Okta Identity Engine release notes: Preview
2021.10.0: Monthly Preview release began deployment on October 6
* Features may not be available in all Okta Product SKUs.
Secondary email option for LDAP-sourced users
Admins can now enable a secondary email option for LDAP-sourced users in new orgs. When the secondary email option is enabled, LDAP-sourced users who haven’t previously provided a secondary email are now prompted to provide it on the Okta Welcome page.
A secondary email helps reduce support calls by providing LDAP-sourced users with another option to recover their password when their primary email is unavailable. See Configure optional user account fields.
Token-based SSO between native apps
Single Sign-On (SSO) between browser-based web applications is achieved by leveraging shared cookies. Unlike web applications, native applications can’t use web cookies. With Native SSO, Okta offers a token-based approach to achieve SSO between native applications.
Native SSO allows you to protect native OpenID Connect applications, such as desktop apps and mobile apps, and achieve SSO and Single Logout (SLO) between these applications. See Configure SSO for native apps.
Risk scoring improvements
Risk scoring improvements are being slowly deployed to all organizations.
Custom footer enhancement
With Branding enabled, admins can now hide the Powered by Okta message in the footer of their Okta-hosted sign-in page and End-User Dashboard. See Configure the footer for your org.
Log per client mode for client-based rate limits
Client-based rate limits are now in Log per client mode for all orgs for both OAuth 2.0
/login/login.htm endpoints. This offers additional isolation to prevent frequent rate limit violations.
Hidden password for dynamic SCEP URL
When you generate a dynamic SCEP URL to integrate Okta with your device management provider, or when you reset the dynamic SCEP password, the password is hidden for enhanced security. To reveal or copy the password, click Show password.
When LDAP delegated authentication was enabled, an incorrect event type was used to process user profile updates.
Global redirect URIs weren’t maintained after an upgrade to Okta Identity Engine from Classic Engine.
If an Okta Classic Engine org had an app sign-on policy rule configured for all six platforms and then migrated to Okta Identity Engine, the app sign-on policy rule for AND Device Platform is wasn't marked as Any platform.
Non-active users were able to sign in to the Office 365 app using Silent Activation.
During enrollment, a check mark didn’t appear correctly beside required authenticators on the Set up multifactor authentication page.
During phone MFA setup, users weren’t able to request another one-time passcode after entering the first one incorrectly.
A warning message appeared when users attempted to open the URL of an app that wasn’t assigned to them, and then when they clicked Sign in with Okta FastPass or signed in by entering the same username, an error message with the same information was appended to the warning message.
When selecting an authenticator for sign-in, users sometimes saw an unclear error message.
When Branding was enabled, the Sign-In Widget was distorted on custom sign-in pages.
When an LDAP interface (LDAPi) client had Custom Admin Roles enabled, time-out errors sometimes occurred during group member queries.
When a user entered an incorrect password in the Sign-In Widget and then refreshed the browser for another password attempt, the Expecting credential field warning still appeared.
Translated versions of AD and LDAP configuration validation messages weren’t provided.
The User is not assigned to this application message appeared as an INFO error rather than a WARNING.
In the UI for the SuccessFactors app, options for Active User Statuses weren't displayed.
Some users were unable to sign in if their org's default app was deactivated or deleted.
App Integration Fixes
The following SWA app was not working correctly and is now fixed
The configuration guide for the Asana SCIM integration is updated: Asana SCIM configuration guide for Okta.
The following attributes are added to the KnowBe4 SCIM app:
New SCIM Integration Applications
The following partner-built provisioning integration apps are now Generally Available in the OIN Catalog as partner-built:
- Lucca: For configuration information, see Synchronize Lucca users and groups with Okta.
Seculio: For configuration information, see Okta user provisioning and SCIM integration.
OIDC for the following Okta Verified application:
- Extole: For configuration information see Okta Instructions.
New default enrollment setting for new authenticators
The default enrollment setting when adding a new authenticator is now Optional.
Email template improvements
User enrollment and authentication email template variables have been changed to facilitate upgrade from the Okta Classic Engine.
When a custom admin role was assigned to an existing group with standard roles, the System Log displayed duplicate Grant user privilege events for the members of the group.
Provisioning to Zendesk failed when a user with the same email already existed in Zendesk.
For orgs with Custom Administrator Roles enabled, the page filters on the Roles, Resources, and Admins tabs of the Administrators page were labeled incorrectly.
Org2Org Push Groups sometimes failed.
After Branding was enabled, admins could still navigate to original Settings > Customization pages.
Some admins were locked out when a Profile Enrollment policy was set up for the Admin Console app.
Provisioning (create/update) users to NetSuite failed with a Null Pointer Exception (NPE).
Orgs were able to change their custom Sign-In Widget to an unsupported version.
User-verification authenticators didn’t satisfy assurance requirements for a two-factor app sign-on policy when Security Question was allowed for authentication.
When an admin role was constrained to a group, users with that role sometimes experienced time-out errors on the People page.
The Airtable SCIM app is updated to support Group Push and Import Groups.
The configuration guide for the Asana SCIM integration is updated: Acronis Cyber Cloud SCIM configuration guide for Okta.
New SCIM Integration Application:
The following partner-built provisioning integration app is now Generally Available in the OIN Catalog as partner-built:
- Loom: For configuration information, see Configuring Okta provisioning for Loom.
SAML for the following Okta Verified applications: