Okta Preview Release 2016.30 began deployment on July 27. For the latest information on our release schedule, see Current Release Status.
Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.
Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.02 was pushed the second week of 2016. The week numbers follow the ISO Week Date convention.
Important Notice for AD Integrations Using Federated Profiles
If your Okta Active Directory (AD) integration uses Federated Profiles, you should update to the latest GA version of the Okta AD agent. Beginning April 21, 2016, Okta automatically migrated all orgs that use the Federated Profiles option to the Okta enhanced AD integration, which requires agent version 3.0.8 or higher. If your Okta AD agent is earlier than version 3.0.8, following the migration your organization may experience inconsistent behavior, including loss of groups and group memberships.
To identify orgs running Federated Profiles, see Determining Your AD Integration Type.
For download and installation instructions, see Installing and Configuring the Active Directory Agent.
Note: If you run multiple Okta AD agents, upgrade all agents on your domain servers to the same version. Running different versions of the AD agent can cause all of them to function at the level of your oldest agent.
Unless otherwise noted, these features are available for all organizations with release 2016.30.
The Access Request Workflow feature is now available. It is a complete, multi-step approval workflow through which end users can request access to apps. Admins can select approvers who have the ability to grant access for self-service applications. Access Request Workflow features group and individual approvers, customized notifications, commenting, notes, and customizable timeout rules. All setup is accessed from the Okta Admin Dashboard and requires no programming or configuration files. For more information, see Access Request Workflow.
Note: This is an Early Access (EA) feature that requires either the Enterprise Plus or Provisioning Product editions. Contact Okta Support to enable it.
- We have increased the character limit of the SAM Account name field in the Push Groups to Active Directory modal from 20 to 256 characters. This allows admins to create long samaccountnames in Okta that match their Active Directory (AD) naming convention. Push Groups is an Early Access (EA) feature.
The feature that allows admins to auto-launch a specific app for all end users at sign in is now Generally Available (GA). Previously, this option was only available to end users. Now, admins can access this option from the specific <App> page > General tab > App Settings, as detailed in Using the Okta Applications Page. Note: Selecting this option only affects end users who are newly assigned to the app. Previously-assigned users must manually choose auto-launch by accessing the app chiclet <App> Settings button.
- As an alternative to sending notifications to everyone in your org, you can now specify individual users and groups. For more information, see About Your Administrator Dashboard.
- In the app settings of supported apps, you can now toggle between Reveal Password and Hide Password to control password visibility.
- When you define a SAML IdP, you can select a user profile attribute to match against the IdP username. More attributes are now available for selection in the Match against dropdown. For details, see Configuring Inbound SAML with Universal Directory Options.
- Support for the Czech language for the end user experience is now available to all customers in Beta format. You can select the default language preference for your entire org, and your end users can select a different language preference for their own experience. The end user's preference overrides the language set for the org. For more information, see Setting Language Preferences.
- Now, when turning provisioning or profile push updates on or off, the setting for pushing from Okta to an app is not reset and the current values are retained.
The latest On-Prem MFA agent, version 1.3.2, is a proxy server option. This EA agent allows for proxy configuration with your RADIUS-enabled on-prem MFA server, including RSA Authentication Manager for RSA SecurIDs. For details, see Using the On-Prem MFA Agent with Proxy (Early Access).
Platform Release Notes
Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.
Incremental Features Summary
There are no incremental features to announce this week.
Note: This notice was modified July 29 and August 19 after initial publication of these release notes.
Microsoft has updated the sync functionality of their OneDrive application, and have replaced the OneDrive for Business Client (groove.exe) with the OneDrive for Business Next Generation Sync Client (onedrive.exe). Consequently, Okta has discontinued support for the OneDrive for Business Client (groove.exe). Users are now prompted to upgrade to the OneDrive for Business Next Generation Sync Client (onedrive.exe). For more information, see Upgrading to OneDrive for Business Next Generation Sync Client.
We've implemented SAML for the following Okta Verified applications:
We've changed Signature/Digest algorithms from SHA1 to SHA256 for the following SAML apps:
Asset Bank (OKTA-95811)
BMC AppZone (OKTA-95981)
Bug numbers ending with an H are hotfixes. Hotfixes are generally deployed after the initial release.
Product Bug Fixes
The following issues are fixed:
- OKTA-88547 – Admins with the User Admin role could not create users.
- OKTA-89653 – For some SAML integrations, an SP-init flow that sent an SP's SAML request with `forceAuthn` set to `true` resulted in an HTTP Error 400.
- OKTA-90450 – End users were unable to enroll in OMM if they were already signed into Okta via a Safari browser.
- OKTA-90994 – The list of installed apps on Mobile iOS devices was not updating properly upon enrollment in OMM.
- OKTA-90995 – After unenrollment from OMM, the list of installed apps on Mobile iOS devices did not properly reset.
- OKTA-92292 – The values of custom Universal Directory fields were not being mapped from the Profile Editor for the Salesforce app.
- OKTA-92653 – Active Directory users were unable to set up Duo as the 2nd factor authentication during their initial account setup.
- OKTA-93376 – A new Nevada area code prevented delivery of recovery passwords for Okta end-users.
- OKTA-93468 – Users in South Sudan were unable to register their country code prefix to receive an SMS message. It was not displayed in the list of countries.
- OKTA-93475 – The Zendesk app could not be assigned if the Custom Role was left blank.
- OKTA-94720 – Testing API credentials failed when trying to enable provisioning settings for a SCIM server.
- OKTA-95520 – Logging in to O365 from thick clients failed for end users using DUO, SMS, and Okta Verify in orgs with the New Okta Sign-In Experience enabled.
- OKTA-95547 – The View Log link on the Active Directory page did not link to our new EA System Log (when enabled).
- OKTA-95574 – An incorrect version of Okta Mobile was listed on the Okta Downloads page.
- OKTA-95628 – Provisioning users for O365 failed if the user's password contained special characters.
App Integrations Fixes
The following SWA apps were not working correctly and are now fixed:
American Airlines (OKTA-92950)
The Chronicle of Philanthropy (OKTA-96131)
Exclusive Resorts (OKTA-95808)
HRConnection by Zywave (OKTA-95627)
Life Size (OKTA-95664)
Microsoft Office 365 (OKTA-92533)
SAP Support Portal (OKTA-94888)
UBS One Source (OKTA-86824)