Okta Preview Sandbox - Release 2016.23 Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Okta Preview Sandbox - Release 2016.23
Published: Jun 7, 2016   -   Updated: Jun 22, 2018
Okta Preview Release 2016.23 began deployment on June 8. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

User-added image

Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.02 was pushed the second week of 2016. The week numbers follow the ISO Week Date convention. 

Important Notice for AD Integrations Using Federated Profiles

If your Okta Active Directory (AD) integration uses Federated Profiles, you should update to the latest GA version of the Okta AD agent. Beginning April 21, 2016, Okta automatically migrated all orgs that use the Federated Profiles option to the Okta enhanced AD integration, which requires agent version 3.0.8 or higher. If your Okta AD agent is earlier than version 3.0.8, following the migration your organization may experience inconsistent behavior, including loss of groups and group memberships.

To identify orgs running Federated Profiles, see Determining Your AD Integration Type.

For download and installation instructions, see Installing and Configuring the Active Directory Agent.

Note: If you run multiple Okta AD agents, upgrade all agents on your domain servers to the same version. Running different versions of the AD agent can cause all of them to function at the level of your oldest agent. 

New Product Features​

Unless otherwise noted, these features are available for all organizations with release 2016.23.

  • Like Super, Org, User, and App admins, now Read-only admins can choose not to receive email notifications about locked user accounts. For more information, see Using the Okta Settings Page. For more about admin permissions, see Administrator Roles.

    User-added image

  • We now source the Microsoft Office 365 immutableid value from the highest priority master AD appuser when there are two or more domains.

    Availability: This feature is available in 2016.23 release for all Preview orgs and new Production orgs, and available in 2016.24 for existing Production orgs.

  • Okta Mobility Management (OMM) now supports files up to 4GB in size. This enables customers to upload larger iOS apps to the Private App store.

  • Mobile Policies and Rules: We have improved how admins create Mobile Policies and Rules.

    User-added image

    • Admins can now apply Mobile Policies granularly based on Platform (iOS, Android).

    • The new Default Policy for Mobile is now read-only and denies enrollment to all devices if no other policy applies.

    • Auto-Lock: The Platform Rule for iOS platforms includes a new Auto-lock feature. This allows the admin to specify the amount of time between the last user activity and when the device display gets turned off, and also the amount of time after which a passcode is required to turn it back on.

    This is an Early Access (EA) feature; contact Okta Support to enable it. For more information, see Configuring Mobile Policies - EA.

Note: The Admin link that was previously announced in this release has been delayed.

Incremental Features Summary

The following table summarizes features that are enabled incrementally. Links in this table go to the release notes in which the feature was initially announced. After the feature is fully released, it is no longer tracked in this table. For release history of all features, see Features by Release.

New Orgs
New Orgs
Existing Orgs
Existing Orgs
ImmutableId from Master App2016.232016.232016.232016.24
New Tasks UI2016.222016.222016.222016.23
LDAP Imports2016.202016.202016.202016.23
New Okta Sign-in Experience2016.192016.192016.192016.24

Application Updates


  • We have enhanced our Zendesk integration to support Deactivate/Reactivate User functionality.

  • We have enhanced the RightNow CX integration by adding DisplayName to the user profile. If you already have a RightNow CX app configured and you want to use this functionality, use the Profile Editor to add the DisplayName property. For newly created apps this property is available by default.


The JIRA (Atlassian) application has been deprecated. Okta recommends that you upgrade to the JIRA Cloud app if you are on the cloud version of JIRA, or the JIRA On-premise app if you are on a JIRA server. All of the latest updates and new functionality will be added to these versions going forward.

We've implemented SAML for the following Okta Verified application:

  • Microsoft Cloud App Security (OKTA-90108)


We've implemented SWA for the following Okta Verified applications:

  • American Shipper (OKTA-91413)

  • Criteo (OKTA-91408)

  • Employment Hero (OKTA-91409)

  • Fab (OKTA-90767)

  • FLOR (OKTA-90765)

  • IrokoChat OnDemand (OKTA-90864)

  • Kaspersky CompanyAccount

  • My Kaspersky (OKTA-91410)

  • Poppin (OKTA-90768)

Bug Fixes

Bug numbers ending with an H are hotfixes. Hotfixes are generally deployed after the initial release.

Product Bug Fixes

The following issues are fixed:

  • OKTA-70497 – VPN for Mobile was listed in the Self Service app list in error.
  • OKTA-73368 – The Duo Push security option failed to display the available authentication phone numbers when signing into Box from Microsoft Office 365 (0365).
  • OKTA-85913 – Okta plugin popup banners displayed in the wrong location in the browser window when using the Okta-managed Mimeo app.
  • OKTA-87353 – When changing the password in the ADP Workforce Now app, the browser plugin did not offer to create a new random password and update the app chiclet.
  • OKTA-87892 – Okta Mobile automatic updates were not available for Android for Work (AfW) devices.
  • OKTA-89459 – Salesforce provisioning failed when provisioning parameters contained an apostrophe.
  • OKTA-89509 – When configuring group assignment for JIRA provisioning, the UI only displayed the first 20 JIRA groups.
  • OKTA-89820 – The Replicon app did not accept provisioning credentials.
  • OKTA-90267 – Incorrect text displayed in the Expire Passwords modal (Directory > People > More Actions > Expire Passwords).
  • OKTA-90460 – The list of reports for our new EA System Log was not alphabetized.

Platform Bug Fixes

The following issues are fixed:

  • OKTA-73691 – HTML tags were incorrectly allowed in POST and PUT requests to /api/v1/idps/.
  • OKTA-90218 – Requests to /oauth2/v1/authorize failed if they included a state value with special characters.
  • OKTA-91074 – Requests to /oauth2/v1/introspect incorrectly included scopesList.
  • OKTA-91441 – The Users API incorrectly returned an error when updating login

App Integrations Fixed

The following SWA apps were not working correctly and are now fixed:

  • Adobe Creative (OKTA-91267)

  • Eventbrite (OKTA-91258)

  • Fluke Support (OKTA-88713)

  • Front Row(Student login) (OKTA-91270)

  • MassMutual RetireSmart (OKTA-90810)

  • Merrill Lynch Benefits (OKTA-91264)

  • MERS OnLine (OKTA-91405)

  • OutSystems (OKTA-91414)

  • Shopify (OKTA-90862)

  • Skyslope (OKTA-90861)

  • Twitter (OKTA-91416)

  • Verizon Wireless Business