Okta Active Directory agent version history

This page lists current and past versions of the Okta Active Directory (AD) agent. It's updated whenever a new version of the agent is released.

To download the latest agent, in the Okta Admin Console, select SettingsDownloads, scroll to an agent, and then click Download Latest to run the installer.

To ensure that you have the latest functionality and get optimum performance from your Okta AD agent, Okta recommends that you download and install the newest version of the agent on your server. If you're running multiple agents, make sure that all of them are the same version. Running different versions can cause all agents to function at the level of the oldest agent.

When the GA and EA versions are the same, an EA version of the Okta AD agent is unavailable and the GA version must be installed instead.


Version

Description

Release

3.18.0

This release includes the following changes:

  • Agent now uses OAuth 2.0 and OAuth 2.0 Demonstrating Proof-of-Possession (DPoP) to securely communicate with Okta.

  • New agents are registered through OAuth 2.0 device registration flow.

  • Agents now operate independently from the accounts used to register them.

  • Agents can now be installed by super admins and users with a custom admin role that includes agent registration permissions. See Okta account with required permissions.

  • Security enhancements.

  • Bug fixes.

2024.07.0

3.17.0

This version of the agent includes fixes for signing both executables and DLL files that come with the Active Directory agent.

2024.03.0

3.16.1

This version of the agent contains fixes for the expiring signature error that prevented agents from auto-updating to the newest AD agent version.

2024.01.1

3.16.0

This GA release includes the following changes:

  • When the executor.log and coordinator.log files grow past 5 MB, their contents roll over into new executor.log.old and coordinator.log.old files.

  • Bug fixes.

2023.08.0

3.15.0

This GA release includes the following changes:

  • Bug fixes. Active Directory (7) agent auto-update health check caused auto-update to fail when upgrading from version 3.13.0 to 3.14.0.

2023.05.0

3.14.0

This GA release includes the following changes:

  • Security enhancements.

  • Bug fixes.

  • Installer will show a warning if the service account isn't a member of Pre-Windows 2000 Compatible Access.

  • Migration of the Windows installer from Internet Explorer to Edge.

    The installer now requires Edge WebView2. WebView2 is downloaded automatically during the agent installation if your machine is connected to the Internet. If not, you must manually install it before installing the new agent version.

2023.04.0

3.13.0

This GA release includes the following changes:

  • Health check of auto update service before auto update process is started.

  • Web proxy support for agent auto update feature

  • Updated log category for existing logs from DEBUG to INFO.

  • Security fixes.

2022.11.0

3.12.0

This GA release includes the following changes:

  • Improved group membership information logging.

  • Security enhancements.

    Note: The AD Agent auto-update feature is not capable of deploying all security enhancements that are introduced in version 3.12. In order to completely deploy all security enhancements from this release, all AD agents running version 3.11 or earlier must be uninstalled, and version 3.12 must be manually installed. See Update the Okta Active Directory agent.

2022.08.0

3.11.0

This GA release includes the following changes:

  • Making .NET Framework 4.6.2 the minimal supported version. When .NET Framework version 4.6.2 or later isn't detected during the agent installation, the agent installer attempts to upgrade the .NET Framework version to 4.6.2.

  • Security enhancements.

2022.05.0

3.10.0

This GA release includes the following changes:

  • Okta Military Cloud support.
  • Bug fixes.

2022.03.0

3.9.0

This GA release includes the following changes:

  • Bug fixes.

2022.02.0

3.8.0

This GA release includes the following changes:

  • Agent auto-update support.
  • Improved logging functionality to assist with issue resolution.
  • Bug fixes.

2022.01.0

3.7.0

This GA release includes the following changes:

  • Government Community Cloud support.

  • Improved logging functionality to assist with issue resolution.

  • Bug fixes.

2021.10.0

3.6.1

This GA release includes the following changes:

  • Improved query performance for customers with a large number of organizational units.
  • Security enhancements.
  • Improved logging functionality to assist with issue resolution.
  • Managed service account support for the Okta Active Directory agent.
  • Bug fixes.

2021.04.0

3.6.0

This EA release includes the following changes:

  • Improved query performance for customers with a large number of organizational units.
  • Security enhancements.
  • Improved logging functionality to assist with issue resolution.
  • Managed service account support for the Okta Active Directory agent.

