Okta Preview Sandbox – 2016.16 Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Okta Preview Sandbox – 2016.16
Published: Apr 20, 2016   -   Updated: Jun 22, 2018

Okta Preview Release 2016.16 began deployment on April 21. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

User-added image

Migrating Orgs with Federated Profiles (AD Integrations)

Beginning April 21, 2016 for Preview orgs and May 4, 2016 for Production orgs, Okta automatically will migrate all orgs that use the Active Directory (AD) Federated Profiles option to the Okta enhanced AD integration. Enhanced integration combines the best features of our Classic Imports and Federated Profiles options into a single, simplified, more robust offering. For more details, see About Okta's Enhanced Active Directory Integration.

To help ensure a successful migration, note the following:

  • Some features of Enhanced AD Integration require that all Okta AD Agents be upgraded to version 3.3.5.  Otherwise, changes you make to Group OU settings will not take effect for JIT Provisioning until you restart your agents. (The agent upgrade requires a complete uninstallation and reinstallation; see Installing and Configuring the Active Directory Agent.)
  • By default, Enhanced AD Integration synchronizes groups on a daily basis (you can change the import frequency in Import and Account settings.) Your integration settings for user imports is preserved. This means that if your org is not configured to run scheduled imports, your users continue to be imported and/or updated via Just In Time provisioning (JIT).

New Features​

  • If an admin has selected the Users can reset forgotten LDAP passwords in Okta option, users without forgotten password questions are prompted to enter a question. This LDAP enhancement matches what occurs in Okta Active Directory integrations. For details, see Configuring Your LDAP Password Reset Settings
  • We have added a new password reset option for LDAP. End users can opt to receive an SMS message to reset a forgotten password. For details, see Configuring Your LDAP Password Reset Settings.
  • Okta has enhanced the user experience of Office 365 by adding separate Word, Excel, and PowerPoint chiclets to the Okta Home page.
  • Okta now supports Group Push for Jira Cloud (Atlassian) and Jira on-premise SAML applications. For more information, see Using Group Push.

Okta Developer Platform New Features

Documentation for the Okta Developer Platform is available at http://developer.okta.com.

Web Apps and Implicit Grant Type

When a Web app contains the grant_type implicit, admins can publish chiclets with the Login Initiated By feature. For more information about Login Initiated By, see Using OpenID Connect. For more information about OIDC clients and the API, see OpenID Connect.

Policy Object accountLink Value: DISABLED

The accountLink property of a policy object supports the value DISABLED. When accountLink is set to DISABLED, Okta doesn't link the IdP user to an existing Okta user, but might try to provision a new one. For more information about auto-linking in the API, see Identity Providers.

Authorization Property state Required

The state property is required in requests for the oauth2/v1/authorize endpoint. Correlating requests and responses helps prevent cross-site request forgery (CSRF).

    Incremental Features Summary

    The following table summarizes features that are enabled incrementally. Links in the Feature column point to additional documentation for that feature, if available. After the feature is fully released, it is no longer tracked in this table. For release history of all features, see Features by Release.

    New Orgs
    New Orgs
    Existing Orgs
    Existing Orgs
    LDAP Reset Password SMS2016.162016.172016.162016.17
    Password Policy (Softlock)2016.152016.17-2016.182016.152016.17-2016.18
    Enhanced Automatic App Login (Plugin)2015.462015.46      –      –

    Browser Support

    On April 15, 2016, Okta discontinued support for Microsoft Internet Explorer 8 (IE) as well as all versions of Compatibility View that represent IE8. Okta Customer Support no longer investigates issues related to IE8. Also, IE8 is not compatible for use on Okta Administrator pages.

    For more information about supported browsers, see Platforms, Browser, and OS Support.



    We've implemented SAML for the following Okta Verified application:

    • Engagedly (OKTA-85027)


    We've added the following Mobile application for use with Okta Mobility Management (OMM):

    • Facebook at Work (OKTA-83619)

    Bug Fixes

    Bug numbers ending with an H are hotfixes. Hotfixes are generally deployed after the initial release.

    The following issues are fixed:

    • OKTA-79514 – Some admins occasionally experienced slow responses or couldn't access the Admin Dashboard and received Internal Server Error messages.
    • OKTA-80198 – When authenticating with Duo for Box, some customers saw an out-of-date user interface.
    • OKTA-82297 – Some error messages on the General tab for OIDC apps were difficult to understand. 
    • OKTA-83669 – Some users were unable to find the Workday app on iOS devices.
    • OKTA-85747 – The iOS enrollment page for OMM was not dynamically resized based on device size/orientation.
    • OKTA-86194 – The characters % (percent), \ (backslash), and _ (underscore) weren't escaped in queries to /api/v1/users and /api/v1/apps/{id}/catalog/users. This behavior made it difficult to find results that contained these characters. You may want to review any queries that depend on such results.
    • OKTA-86282 – End users were unable to reach the Okta Sign In page using Windows Internet Explorer 9 in IWA environments with the New Okta Sign-In Experience enabled.
    • OKTA-86816 – The error message in the system log about account link restrictions did not display the incoming subject.

    The following SAML app was not working correctly and is now fixed:

    • Datadog (OKTA-86000)


    The following SWA apps were not working correctly and are now fixed:

    • Adobe EchoSign (OKTA-86635)

    • CSI - WatchDOG Elite (OKTA-86634)

    • Curalate (OKTA-86630)

    • Empire Blue Cross (OKTA-86244)

    • eStara On Demand Webcare (OKTA-86621)

    • FirstBank Online Banking (OKTA-86622)

    • MyResourceLibrary (OKTA-86627)

    • Pivotal Academy (OKTA-84347)

    • Silkroad RedCarpet (OKTA-82898)

    • The Toll Roads (OKTA-86623)

    • Unity Ads (OKTA-86942)

    • Voya - Retirement Plan Participants

    • Webfilings (OKTA-86633)