Eligibility tasks
There are certain configuration tasks you must complete before your org is eligible for self-service upgrade. Once the configurations are complete, the self-service upgrade notification appears on your Admin Dashboard and you can schedule your upgrade.
Task | Description |
---|---|
Update event hook endpoints. | If your org uses an event hook endpoint that depends on the phone number field, update the endpoint to handle its new location. |
Prepare Okta Mobile users for the upgrade. | Okta Mobile isn't available after the upgrade. |
Disable Okta Mobility Management. | Identity Engine doesn't support Okta Mobility Management. |
Turn off Device Trust for mobile devices. | Follow the migration steps to ensure that Device Trust continues to work after the upgrade. |
Delete IWA routing rules. | Okta IWA agent isn't supported. Delete Integrated Windows Authentication routing rules Migrate from Integrated Windows Authentication to agentless Desktop Single Sign-on |
Migrate from the AWS Command Line Interface. | Identity Engine doesn't support older AWS CLI tools. To determine if you use the AWS CLI, search for the following in your System Log (not comprehensive):
gimme-aws-creds saml2 aws okta-awscli If you require CLI access, upgrade using one of the following methods:
|
Use Sign-In Widget version 5.11.0 or later. | If you use a custom Okta-hosted sign-in page, check the Sign-in Widget version. If it's earlier than 5.11.0, upgrade to the latest version. Remove the deprecated JavaScript methods. |
Review SDK documentation. | If your org uses the Okta SDKs for authentication and you're planning to move to Okta FastPass, review the docs: |
Disable State Token All Flows or ignore the warning. | State Token All Flows (STAF) isn't compatible with Identity Engine. If STAF is enabled in your Classic Engine org, you receive a warning. If you choose to not disable STAF, dismiss this warning and proceed with the upgrade. |
Build a test OIDC application. | If you need a test app to demonstrate the end-to-end authentication experience before and after you upgrade, you can build a custom app with Okta SDKs. Sign users in to your SPA using the redirect model and Auth JS |
Prepare Terraform for the upgrade. | If you use Terraform to manage one or more Okta tenants, ensure that you have the latest version of the Terraform provider and your script files are in sync. |