  • Bug fixes.
2020.10.0
3.5.9 This GA release of the AD agent fixes an issue where metadata about Active Directory domains was not updated in Okta during imports from AD. In some cases this prevented features which rely on this metadata, for example Agentless Desktop SSO, from working correctly or being configured for the first time. 2019.10.0
3.5.8 This GA release of the AD agent implements a check on the AD agent service startup. The check overrides the value of the connectionLimit parameter if it is misconfigured. If the value isn't acceptable but not optimal, a warning message is logged that describes the recommended value. For details about the recommended values, see Okta Active Directory agent variable definitions 2019.08.0
3.5.7 This version of the AD agent includes fixes to close and recreate connection groups and add a retry response in response to 502 errors during import. 2019.04.2

3.5.6

This EA release includes the following changes:

  • Back-end changes to improve how the agent refreshes its DNS entries and connects to servers during disaster recovery.

  • The MaxRetryLimitSleep parameter default is now 8 minutes.

  • A bug fix resolving group membership issues when a user was created by JIT.

2019.01.2

3.5.5

This EA release includes:

  • a bug fix for errors when importing a group with more than 1,500 users.
  • internal bug fixes.
2018.12.0
3.5.4 This EA release includes a security fix and memory performance improvements when streaming data. 2018.44
3.5.3 This EA release includes a fix to an issue with installing the agent on a server that requires Duo multi-factor authentication. 2018.34
3.5.2

This EA release includes the following:

  • Ability to control the timeout for sending result of Del Auth request back to Okta, to make the Del Auth requests more robust to transient network failures.
2018.31
3.4.13

This GA release includes the following changes:

  • The installer will not continue if it cannot use a TLS 1.2 connection to connect to the Okta service. For Windows 2008 R2 TLS 1.2 is disabled by default and needs to be enabled through the registry.
  • Increased the minimum .NET version supported to 4.5.2. If the installer does not detect .NET 4.5.2 or higher, it will be installed.

2018.29
3.5.1

This EA release includes the following changes:

  • The installer will not continue if it cannot use a TLS 1.2 connection to connect to the Okta service. For Windows 2008 R2 TLS 1.2 is disabled by default and needs to be enabled through the registry.
  • Increased the minimum .NET version supported to 4.5.2. If the installer does not detect .NET 4.5.2 or higher, it will be installed.

  • Improved logging functionality.
  • If, during incremental import, the agent detects that the domain controller (DC) it has affinity with is stale, it will switch to another DC and perform a full import. This happens when the usnchanged of the DC with which the agent has affinity is lower than the usnchanged of the last incremental import. If there is no other DC, the agent will perform a full import using the only available DC.
  • Internal fixes.
2018.29
3.5.0 This EA release fixes an install issue that occurred when registering a secondary AD domain on a new installation. 2018.19
3.4.12

This GA release provides internal fixes to the installer.

This includes a change to the installation folder permissions to prevent it from inheriting permissions from a parent folder, Okta strongly recommends that you upgrade to 3.4.12 or higher.

2018.14
3.4.11 This Early Access release includes internal fixes to the installer. 2018.12
3.4.10

This Generally Available release provides the following:

  • All the fixes and enhancements provided by Early Access (EA) versions from 3.4.4 to 3.4.8.
  • Updated the minimum Windows Server version to 2008.
  • Providing a fix for AD-sourced users that had issues signing in with passwords containing unicode characters.
  • Updated default settings.
  • Fixes an issue with installing the agent on some Windows 2012 R2 servers.
2017.49
3.4.9

This Generally Available release provides the following:

  • All the fixes and enhancements provided by Early Access (EA) versions from 3.4.4 to 3.4.8.
  • Updated the minimum Windows Server version to 2008.
  • Providing a fix for AD-sourced users that had issues signing in with passwords containing unicode characters.
  • Updated default settings.
2017.46
3.4.8

This Early Access release includes a number of performance improvements which will reduce import times significantly.

  • Domain Controller (DC) affinity – a significant reduction in the number of full imports that occur during normal operation, resulting in improved performance.
  • DC availability checking – more robust checking for DC availability from the agent. Okta tests DC health prior to making a connection and transitions to a new DC more quickly if a DC is offline or unavailable.
  • Improved logging functionality.
  • Other fixes and optimizations.
2017.35
3.4.7

This Early Access release now sends the following time stamps in milliseconds, instead of seconds:

  • when the agent GETs an Okta request
  • when the agent POSTs a result
  • when the agent sends a request to a Domain Controller
  • when the agent receives a response from the Domain Controller
2017.31
3.4.6 This Early Access release provides various improvements to the agent log, and improves the way that the Okta AD agent interprets the date formats sent by AD. 2017.24
3.4.5

This Early Access release fixed an issue where Okta failed to recognize users' AD group memberships following JIT profile creation and updates.

