify app. The color of the Okta Verify menu in the system tray now changes to match the chosen system theme.
    

    

  • The Okta Verify Accounts page changed. Users now click the account to see account details and to access the Enable or Disable Touch ID and Remove account buttons. Previously, these options were available in the side menu of the account.
    

    

Bug fix

• Existing accounts weren't displayed on the Okta Verify Accounts window. (OKTA-405489)

Version: 1.9.0

Deployment date: May 3, 2021

Features and enhancements

• You can now integrate macOS Okta Verify with the CrowdStrike ZTA Endpoint Detection and Response (EDR) solution. When users try to access a protected resource, Okta Verify probes their device for context and trust signals and uses these to inform the access decision. EDR integration extends device posture evaluation by enabling Okta Verify to capture signals collected by CrowdStrike ZTA running on the same device. See Endpoint security integrations.

• When Touch ID is enabled, end users are now prompted with the message Open laptop lid to use Touch ID if their laptop is in closed-display mode and they click an Okta Verify option that requires Touch ID to complete (for example, Disable Touch ID or Remove account).

• By pushing a managed application configuration to devices from your MDM solution, you can present the Welcome to Okta Verify enrollment screen to unregistered end users automatically when they attempt to access protected resources that require Okta Verify to authenticate. This eliminates the need for such users to click Sign in with Okta Verify to launch the enrollment process. See Managed app configurations for macOS devices.

• This release includes improved account list and account detail views. New options allow end users to enable or disable Touch ID or remove the account.

Version: 1.8.3

Deployment date: March 24, 2021

Release summary

• When adding an account or signing in with Okta Verify from a closed laptop with an external monitor and keyboard connected, users were prompted to set up Touch ID on the device although Touch ID was already set up. (OKTA-365814)

Version: 1.7.2

Deployment date: February 8, 2021

Release summary

• Logos and other user interface elements in the app now use new Okta brand colors.
• If uploading logs fails when using the Report an issue feature in Okta Verify, there’s now a Try again button.
• Okta Verify now supports a dark interface style. The app appearance changes automatically from light to dark mode based on the operating system settings.

Version: 1.6.0

Deployment date: December 17, 2020

Release summary

• Okta Verify is a lightweight app that allows you to securely access your apps via 2-step verification, ensuring that you, and only you, can access your app accounts. While you access your apps, you’ll choose a 2-step verification method provided by Okta Verify to finish signing in.

Version: 3.7.1

Features and enhancements

• Automatic updates

  After Okta Verify is installed on a device, it is automatically updated whenever a newer version of the app is available. In general, new versions of the app are released on a monthly basis to promote new features, enhancements, and bug fixes. These regularly scheduled feature updates are staggered over a period of seven days.

  For more information about automatic updates for Windows, see Automatic updates.

• Updates for devices that are not enrolled

  If you have Okta Verify installed on Windows laptops, but don’t expect users to enroll immediately, you can keep the app up-to-date by specifying the OrgUrl option in the managed app configuration used to deploy Okta Verify.

• Deferred automatic updates

  If you want to test new releases of Okta Verify before rolling it out to a larger group, you can defer automatic updates by one to thirteen days past the end date for rolling out automated updates. This deferred rollout option is available on Okta Verify for Windows, versions 3.7.1 and later.

  For more information about deferred updates, see Defer automatic updates .

• Okta Verify supports localized text strings.

Version: 3.6.1

Deployment date: June 22, 2022

Using mobile device management to deploy Okta Verify

If you use mobile device management (MDM) to automatically deploy Okta Verify on Windows, you must update your MDM configuration to deploy Okta Verify version 3.2.1, or later, to ensure auto-update of Okta Verify continues to work as expected after June 2022. If you aren't currently deploying Okta Verify, version 3.2.1, or later, download the latest version of Okta Verify for Windows from the Admin Console. (OKTA-491063)

To download the latest version of Okta Verify for Windows:

1. In the Admin Console, go to Settings > Downloads.

2. Scroll to locate Desktop Apps.

3. Click Download Latest.

After downloading the latest Windows .exe or .msi file, update your MDM configuration to deploy the updated version of Okta Verify.

Features and enhancements

• Okta Verify has been upgraded to use the .NET 4.7.2 framework.

Bug fixes

• Previous versions of Okta Verify didn’t remove unused service accounts that were created by the setup process.

Version: 3.5.1

Deployment date: June 1, 2022

Using mobile device management to deploy Okta Verify

If you use mobile device management (MDM) to automatically deploy Okta Verify on Windows, you must update your MDM configuration to deploy Okta Verify version 3.2.1, or later, to ensure auto-update of Okta Verify continues to work as expected after June 2022. If you aren't currently deploying Okta Verify, version 3.2.1, or later, download the latest version of Okta Verify for Windows from the Admin Console. (OKTA-491063)

To download the latest version of Okta Verify for Windows:

1. In the Admin Console, go to Settings > Downloads.

2. Scroll to locate Desktop Apps.

3. Click Download Latest.

After downloading the latest Windows .exe or .msi file, update your MDM configuration to deploy the updated version of Okta Verify.

