Okta Preview Release 2016.35 began deployment on September 1. For the latest information on our release schedule, see Current Release Status.
Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.
Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.02 was pushed the second week of 2016. The week numbers follow the ISO Week Date convention.
Important Notice for AD Integrations Using Federated Profiles
If your Okta Active Directory (AD) integration uses Federated Profiles, you should update to the latest GA version of the Okta AD agent. Beginning April 21, 2016, Okta automatically migrated all orgs that use the Federated Profiles option to the Okta enhanced AD integration, which requires agent version 3.0.8 or higher. If your Okta AD agent is earlier than version 3.0.8, following the migration your organization may experience inconsistent behavior, including loss of groups and group memberships.
To identify orgs running Federated Profiles, see Determining Your AD Integration Type.
For download and installation instructions, see Installing and Configuring the Active Directory Agent.
Note: If you run multiple Okta AD agents, upgrade all agents on your domain servers to the same version. Running different versions of the AD agent can cause all of them to function at the level of your oldest agent.
Unless otherwise noted, these features are available for all organizations with release 2016.35.
We are pleased to announce the Early Access (EA) release of Client Access Policies for Microsoft Office 365. We have added configuration options to our policy rules that enable you to control access to Office 365 by specifying the types of client (Desktop, Mobile, or Web) that the policy applies to.
For more information see Getting Started with Office 365 Client Access Policies.
This is an EA feature; contact Okta Support to enable it.
We have improved the default mapping behavior for OpenID Connect apps. To help you keep users in sync when mapping Okta User Profiles to Web App User Profiles, the option Apply mapping on user create and update is now the default setting.
Okta Mobile now supports enrollment of Android Nougat (7.0) devices into Android for Work (AfW).
- We now support importing the IA5String string type from the AD Schema.
- The Okta Active Directory (AD) agent version 3.4.3 is now Generally Available (GA). This release provides the following:
- All the fixes and enhancements provided by EA versions 3.4.1 and 3.4.2.
- Support for writing binary data to an AD object's attribute.
For details, see Active Directory Agent Version History.
- The Okta IWA Web App version 1.9.2 is now GA. This release provides all the fixes and enhancements contained in EA versions 1.9.0, 1.9.1, and 1.9.2.
For details, see IWA Web App Version History.
Platform Release Notes
Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.
Incremental Features Summary
There are no incremental features to announce this week.
We've implemented SWA for the following Okta Verified applications:
Employers Mutual EMlearning
Employers Mutual EMSafe
Fair Work (OKTA-99012)
File Stack (OKTA-99017)
We've implemented SAML for the following Okta Verified applications:
Bug numbers ending with an H are hotfixes. Hotfixes are typically deployed after the initial release.
Product Bug Fixes
The following issues are fixed:
- OKTA-69183 – Admins were able to enter non-standard URLs in the Configure SAML tab for recipient and destination URLs.
- OKTA-76374 – Okta custom security questions allowed answers that were part of the question.
- OKTA-92536 – Org Admins and User Admins were unable to access user profiles.
- OKTA-93743 – When failed AD provisioning tasks were automatically retried, the initially selected Organizational Unit (OU) was unselected.
- OKTA-94910 – When an enrolled MFA option was disabled, logging into Okta sent end users to a Too many redirects error page.
- OKTA-96535 – Under certain conditions, some Okta end users were unable to successfully complete their DUO enrollment.
- OKTA-97185 – The application and people count was inconsistent when assigning application(s) to people.
- OKTA-97734 – Mobile admins could not specify zero (0) maximum failed log-in attempts in iOS Passcode Requirements.
- OKTA-97801 – The Reset Password error message for previously used passwords was unclear.
- OKTA-98946 – iOS device users signing-in to their Okta org with the Safari browser could not edit auto-populated usernames if the New Okta Sign In Experience was enabled.
- OKTA-99070 – Sign-in failed when trying to access some custom SAML apps created with the Okta SAML 2.0 template.
- OKTA-99450 – End users with uBlock installed were unable to load the Okta Homepage.
- OKTA-99470 – The Okta Apple Push Notification Service used an old certificate version when a newer one was available.
App Integrations Fixes
The following SWA apps were not working correctly and are now fixed:
The following Mobile app was not working correctly and is now fixed: