Okta Identity Engine release notes (Production)

Some text on the Reset Password for a user page in the Admin Console wasn't translated. (OKTA-613937)

WebEx replaced the API used to retrieve session types with a REST API, which requires the integration to use OAuth for authentication. (OKTA-701227)

The policy.entity_risk.evaluate and policy.entity_risk.action events incorrectly displayed the target user as the actor instead of the Okta system. (OKTA-703424)

The user.authentication.universal_logout System Log event didn't capture all of the client data. (OKTA-706046)

Previews of customized sign-in pages didn't show all registration details. (OKTA-712636)

Some locked users couldn't unlock their accounts because they hadn't validated their email addresses. (OKTA-717710)

Clicking Sync Entitlements on the Governance tab displayed an error. (OKTA-720049)

Sometimes, concurrent Agentless Desktop SSO JIT operations for a user broke app assignments, which required admin intervention to correct. (OKTA-722648)

The System Log reported incorrect OS values for the same request. (OKTA-724428)

When admins manually confirmed users imported from a SCIM app, they were assigned apps that they weren't authorized to access. (OKTA-724859)

The System Log event description for security.events.provider.receive_event was Third Party Vendor reported risk and was updated to Security Events Provider Reported Risk. (OKTA-725427)

Opening a profile in a new tab from the Profile Editor displayed a list of profiles instead. (OKTA-725640)

A System Log event wasn't present for provisioned users when the password-only sign-in flow failed. (OKTA-727271)

The System Log recorded multiple user.session.context.change events when the device management status was incorrectly reported for Windows devices enrolled in Okta Verify. (OKTA-727309)

Sometimes, when users who hadn't enrolled in On-Prem MFA attempted to sign in using an RSA SecurID passcode in the New PIN Mode, the passcode verification failed. (OKTA-727554)

Some requests failed because the session cookie size exceeded browser limitations. (OKTA-727786)

Processing GeneralizedTime attributes while confirming new users imported from LDAP to Okta resulted in an error. (OKTA-728398)

Users could reuse their temporary password. (OKTA-729189)

The Sign-In Widget was blank when some Okta FastPass users were prompted to authenticate. (OKTA-730317)

When the display language was set to Japanese, some role permissions weren’t translated on the Admin role assignments screen. (OKTA-730832)

When the display language was set to Japanese, some text on the Administrators pages wasn’t translated. (OKTA-730834)

Some customers signing in to Okta-hosted custom domains with the first or second-generation Sign-In Widget received communications from Monotype Imaging Inc. about licensing for the Proxima Nova font. (OKTA-731216)

When an admin clicked Show more on the Administrator assignment by role page, additional admins with the super admin role didn’t appear. (OKTA-731416)

Some Group Push operations for ServiceNow failed due to timing out. (OKTA-731707)

The UI header elements on the Authentication Policy page didn't render correctly. (OKTA-732300)

App filter in the Post Auth Session tab is removed for future configurations. This doesn't affect existing configurations. (OKTA-732394)

Workday writeback operations failed when area codes were included in the request. (OKTA-733361)

Authenticator names weren't translated in error messages. (OKTA-733417)

The End User Browser Plugins pane on the Downloads page used an outdated icon for Chromium Edge. (OKTA-733813)

Universal Logout didn't sign users out of Google Workspace for some app instances. (OKTA-734303)

Entity Risk Policy in the Admin Console didn't have a description. (OKTA-734527)

Some attributes weren't translated in the Profile Enrollment form. (OKTA-734938)

The policy.auth_reevaluate.fail System Log event wasn't recorded for customers who enabled Identity Threat Protection. (OKTA-735556)

The security.breached_credential.detected System Log event had a typo. (OKTA-736552)

Some users saw an error page after setting up their Okta account. (OKTA-737149)

The Okta RADIUS Server Agent was updated for a security fix. Upgrade to version 2.22.0. (OKTA-737441)

Widgets on the Identity Threat Protection dashboard are updated for style and design consistency. (OKTA-737798)

Sometimes, Group Assignments involving the Everyone group failed because of a non-performant query. (OKTA-742083)

Full imports for OIG-enabled apps sometimes caused users to be unexpectedly deprovisioned. (OKTA-742996)

The help links on the Downloads page weren’t localized. (OKTA-614688)

Admins without the View agents permission could see the Agents page. (OKTA-651508)

Setting the locale to Japanese resulted in some issues when working with CSV directories. An error string appeared when scheduling weekly imports and there was insufficient space to enter which hour the import should be performed. (OKTA-656418)

Group Push failed for Samanage when group names contained spaces. (OKTA-668498)

Password reset token expiration time was not localized for some orgs. (OKTA-673386)

When the activation email was resent, it included an expired activation link. (OKTA-720605)

The notification email contained the modified IP address when X-Forwarded-For Header was modified. (OKTA-722815)

Some users received an error message when they tried to reset their password. (OKTA-725716)

The oauth2/instrospect endpoint hit rate limits without logging it in the System Log. (OKTA-726680)

Users who didn't enable the Multiple Identifiers feature could access the Identifiers page. (OKTA-727848)

During JIT reactivation through IdP, group app assignment reconciliation wasn't processed asynchronously, which caused an unexpected delay in the sign-in process. (OKTA-729103)

