Okta Preview Sandbox – Release 2016.40 Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Okta Preview Sandbox – Release 2016.40
Published: Oct 5, 2016   -   Updated: Jun 22, 2018

Okta Preview Release 2016.40 began deployment on October 5. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

User-added image

Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.02 was pushed the second week of 2016. The week numbers follow the ISO Week Date convention. 

Special Announcements

Deprecation Announcement for iOS 8

Okta will end support for iOS 8 on November 13, 2016. When support for this version ends, existing end users will not be affected. Users attempting new installs on iOS 8 will see a notice stating that their OS version is no longer supported. After November 13th, Okta will chiefly support iOS versions 9.x, and 10.x. For details on this version and our mobile support policy, see Okta Mobile and Okta Verify Supported Versions.

We're Auto-Enabling the New Okta Sign-In Experience

The New Okta Sign-In Experience currently is available to all orgs which have chosen to enable it in Settings > Appearance > Sign-In Configuration. If you have not done so already, we recommend that you enable the feature now to let your users become familiar with it. Beginning November 15, 2016 Okta will enable the feature automatically for all new and existing Preview orgs that have not enabled it already.

User-added image

The New Okta Sign-In Experience has been Generally Available (GA) for the past two quarters and is currently in use by hundreds of Okta customers. For more information about this feature, see New Okta Sign-In Experience.

Important Notice for AD Integrations Using Federated Profiles

If your Okta Active Directory (AD) integration uses Federated Profiles, you should update to the latest GA version of the Okta AD agent. Beginning April 21, 2016, Okta automatically migrated all orgs that use the Federated Profiles option to the Okta enhanced AD integration, which requires agent version 3.0.8 or higher. If your Okta AD agent is earlier than version 3.0.8, following the migration your organization may experience inconsistent behavior, including loss of groups and group memberships.

To identify orgs running Federated Profiles, see Determining Your AD Integration Type.

For download and installation instructions, see Installing and Configuring the Active Directory Agent.

Note: If you run multiple Okta AD agents, upgrade all agents on your domain servers to the same version. Running different versions of the AD agent can cause all of them to function at the level of your oldest agent.

What's New

Unless otherwise noted, these features are available for all organizations with release 2016.40.

  • Introducing Instance-level Delegated Authentication (Del Auth). This Early Access (EA) feature moves Del Auth enablement from the org-level to the instance-level. While preserving current Del Auth functionality, instance-level Del Auth is optimized for use in environments with multiple AD instances. It allows admins to delegate authentication on a per AD-instance level to support more granular authentication scenarios such as the following:

    • Configure Okta to be the authentication master for users in some AD instances.

    • Configure AD to be the authentication master for users in the remaining AD instances (meaning users log in using their Windows credentials).

    • Continue to rely on Okta to provision to all AD instances.

    User-added image

    This is an EA feature; contact Okta Support to enable it. For configuration details, see the Delegated Authentication section.

  • Okta's new Admin-Controlled Whitelist feature helps end users avoid signing-in to fake or unauthorized organizations. You can define a whitelist enforced by the browser plugin that limits your end users' access to just the orgs that you specify. Your current org is automatically added to the whitelist.

    User-added image

    This is an EA feature; contact Okta Support to enable it. For details about customizing the browser plugin, see the Browser Plugin section.

  • The Admin link that appears in the Your Apps dialog when an admin is signed in to Okta is now GA. The link allows admins to jump immediately to the Admin Dashboard. For more information, see About the Browser Plugin.

    User-added image

  • We have extended the factor lifetime period that can elapse before an end user is challenged for MFA. The maximum is now 6 months. For more info, see Configuring Sign On Policies.

  • We have improved error handling for Netsuite provisioning events.

  • We have extended the reset recovery period that end users have to recover their accounts. The maximum is now 130 days. For more info, see Configuring Group Password Policies.

  • We have upgraded our Okta Sign-In Widget to version 1.7.0. This new version provides general performance improvements. See the Platform Release Notes on http://developer.okta.com for details.

  • We have made general performance and user experience improvements to our File Uploader.

  • Our new System Log (EA) is now available on our HIPAA Compliance instance.

