Okta Identity Engine release notes: Production

Limited GA: Okta Identity Engine is currently available only to selected customers.

October 2021

2021.10.0: Monthly Production release began deployment on October 11

* Features may not be available in all Okta Product SKUs.

Generally Available Features

New Features

Org Under Attack for ThreatInsight

Okta ThreatInsight now has enhanced attack detection capability. “Org under attack” establishes a base line traffic pattern and adjusts based on legitimate changes in traffic patterns. When a threat is detected, the algorithms are optimized to block all malicious requests while creating a System Log event to alert on the attack. After the attack subsides, threatInsight returns into its normal mode of operation. This capability enables quick blocking action during an attack. See About Okta ThreatInsight. This feature will be gradually made available to all orgs.


Custom footer enhancement

With Branding enabled, admins can now hide the Powered by Okta message in the footer of their Okta-hosted sign-in page and End-User Dashboard. See Configure the footer for your org.

Log per client mode for client-based rate limits

Client-based rate limits are now in Log per client mode for all orgs for both OAuth 2.0 /authorize and /login/login.htm endpoints. This offers additional isolation to prevent frequent rate limit violations.

Hidden password for dynamic SCEP URL

When you generate a dynamic SCEP URL to integrate Okta with your device management provider, or when you reset the dynamic SCEP password, the password is hidden for enhanced security. To reveal or copy the password, click Show password.

See Configure Okta as a CA with delegated SCEP challenge for Windows using Microsoft Intune and Configure Okta as a CA with dynamic SCEP challenge for macOS using Jamf Pro


General Fixes


When LDAP delegated authentication was enabled, an incorrect event type was used to process user profile updates.


Global redirect URIs weren’t maintained after an upgrade to Okta Identity Engine from Classic Engine.


If an Okta Classic Engine org had an app sign-on policy rule configured for all six platforms and then migrated to Okta Identity Engine, the app sign-on policy rule for AND Device Platform is wasn't marked as Any platform.


Non-active users were able to sign in to the Office 365 app using Silent Activation.


During enrollment, a check mark didn’t appear correctly beside required authenticators on the Set up multifactor authentication page.


During phone MFA setup, users weren’t able to request another one-time passcode after entering the first one incorrectly.


A warning message appeared when users attempted to open the URL of an app that wasn’t assigned to them, and then when they clicked Sign in with Okta FastPass or signed in by entering the same username, an error message with the same information was appended to the warning message.


When selecting an authenticator for sign-in, users sometimes saw an unclear error message.


When Branding was enabled, the Sign-In Widget was distorted on custom sign-in pages.


When an LDAP interface (LDAPi) client had Custom Admin Roles enabled, time-out errors sometimes occurred during group member queries.


When a user entered an incorrect password in the Sign-In Widget and then refreshed the browser for another password attempt, the Expecting credential field warning still appeared.


Translated versions of AD and LDAP configuration validation messages weren’t provided.


The User is not assigned to this application message appeared as an INFO error rather than a WARNING.


In the UI for the SuccessFactors app, options for Active User Statuses weren't displayed.


Some users were unable to sign in if their org's default app was deactivated or deleted.

App Integration Fixes

The following SWA app was not working correctly and is now fixed

  • Amplitute (OKTA-429432)



New Integrations

New SCIM Integration Applications

The following partner-built provisioning integration apps are now Generally Available in the OIN Catalog as partner-built:

OIDC for the following Okta Verified application:

  • Extole: For configuration information see Okta Instructions.