Bug fixes

Previously, Okta Verify incorrectly reported the security identifier (SID) of the local Administrator account as the device SID.

With this release, Okta Verify reports the SID associated with the device’s domain account, if possible, or the SID associated with local account as a fallback.

Version: 3.4.3

Deployment date: May 6, 2022

Using mobile device management to deploy Okta Verify

If you use mobile device management (MDM) to automatically deploy Okta Verify on Windows, you must update your MDM configuration to deploy Okta Verify version 3.2.1, or later, to ensure auto-update of Okta Verify continues to work as expected after June 2022. If you aren't currently deploying Okta Verify, version 3.2.1, or later, download the latest version of Okta Verify for Windows from the Admin Console. (OKTA-491063)

To download the latest version of Okta Verify for Windows:

1. In the Admin Console, go to Settings > Downloads.

2. Scroll to locate Desktop Apps.

3. Click Download Latest.

After downloading the latest Windows .exe or .msi file, update your MDM configuration to deploy the updated version of Okta Verify.

Bug fixes

• Okta Verify failed to install on some Windows machines. (OKTA-485347, OKTA-490580)

• Okta Verify authentication prompted the user to enter the management certificate PIN. (OKTA-477401)

• After launching Okta Verify, the first enrollment or authentication attempt was recorded as a failed logon event (Event ID 4625) in the Windows Security Log Event Viewer. (OKTA-487346)

• Okta Verify sometimes crashed during activation for enrollment or authentication. (OKTA-472124, OKTA-486261, OKTA-486622)

Version: 3.3.1

Deployment date: March 24, 2022

Bug fixes

• Okta Verify crashed and then needed to be invoked again from a browser when users clicked Sign in with Okta FastPass. (OKTA-468722)

• Okta Verify didn't launch correctly on devices that enforced FIPS compliant algorithms. (OKTA-478065)

• On devices with limited CPU, Okta Verify diagnostics blocked the app from launching correctly. (OKTA-469202)

• Okta Verify was unresponsive if users entered a username that wasn't an email address in the Sign-In Widget and then clicked Sign in with Okta FastPass. This occurred only for users whose registered username wasn't an email address. (OKTA-481936)

Version: 3.2.1

Deployment date: March 15, 2022

Bug fix

• When Okta Verify was restored and then placed out of focus, it wouldn't come back into focus when the icon in the system tray or the desktop shortcut was clicked. (OKTA-469240)

Version: 3.1.2

Deployment date: January 31, 2022

Bug fixes

• On some devices, restarting the device created additional OVService accounts. (OKTA-459101)

• On some devices, when users signed in using biometrics, the Windows Hello prompt didn't appear and the Sign-In Widget requested other authentication factors. (OKTA-462360)

• When users clicked Sign in with Okta FastPass on devices that weren't enrolled, the initial authentication sometimes failed. (OKTA-461823)

Version: 3.0.2

Deployment date: January 10, 2022

Bug fix

• If users entered their Username on the Sign-In Widget and then clicked Sign in with Okta FastPass, they were unable to sign in. (OKTA-459049)

Version: 3.0.0

Deployment date: January 6, 2022

Features and enhancements

• After a user successfully signs in to Okta Verify, the focus now switches back to the application that made the sign-in request.

• The installer Welcome screen now includes the Order Form Supplement and Privacy Policy links, and the Order Form Supplement includes updates.

Version: 2.8.1

Deployment date: December 1, 2021

Features and enhancements

• The installer no longer blocks installations on Windows server 2019.

• End users are now notified when their account is invalidated for use with Okta Verify. If Re-enroll is available, they can click it to re-enroll the invalidated account.

See Re-enroll an Okta Verify account on Windows devices.

• End users can now set the default Okta FastPass account when multiple accounts exist in the same org. Depending on whether the account is the default Okta FastPass account, the Account Details screen includes a Default for Okta FastPass indicator or a Set as default for Okta FastPass link.



See Add an account to Okta Verify by using a sign-in URL on Windows devices, Add an account to Okta Verify by accessing an app on Windows devices, and Set a default Okta FastPass account on Windows devices.

• When an end user enters their username or email during authentication, Okta Verify uses that account for Okta FastPass authentication. If a username or email is not entered, Okta Verify uses the default Okta FastPass account, or a random account if a default account isn't set up.

Version: 2.7.0

Deployment date: October 20, 2021

Features and enhancements

• This version includes various internal improvements and fixes.

Version: 2.6.0

Deployment date: September 22, 2021

Features and enhancements

• Admins can now deploy Flag Value changes (for example, OrgUrl), which are passed using the Windows Installer, during an Okta Verify upgrade. It is no longer necessary to uninstall and then re-install Okta Verify to deploy these changes.

See Install Okta Verify on Windows devices.

• The endpoint detection and response (EDR) plugin now includes an availabilityChecks function, which detects if underlying services are running on fresh installs (not upgrades). For example, if the WSCSVC service isn't running, the function would report that the integration is not available to the server.

See Manage endpoint security integration plugins for Windows.

