Okta Preview Sandbox – 2016.10 Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Okta Preview Sandbox – 2016.10
Published: Mar 9, 2016   -   Updated: Jun 22, 2018

Okta Preview Release 2016.10 began deployment on March 9. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

User-added image

New Features

  • We have improved the app sign-in experience for Okta customers with Integrated Windows Authentication (IWA) in mixed environments. Improvements include: 
    • If automatic app sign-in fails, now the relay state of the desired app is preserved, users are redirected back to the Okta Sign-In page to enter credentials, and then authenticated to the app. This ensures that non-IWA SSO-capable users can complete the sign-in process and SSO in to the apps they want, while IWA SSO-capable users retain the optimal automatic app sign-in experience they've always enjoyed.
    • Customization options allow admins to change the IWA detection timeout period, as well as create IIS URL rewrite rules to redirect specified clients to the Okta Sign-In page without attempting IWA SSO.

    The improved IWA app sign-in experience requires Okta IWA Web App agent version 1.9.1. and is available to Early Access (EA) users. To obtain this version, contact Okta Support. For more information, see Configuring Desktop SSO.

  • We have enhanced our Managed Applications Configurations feature for Okta Mobility Management (OMM). Now, admins can configure key-value pairs for individual mobile apps with more granularity, rather than sending configurations that are shared among mobile instances. For details, see Managed Application Configurations.
  • Okta is pleased to introduce the Okta On-Prem MFA agent. This new agent provides an enhanced end user experience for orgs that use non-RSA, on-premises MFA providers with Okta. The Okta On-Prem MFA agent is designed to eventually replace the Okta RSA SecurID agent. This is an EA release; to obtain it, contact Okta Support. For more information, see Configuring On-Prem MFA (including RSA SecurID)
  • The Okta user state, Suspended is now Generally Available (GA). Suspended users cannot log in to Okta, and the Okta login is blocked for apps that support SAML. App and group memberships are maintained for suspended users and are reinstated if the user is subsequently unsuspended.

    For information on suspending and unsuspending users from the UI, see Using the Okta People Page. For information on API support for these lifecycle states, see Suspend User in the Okta API documentation.

  • There are two enhancements to the system log. When users are added or removed from groups, the log now specifies whether the change was initiated by an admin or by a rule. Additionally, the log now indicates when a rule is deactivated that contains a user attribute in a condition.

iOS Support

On March 1, 2016, Okta discontinued support for iOS 7.x. Okta Customer Support will no longer investigate issues related to iOS 7. For more details see Okta Mobile and Okta Verify Supported Versions. To learn about Okta’s version support information, see our new Supported Configurations page.

Okta Developer Platform

Documentation for the Okta Developer Platform is available at http://developer.okta.com.

Incremental Features Summary

The following table summarizes features that are enabled incrementally. Links in the Feature column point to additional documentation for that feature, if available. After the feature is fully released, it is no longer tracked in this table. For release history of all features, see Features by Release.

New Orgs
New Orgs
Existing Orgs
Existing Orgs
Group-based Sign On Policies2015.48      –2015.48      –
Enhanced Automatic App Login (Plugin)2015.462015.46      –      –
Box for EMM2016.092016.112016.092016.11
WS-Federation Auto Config2016.092016.102016.092016.10
New User State: Suspended (GA)2016.102016.112016.102016.11

Agent Updates

We have released the following Okta agents for Early Access (EA) customers:

  • Okta IWA Web App version 1.9.1 – This release provides the following:
    • Improved app sign-in experience for customers in certain environments (see New Features above).
    • To allow admins to register the IWA Web App agent in our EMEA production environment, we have added a Production-EMEA option to the agent installer.

    For details, see Configuring Desktop SSO. For the agent version history, see IWA Web App Version History.

  • Okta Active Directory Password Sync version 1.3.1. This version fixes an issue in which certain types of events were not logged in the agent's log file. For the agent version history, see Active Directory Password Sync Agent Version History.

To obtain either of these EA releases, contact Okta Support.



We've implemented SAML for the following Okta Verified applications:

  • LiveChat (OKTA-82275)


We've implemented SAML for the following Community Created applications:

  • AbsorbLMS (OKTA-81410)


We've implemented SWA for the following Okta Verified applications:

  • Adafruit (OKTA-82460)

  • Bannerman (OKTA-82459)

  • Blue Bottle Coffee (OKTA-83008)

  • Cloudways (OKTA-82454)

  • CommonKey (OKTA-82189)

  • GIPHY (OKTA-82611)

  • iCollege (OKTA-82901)

  • Knowledge Owl (OKTA-82145)

  • Kraken.io (OKTA-82603)

  • LiveChat (OKTA-82736)

  • MySignaturesOnline (OKTA-82746)

  • Nosto.com (OKTA-82314)

  • OnlineFaxes.com (OKTA-82610)

  • Prosper (OKTA-82609)

  • RedisGreen (OKTA-82458)

  • Reputation.com Personal

  • RTD Smartcard (OKTA-82223)

  • Skrill (OKTA-82903)

  • SmartyStreets (OKTA-82455)

  • Temper (OKTA-82457)

  • The National Bike Challenge

  • TuneIn (OKTA-81311)

  • Webgains (OKTA-82456)

We've added the following Mobile application for use with Okta Mobility Management (OMM):

  • Box for EMM (OKTA-82238)*


  *Available in 2016.11 Production.

Bug Fixes

Bug numbers ending with an H are hotfixes. Hotfixes are generally deployed after the initial release.

  • OKTA-48790 – Fixed an issue in which the SAML process fails for Template SAML 2.0 apps when attributes referenced in the attribute statement have blank or null values.
  • OKTA-70182 – Fixed an issue in which the Okta browser plugin prompted to change admin-managed passwords when users navigated to the change password page for the app.
  • OKTA-70956 – Fixed an issue that caused permission errors when using SMS as part of multifactor authentication.
  • OKTA-77034 – Fixed an issue in which SAML attribute statements were deleted after upgrading the Cloud Provisioning Connector (CPC) package.
  • OKTA-78332 – Fixed an issue in which end users of WS-Fed applications using an SP-initiated flow were redirected to the Okta login screen instead of the defined URL.
  • OKTA-79503 – Fixed a timeout issue that caused an erroneous message to appear on OMM enrolled iOS devices.
  • OKTA-80022 – Fixed an issue that prevented updating mapped CDATA information from an IDP profile to an Okta user profile.
  • OKTA-81486 – Fixed an issue that prevented assigning applications or policies to groups that contained parentheses in their names.
  • OKTA-81713 – Fixed an issue in which operations for forgotten passwords did not validate SMS codes correctly.
  • OKTA-81916 – Fixed an issue that prevented editing the app label in the HealthyU app.

The following SWA apps were not working correctly and are now fixed:

  • American Hotel Register
    Company (OKTA-82422)

  • Check Point (OKTA-82419)

  • CNN (OKTA-82426)

  • Compini (OKTA-82420)

  • Discover Card (OKTA-82424)

  • Rackspace Cloud (OKTA-77929)

  • ShipStation (OKTA-81214)

  • Sungard Availability Services -
    Viewpoint (OKTA-82259)