Agent Update

  • The Okta Active Directory Agent version 3.4.4 is now available to EA users. This release provides internal improvements. To obtain this EA release, contact Okta Support. For the version history, see Active Directory Agent Version History.

  • The Okta On-Premises MFA Agent version 1.3.3 is now GA. This release allows for proxy configuration with a RADIUS enabled on-prem MFA server. For the version history, see On-Premises MFA Agent Version History.

Browser Plugin Updates

The Okta plugin version 5.8.0 is now GA for Chrome, Firefox, Internet Explorer (IE), and Safari browsers. Now the following fixes and enhancements are available to all customers via Settings > Downloads:

Chrome, Firefox, IE, and Safari

Support for the Admin link in the Your Apps dialog (described in What's New above).

Internet Explorer only

  • Fixed an issue in which browsers running Okta plugin version 5.6.3 became non-responsive when accessing SharePoint 2013.
  • Implemented several security enhancements.

For plugin version history, see Browser Plugin Version History.

Platform Release Notes

Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.

Incremental Features Summary

There are no incremental features to announce this week.

Application Updates

We've implemented SWA for the following Okta Verified applications:

  • Algolia (OKTA-100814)

  • BrainTree (OKTA-100821)

  • CloudCare (OKTA-100812)

  • GlassFrog (OKTA-100819)

  • Gong (OKTA-100816)

  • GroupMap (OKTA-101426)

  • NWA Business Journal (OKTA-100825)

  • OptinMonster (OKTA-100823)

  • PowToon (OKTA-100818)

  • The Parking Spot (OKTA-100508)

We've implemented SAML for the following Okta Verified applications:

  • Aspera Faspex V4 (OKTA-102064)

  • Planergy (OKTA-101076)

​Bug Fixes

Bug numbers ending with an H are hotfixes. Hotfixes are typically deployed after the initial release.

Product Bug Fixes

The following issues are fixed:

  • OKTA-86679 – Group Password Policy rules for AD-mastered users were created without containing any conditions.
  • OKTA-93991 – Assigning SFDC Public Groups whose names contained special characters failed.
  • OKTA-96939 – A regex error caused WS-Federation configuration for Microsoft Office 365 (O365) to fail.
  • OKTA-97144 – Attempting SP-initiated login to the Splunk app failed due to an MFA verification loop.
  • OKTA-97702 – Retrying failed tasks prevented users from being assigned apps.
  • OKTA-98210 – The order of attributes was randomized when a new attribute was added through the Profile Editor.
  • OKTA-98819 – Changes to the displayName attribute were not mapped from AD to Okta users.
  • OKTA-99168 – The username and password fields on the New Okta Sign-In page did not appear to be active when entering credentials.
  • OKTA-99245 – The Okta browser plugin for Chrome caused web pages to load slowly in certain circumstances.
  • OKTA-99703 – When reprovisioning an existing app user, the Successfully pushed user event was not being reported in the System Log.
  • OKTA-99801 – A reset flow was initiated when an admin unlocked an account that was not previously locked.
  • OKTA-100122 – The AD agent's periodic health check of the IWA server failed when SSL certificate pinning was enabled.
  • OKTA-101000 – In some cases, save password banners failed to display even though the browser plugin was not configured to prevent them.
  • OKTA-101548 – Read Only admins were unable to access network zones data on the Network page.
  • OKTA-101643 – Unable to update the Access Request Workflow configuration when an AD group was assigned as the approver for non-Okta mastered groups.
  • OKTA-102271 – Native apps not previously installed on an iOS device could not be installed through the Okta App store.

App Integrations Fixes

The following SWA apps were not working correctly and are now fixed:

  • Air New Zealand (OKTA-102262)

  • BB&T (OKTA-97345)

  • DeltaSkymiles (OKTA-102513)

  • Dropbox Business (OKTA-99367)

  • Mandrill (OKTA-100052)

  • Masergy (OKTA-102250)

  • Microsoft Office 365 (OKTA-101426)

  • Panalitix (OKTA-102264)

  • Redbooth (OKTA-101084)

  • Schwab Retirement Plan Center

The following SAML apps were not working correctly and are now fixed:

  • Aspera Faspex V4 (OKTA-102064)

  • Mimecast (OKTA-94254)