• The Setting screen now includes an option to join the Okta beta program, which gives users early access to the latest version of Okta Verify.



See Manage Okta Verify accounts and settings on Windows devices

Version: 2.5.0

Deployment date: August 13, 2021

Features and enhancements (visible to end-users when the functionality is available to administrators)

• Users see an indicator beside accounts on the Accounts screen, when admins set User Verification to one of the following options:
  • Required: If Windows Hello is invalidated.
  • Required or Preferred: If Windows Hello settings changed.

When a user clicks an invalidated account, they also see a message on the Account details screen.



See Enable Okta FastPass.

•  When admins set User Verification to Required:
  • Users must set up Windows Hello during enrollment.
  • Users aren't able to disable Windows Hello on enrolled accounts.



See Enable Okta FastPass.

Version: 2.4.0

Deployment date: July 20, 2021

Features and enhancements

• This version includes various internal improvements and fixes.

Bug fixes

• The app remained in the system tray and didn't appear in the foreground when launched. (OKTA-402202)
• Authentication using FastPass by clicking Sign in with Okta Verify failed intermittently for some applications. (OKTA-410331)

Version: 2.3.0

Deployment date: June 23, 2021

Features and enhancements

• This version includes various internal improvements and fixes.

Bug fix

• When device enrollment was triggered by authentication, the account displayed the Okta URL. (OKTA-360802)

Version: 2.2.0

Deployment date: May 27, 2021

Release summary

• This version includes various internal improvements and fixes.

Version: 2.1.0

Deployment date: April 22, 2021

Features and enhancements

• Pushing an MDM DeviceLock policy to an Okta Verify-enrolled device can cause Okta Verify authentication to fail. To prevent this issue, the Okta server now detects when such MDM policies made the Okta Verify enrollment keys inaccessible. To restore accessibility Okta Verify restarts automatically after the user clicks Sign in with Okta Verify on this device.
• Windows Okta Verify installer flag updates: The installer flag JITEnrollType is changed to EnrollmentOptions. Also, the default setting for this installer is changed to SilentEnrollmentDisabled. The installer flag SendToAppCenter is changed to ReportDiagnostics.
• User interface changes: 
  • The Settings menu now includes an option to apply the system theme to the Okta Verify app. The color of the Okta Verify menu in the system tray now changes to match the chosen system theme.
    

    

  • The Okta Verify Accounts page changed. Users now click the account to see account details and to access the Disable Windows Hello and Remove account buttons. Previously, these options were available in the side menu of the account.
    

    

Bug fix

• On devices with user profile names that contain unicode characters, Okta Verify immediately crashed after installation instead of launching and running in the background continuously. (OKTA-379096)

Version: 2.0.1

Deployment date: March 24, 2021

Features and enhancements

• You can now integrate Windows Okta Verify with some Endpoint Detection and Response (EDR) solutions. When users try to access a protected resource, Okta Verify probes their device for context and trust signals and uses these to inform the access decision. EDR integration extends device posture evaluation by enabling Okta Verify to capture signals collected by your EDR client running on the same device. Okta currently supports integrations with CrowdStrike ZTA and Microsoft Windows Security Center. See Endpoint security integrations.
• When installing Okta Verify using the command line or a management tool, administrators can now configure when to prompt end users to enroll in Okta Verify. See Install Okta Verify using MEM.
• End users have the following new options in Okta Verify settings:
  • Choose light or dark mode.
  • Share diagnostic data with Okta. This is useful to help Okta troubleshoot problems and improve the app.
    

    

Bug fixes

• After selecting Sign in with Okta Verify on this device, users were stuck on a loading page and couldn’t select Yes it’s me or No, it’s not me. (OKTA-360921)
• An Okta Verify user with an active account couldn't enable biometrics if the administrator changed their username. (OKTA-362137)
• Users who entered an incorrect sign-in URL received the vague message Something went wrong instead of Check your sign-in URL. (OKTA-377251)

Version: 1.5.1

Deployment date: February 24, 2021

Features and enhancements

• When users add an account or enable biometrics in Okta Verify and are redirected to the browser for authentication, they can now easily return to the app by clicking the new Go back button.
• To find Okta Verify details such as app version, terms and conditions, privacy policy, and third party notices, click Okta Verify > About in the taskbar.

Bug fix

• If a user entered their organization's custom URL when adding an account in Okta Verify, the account appeared with the Okta URL instead of the custom URL. (OKTA-352511)

Version: 1.4.0

Deployment date: January 19, 2021

Release summary

• When signing in to Okta with a biometric factor or security key and selecting Use Okta Verify as an authenticator, some end users were prompted with Windows Hello verification twice. (OKTA-348629)
• When enrolling in Okta Verify, signing in to Okta succeeded but the confirmation page either didn’t appear or an error was shown. (OKTA-353360)

Version: 1.3.1

Deployment date: December 21, 2020

Release summary

• Okta Verify is a lightweight app that allows you to securely access your apps via 2-step verification, ensuring that you, and only you, can access your app accounts. While you access your apps, you’ll choose a 2-step verification method provided by Okta Verify to finish signing in.