Okta Identity Engine release notes (Production)

Authenticators that were disabled in the authenticator enrollment policy appeared on the new End-User Settings page. (OKTA-718177)

Sessions were sometimes transferred from one user to another. (OKTA-719491)

Some users were erroneously prompted to authenticate with Okta Verify on unenrolled devices instead of being redirected to a custom device posture IdP. (OKTA-732676)

Some text strings on the General Settings page for custom OIDC apps weren't translated. (OKTA-739262)

When an X509 authentication request originated from an Okta domain, but the org used a custom domain, the Smart Card IdP didn't redirect the request correctly. (OKTA-741570)

When an admin clicked Show more on the Administrator assignment by role page, additional admins with the super admin role didn't appear. (OKTA-743378)

The app store download icons for Okta Verify have been replaced by download links on the Sign-In Widget. (OKTA-744565)

When a user tried to access OneDrive from the app on the Okta End-User Dashboard, an error occurred if there was an active Office 365 session. (OKTA-744748)

When the display language was set to Japanese, some text on the Deactivate People page wasn't translated. (OKTA-745642)

The Okta Agent Registration App icon sometimes appeared on the Authentication policies page beside the current default policy. (OKTA-746639)

The Reset Password modal had a grammatical error. (OKTA-747866)

If an API request in Preview contained any malformed syntax within the query string, the request was still processed. (OKTA-748246)

The EAP-TTLS option wasn't available for all RADIUS app integrations. (OKTA-750253)

When the display language was set to Japanese, some text on the Delegated Authentication page wasn’t translated. (OKTA-658397)

Some users received an error message when they clicked Reveal in the app settings of the Google Workspace Mail tile. (OKTA-684516)

The End-User Settings page (version 2) didn't display the correct logo and theme when multiple brands were configured in the org. (OKTA-717476)

Some customers signing in to Okta-hosted custom domains with the first or second-generation Sign-In Widget received communications from Monotype Imaging Inc. about licensing for the Proxima Nova font. (OKTA-731216)

When the Assign and revoke super admin role protected action was enabled and an admin revoked the super admin role from the Admins tab, they weren’t prompted for additional MFA. (OKTA-733379)

Access Testing Tool displayed incorrect data if the Identity Provider in the global session policy rule was set to either Okta or Specific IdP. (OKTA-733455)

The Sign-In Widget (third generation) showed Okta instead of the customized company name on the password reset page. (OKTA-737190)

Some policies couldn't be merged even though the source policies were identical. (OKTA-740953)

If API provisioning was enabled without enabling Update User Attributes, Docusign app usernames were set to the users' full names rather than email addresses. (OKTA-742584)

When the display language was set to Japanese, some text on the Sign on tab for the Google Apps instance wasn’t translated. (OKTA-742635)

When the display language was set to Japanese, some text on the Create new resource set page wasn’t translated. (OKTA-742653)

Some of the help links on the Downloads page weren’t correct. (OKTA-744866)

The SAML single logout URL wasn't embedded in the iFrame after the correct trusted origin was configured. (OKTA-744874)

When users tried to create SSWS tokens, Enhanced Dynamic Zones appeared in the list but users couldn't select them. (OKTA-745607)

The right-click menu didn't work in the Admin Console. (OKTA-745918)

Admins couldn't customize the Sign-In Widget (second and third generations) for accessing bookmark apps. (OKTA-747438)

Users without the Okta Access Requests Admin app couldn't view any app instance pages. (OKTA-748462)

The protected actions email notification sometimes contained a broken link. (OKTA-749232)

In orgs using delegated authentication with either AD or LDAP, attempting to sign in when the username contained a wildcard character (*) resulted in an HTTP 500 error. (OKTA-749548)

When the device context changed based on signals from Okta Verify, the post auth session evaluation didn't work as expected and didn't fire any System Log events. (OKTA-750405)

When the display language was set to Japanese, some text on Policy Simulation wasn’t translated. (OKTA-751021)

Users were incorrectly prompted for Okta FastPass when enrolling in Okta Verify. (OKTA-753062)

Some text on the Reset Password for a user page in the Admin Console wasn't translated. (OKTA-613937)

WebEx replaced the API used to retrieve session types with a REST API, which requires the integration to use OAuth for authentication. (OKTA-701227)

The policy.entity_risk.evaluate and policy.entity_risk.action events incorrectly displayed the target user as the actor instead of the Okta system. (OKTA-703424)

The user.authentication.universal_logout System Log event didn't capture all of the client data. (OKTA-706046)

Previews of customized sign-in pages didn't show all registration details. (OKTA-712636)

Some locked users couldn't unlock their accounts because they hadn't validated their email addresses. (OKTA-717710)

Clicking Sync Entitlements on the Governance tab displayed an error. (OKTA-720049)

Sometimes, concurrent Agentless Desktop SSO JIT operations for a user broke app assignments, which required admin intervention to correct. (OKTA-722648)

The System Log reported incorrect OS values for the same request. (OKTA-724428)

When admins manually confirmed users imported from a SCIM app, they were assigned apps that they weren't authorized to access. (OKTA-724859)

The System Log event description for security.events.provider.receive_event was Third Party Vendor reported risk and was updated to Security Events Provider Reported Risk. (OKTA-725427)

Opening a profile in a new tab from the Profile Editor displayed a list of profiles instead. (OKTA-725640)

A System Log event wasn't present for provisioned users when the password-only sign-in flow failed. (OKTA-727271)

The System Log recorded multiple user.session.context.change events when the device management status was incorrectly reported for Windows devices enrolled in Okta Verify. (OKTA-727309)

Sometimes, when users who hadn't enrolled in On-Prem MFA attempted to sign in using an RSA SecurID passcode in the New PIN Mode, the passcode verification failed. (OKTA-727554)