Note: This update was initially documented in the release notes for 2017.05.

2017.08
3.4.4

This Early Access release provides the following:

  • Updated default settings.
  • Internal improvements.
2016.40
3.4.3

This Generally Available release provides the following:

  • All the fixes and enhancements provided by Early Access (EA) versions 3.4.1 and 3.4.2.
  • Support for writing binary data to an AD object's attribute.
  • Updated default settings.
2016.35
3.4.2

This Early Access release provides the following enhancements:

  • If your AD agent fails to start because the service account on the domain controller is missing the Log on as a service permission, you can now repair the account with just a few clicks.
  • To allow admins to register the Okta AD agent in our EMEA production environment, we have added a Production-EMEA option to the agent installer.
  • To improve the security of AD integrations, we now default to the TLS1.2 security protocol in orgs running .NET Framework 4.5 or later. Orgs running earlier versions of the .NET Framework continue to use TLS1.1.
  • Okta no longer imports duplicate Universal Security Groups if they are moved to a different domain.
2016.31
3.4.1 This release allows admins to enforce Active Directory's password policy for end users who have forgotten their password. 2016.04
3.4.0

This version provides support for SSL certificate pinning. By default, pinning is enabled for new installations. For agent upgrades, your current state of enablement is preserved. †

To allow new installations to complete in environments where SSL pinning may prevent communication with the Okta server, this version also includes a command line option in the installer that lets admins disable SSL pinning. †

†Note: The default state of this feature was reversed in GA release 3.4.3.

2015.52
3.3.5 This version combines the best features of existing Classic Imports and Federated Profiles integration options. GA – 2015.51

EA – 2015.48
3.3.4

This release uses the FIPS-compliant implementation to perform some cryptographic functions.

2015.41
3.3.3

Fixed an issue that caused the agent to send empty User Agent strings.

2015.35
3.3.2

Fixed an issue that prevented the agent from shutting down.

2015.29
3.2.1

Fixed an issue where, when AD_FEDERATED_PROFILES was enabled, the user AD Group membership information was not always updated.

2015.14
3.2.0 This update includes repair of a memory leak. This improvement should reduce instances of delegated authentication timeouts. 2015.10
3.1.0.3 This update changes the default connection configuration to increase scalability in the throughput of processes between Active Directory and Okta. 2014.44
3.1.0.2 This update now enforces MFA policy during setup of AD. For Universal Directory users, this update also includes enhancements in configuring your AD schema in UD. 2014.41
3.0.9.7 Changes include several logging enhancements, including performance data. Also includes the following bug fixes:
  • OKTA-24749 - Fixed an issue in which Okta Groups without text in the Description field could not be successfully pushed.
  • OKTA-32138 - Fixed an issue where particular password types caused the AD Agent installation to fail.
6/16/2014
3.0.7 This update provides multithreaded polling for AD agents. 07/23/2013
3.0.6 This update supports Federated Profiles. 05/10/2013
3.0.5 This update includes a security enhancement: Currently the agent token is stored in plain text in the configuration file, and with this update it will be encrypted, making it more secure. If you use a proxy, the password you enter will also be encrypted. There are no functional changes to the agent and you can update at your convenience. 02/05/2013
3.0.4.x The AD agent 3.0.4.x supports IWA redundancy. 12/05/2012
3.0.3 You can now configure a proxy server during installation. 10/17/2012
3.0.2 This includes all updates from earlier releases. Updates to support the following:
  • Provisioning by security groups.
  • AD password reset.
  • AD import improvements.
08/20/2012
3.0.1 This update includes the following bug fixes:
  • The AD Agent Manager will fill the combo-box with all Domains of the current Forest and allows you to type the DNS-name of any additional Domain.
  • Agent will now prompt for elevation or administrator credentials when necessary.
05/30/2012
3.0 This update includes:
  • Registering Multiple Domains on one agent.
  • Provisioning by security groups.
05/14/2012
2.1.4 This update includes:
  • The domain user account for the AD Agent is created by the installer, so that the credentials are not stored in the Okta service.
  • Multiple Domain Support.
  • AD Password Reset.
5/14/2012

Note: After October 13, 2014, releases are named by release number; prior to that, they are named by release date. Release numbers indicate the year and week in which the release became available. Occasionally, there are gaps in the numbers.