Access Testing Tool incorrectly reported that non-admin users had access to Okta Admin Console. (OKTA-729726)

Attempting to unassign a Google Workspace license from a user who didn't have that license resulted in an error message. (OKTA-731570)

A SAML app didn't open in an iFrame even when it was configured using Trusted Origins. (OKTA-734026)

If there was an error in the metrics for policy recommendation for an application, the recommendations didn't load properly. (OKTA-735657)

When an app was created by an API call with an existing clientId in the request payload, this didn't match the way an app was created in the UI. This resulted in the wrong app rate limit displayed in the rate limit dashboard. (OKTA-736117)

When an admin uploaded a file while configuring an app, the dates that appeared on the page weren't translated. (OKTA-736916)

The Okta provisioning API didn't accept user IDs that contained a backslash (\) character when users were provisioned to Org2Org instances. (OKTA-737258)

Admins couldn't delete existing Classic Engine Network Zones after upgrading to Identity Engine. (OKTA-737821)

NetSuite imports failed for new app instances that had Governance Engine enabled if users had an inactive department, location, or class. (OKTA-737844)

Unhandled routes for authentication policies rendered a blank page in the Admin Console. (OKTA-738033)

Sometimes a group owner wasn't resolved correctly and an invalid error was displayed on the Group Owner tab for the group. (OKTA-738426)

Some users received a Bad Gateway error when they tried to register their account. (OKTA-738828)

Gemini licenses for Google Workspace were unavailable. (OKTA-739005)

The Show More option in Trusted Origins didn't display all trusted origins when a filter was selected. (OKTA-740734)

The wrong font was used for text in the Sign-In Widget. (OKTA-742100)

The Post Auth Session Violation widget displayed incorrect UI and data when the policy was in the monitoring mode. (OKTA-742525)

When running an import from Active Directory into Okta, the DirSync stopped working, which resulted in users being removed from multiple groups within the Office 365 app. (OKTA-742905)

Full imports for OIG-enabled apps sometimes caused users to be unexpectedly deprovisioned. (OKTA-742996)

When trying to access OneDrive using the app on the Okta Dashboard, an error occurred if there was an active Office 365 session. (OKTA-744748)

In Groups API queries, some users who weren't in the "Everyone" group were missing group memberships.(OKTA-747426)

Inactive app users weren't included in group pushes for AWS Account Federation. (OKTA-678930)

Group queries in authentication policy rules didn't display more than 10 group names. (OKTA-699003)

Users with a custom admin role that allows them to manage a realm couldn't import users. (OKTA-709746)

Groups IDs were sent as part of PATCH operations. (OKTA-711633)

Users in China couldn't authenticate or enroll in authenticators on sign-in pages that required CAPTCHA verification. (OKTA-718806)

The logOnly attribute incorrectly appeared in the System Log. (OKTA-725287)

Sometimes actions that were taken on role assignments from entitlement bundles timed out. (OKTA-727294)

Some UI elements in the Identity Threat Protection dashboard didn't render correctly. (OKTA-727820)

Orgs that had Auto-enroll in all future EA features enabled in Features didn't get the Enforce MFA For Admin Console feature. (OKTA-729278)

When the Identity Threat Protection feature was enabled and an admin deleted the only group in a continuous access policy rule, the policy was still enforced. (OKTA-650636)

Admin email notifications for user lockouts weren't translated to the org's default language. (OKTA-657967)

The display name of the user was missing from the analytics.feedback.provide event in the System Log. (OKTA-679669)

Some users received an error message when they clicked Reveal in the app settings of the Google Workspace Mail tile. (OKTA-684516)

Sometimes viewing group details resulted in slow page loads or timeouts if the group was assigned a Zendesk app integration that had a large number of ZendeskOrganization objects in the downstream app. (OKTA-688756)

The Administrator role report contained admins without active resource sets. (OKTA-698967)

In some cases, the Realms pages in Chrome erroneously displayed horizontal scroll tabs. (OKTA-702758)

When choosing push groups by name, after selecting the first group and clicking Save and Add Another, choosing the next group caused the Push group immediately option to be cleared but the group was still automatically pushed. (OKTA-704497)

In Okta Identity Governance orgs where AD groups were owned by deactivated Okta users, some failed imports appeared as complete. (OKTA-713146)

When the last standard admin role was unassigned from a user who also had a custom admin role, the System Log didn’t record the event. (OKTA-715487)

Read-only admins couldn't use the Access Testing tool. (OKTA-716165)

When the Okta session and re-authentication times were set to four hours, they expired after one hour. (OKTA-716829)

For some types of internal errors, the LDAP interface incorrectly returned a successful result code (0) and empty results instead of an error code (80). (OKTA-716937)

Authenticator enrollment emails that users received when they enrolled in Okta Verify contained a Report suspicious activity link with the org's regular domain, even if the enrollment occurred on a custom domain. (OKTA-723812)

When a user search included the & symbol, only the first page of results was viewable. (OKTA-724819)

The Okta RADIUS agent was updated for a security fix. Upgrade to version 2.21.0. (OKTA-724891)

When viewing realm assignments where over 20 entries were listed per page, either or both of the assigned realm values and profile sources weren’t displayed. (OKTA-724913)

Some users received an error message and couldn't view Okta pages when they signed in from an IP address that Okta identified as risky. (OKTA-726837)