Some requests failed because the session cookie size exceeded browser limitations. (OKTA-727786)

Processing GeneralizedTime attributes while confirming new users imported from LDAP to Okta resulted in an error. (OKTA-728398)

Users could reuse their temporary password. (OKTA-729189)

The Sign-In Widget was blank when some Okta FastPass users were prompted to authenticate. (OKTA-730317)

When the display language was set to Japanese, some role permissions weren't translated on the Admin role assignments screen. (OKTA-730832)

When the display language was set to Japanese, some text on the Administrators pages wasn't translated. (OKTA-730834)

Some customers signing in to Okta-hosted custom domains with the first or second-generation Sign-In Widget received communications from Monotype Imaging Inc. about licensing for the Proxima Nova font. (OKTA-731216)

When an admin clicked Show more on the Administrator assignment by role page, additional admins with the super admin role didn't appear. (OKTA-731416)

Some Group Push operations for ServiceNow failed due to timing out. (OKTA-731707)

The UI header elements on the Authentication Policy page didn't render correctly. (OKTA-732300)

App filter in the Post Auth Session tab is removed for future configurations. This doesn't affect existing configurations. (OKTA-732394)

Workday writeback operations failed when area codes were included in the request. (OKTA-733361)

Authenticator names weren't translated in error messages. (OKTA-733417)

The End User Browser Plugins pane on the Downloads page used an outdated icon for Chromium Edge. (OKTA-733813)

Universal Logout didn't sign users out of Google Workspace for some app instances. (OKTA-734303)

Entity Risk Policy in the Admin Console didn't have a description. (OKTA-734527)

Some attributes weren't translated in the Profile Enrollment form. (OKTA-734938)

The policy.auth_reevaluate.fail System Log event wasn't recorded for customers who enabled Identity Threat Protection. (OKTA-735556)

The security.breached_credential.detected System Log event had a typo. (OKTA-736552)

Some users saw an error page after setting up their Okta account. (OKTA-737149)

The Okta RADIUS Server Agent was updated for a security fix. Upgrade to version 2.22.0. (OKTA-737441)

Widgets on the Identity Threat Protection dashboard are updated for style and design consistency. (OKTA-737798)

Sometimes, Group Assignments involving the Everyone group failed because of a non-performant query. (OKTA-742083)

Full imports for OIG-enabled apps sometimes caused users to be unexpectedly deprovisioned. (OKTA-742996)

The help links on the Downloads page weren't localized. (OKTA-614688)

Admins without the View agents permission could see the Agents page. (OKTA-651508)

Setting the locale to Japanese resulted in some issues when working with CSV directories. An error string appeared when scheduling weekly imports and there was insufficient space to enter which hour the import should be performed. (OKTA-656418)

Group Push failed for Samanage when group names contained spaces. (OKTA-668498)

Password reset token expiration time was not localized for some orgs. (OKTA-673386)

When the activation email was resent, it included an expired activation link. (OKTA-720605)

The notification email contained the modified IP address when X-Forwarded-For Header was modified. (OKTA-722815)

Some users received an error message when they tried to reset their password. (OKTA-725716)

The oauth2/instrospect endpoint hit rate limits without logging it in the System Log. (OKTA-726680)

Users who didn't enable the Multiple Identifiers feature could access the Identifiers page. (OKTA-727848)

During JIT reactivation through IdP, group app assignment reconciliation wasn't processed asynchronously, which caused an unexpected delay in the sign-in process. (OKTA-729103)

Access Testing Tool incorrectly reported that non-admin users had access to Okta Admin Console. (OKTA-729726)

Attempting to unassign a Google Workspace license from a user who didn't have that license resulted in an error message. (OKTA-731570)

A SAML app didn't open in an iFrame even when it was configured using Trusted Origins. (OKTA-734026)

If there was an error in the metrics for policy recommendation for an application, the recommendations didn't load properly. (OKTA-735657)

When an app was created by an API call with an existing clientId in the request payload, this didn't match the way an app was created in the UI. This resulted in the wrong app rate limit displayed in the rate limit dashboard. (OKTA-736117)

When an admin uploaded a file while configuring an app, the dates that appeared on the page weren't translated. (OKTA-736916)

The Okta provisioning API didn't accept user IDs that contained a backslash (\) character when users were provisioned to Org2Org instances. (OKTA-737258)

Admins couldn't delete existing Classic Engine Network Zones after upgrading to Identity Engine. (OKTA-737821)

NetSuite imports failed for new app instances that had Governance Engine enabled if users had an inactive department, location, or class. (OKTA-737844)

Unhandled routes for authentication policies rendered a blank page in the Admin Console. (OKTA-738033)

Sometimes a group owner wasn't resolved correctly and an invalid error was displayed on the Group Owner tab for the group. (OKTA-738426)

Some users received a Bad Gateway error when they tried to register their account. (OKTA-738828)

Gemini licenses for Google Workspace were unavailable. (OKTA-739005)

The Show More option in Trusted Origins didn't display all trusted origins when a filter was selected. (OKTA-740734)

The wrong font was used for text in the Sign-In Widget. (OKTA-742100)

The Post Auth Session Violation widget displayed incorrect UI and data when the policy was in the monitoring mode. (OKTA-742525)

When running an import from Active Directory into Okta, the DirSync stopped working, which resulted in users being removed from multiple groups within the Office 365 app. (OKTA-742905)

Full imports for OIG-enabled apps sometimes caused users to be unexpectedly deprovisioned. (OKTA-742996)

When trying to access OneDrive using the app on the Okta Dashboard, an error occurred if there was an active Office 365 session. (OKTA-744748)

In Groups API queries, some users who weren't in the "Everyone" group were missing group memberships.(OKTA-747426)