Okta Identity Engine release notes: Preview

Limited GA: Okta Identity Engine is currently available only to selected customers.

October 2021

2021.10.0: Monthly Preview release began deployment on October 6

* Features may not be available in all Okta Product SKUs.

Generally Available Features

New Features

Secondary email option for LDAP-sourced users

Admins can now enable a secondary email option for LDAP-sourced users in new orgs. When the secondary email option is enabled, LDAP-sourced users who haven’t previously provided a secondary email are now prompted to provide it on the Okta Welcome page.

A secondary email helps reduce support calls by providing LDAP-sourced users with another option to recover their password when their primary email is unavailable. See Configure optional user account fields.

Token-based SSO between native apps

Single Sign-On (SSO) between browser-based web applications is achieved by leveraging shared cookies. Unlike web applications, native applications can’t use web cookies. With Native SSO, Okta offers a token-based approach to achieve SSO between native applications.

Native SSO allows you to protect native OpenID Connect applications, such as desktop apps and mobile apps, and achieve SSO and Single Logout (SLO) between these applications. See Configure SSO for native apps.

Risk scoring improvements

Risk scoring improvements are being slowly deployed to all organizations.

Enhancements

Custom footer enhancement

With Branding enabled, admins can now hide the Powered by Okta message in the footer of their Okta-hosted sign-in page and End-User Dashboard. See Configure the footer for your org.

Log per client mode for client-based rate limits

Client-based rate limits are now in Log per client mode for all orgs for both OAuth 2.0 /authorize and /login/login.htm endpoints. This offers additional isolation to prevent frequent rate limit violations.

Hidden password for dynamic SCEP URL

When you generate a dynamic SCEP URL to integrate Okta with your device management provider, or when you reset the dynamic SCEP password, the password is hidden for enhanced security. To reveal or copy the password, click Show password.

See Configure Okta as a CA with delegated SCEP challenge for Windows using Microsoft Intune and Configure Okta as a CA with dynamic SCEP challenge for macOS using Jamf Pro

Fixes

General Fixes

OKTA-325592

When LDAP delegated authentication was enabled, an incorrect event type was used to process user profile updates.

OKTA-346989

Global redirect URIs weren’t maintained after an upgrade to Okta Identity Engine from Classic Engine.

OKTA-353822

If an Okta Classic Engine org had an app sign-on policy rule configured for all six platforms and then migrated to Okta Identity Engine, the app sign-on policy rule for AND Device Platform is wasn't marked as Any platform.

OKTA-361609

Non-active users were able to sign in to the Office 365 app using Silent Activation.

OKTA-413405

During enrollment, a check mark didn’t appear correctly beside required authenticators on the Set up multifactor authentication page.

OKTA-419156

During phone MFA setup, users weren’t able to request another one-time passcode after entering the first one incorrectly.

OKTA-422719

A warning message appeared when users attempted to open the URL of an app that wasn’t assigned to them, and then when they clicked Sign in with Okta FastPass or signed in by entering the same username, an error message with the same information was appended to the warning message.

OKTA-423103

When selecting an authenticator for sign-in, users sometimes saw an unclear error message.

OKTA-427932

When Branding was enabled, the Sign-In Widget was distorted on custom sign-in pages.

OKTA-428268

When an LDAP interface (LDAPi) client had Custom Admin Roles enabled, time-out errors sometimes occurred during group member queries.

OKTA-429894

When a user entered an incorrect password in the Sign-In Widget and then refreshed the browser for another password attempt, the Expecting credential field warning still appeared.

OKTA-431349

Translated versions of AD and LDAP configuration validation messages weren’t provided.

OKTA-431757

The User is not assigned to this application message appeared as an INFO error rather than a WARNING.

OKTA-431868

In the UI for the SuccessFactors app, options for Active User Statuses weren't displayed.

OKTA-435586H

Some users were unable to sign in if their org's default app was deactivated or deleted.

App Integration Fixes

The following SWA app was not working correctly and is now fixed

  • Amplitute (OKTA-429432)

Applications

Updates

New Integrations

New SCIM Integration Applications

The following partner-built provisioning integration apps are now Generally Available in the OIN Catalog as partner-built:

OIDC for the following Okta Verified application:

  • Extole: For configuration information see Okta Instructions.

Weekly Updates