Okta Preview Sandbox – Release 2016.45 Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Okta Preview Sandbox – Release 2016.45
Published: Nov 9, 2016   -   Updated: Jun 22, 2018

Okta Preview Release 2016.45 began deployment on November 9. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

User-added image

Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.02 was pushed the second week of 2016. The week numbers follow the ISO Week Date convention. 

Special Announcements

Deprecation Announcement for iOS 8

Okta will end support for iOS 8 on November 13, 2016. When support for this version ends, existing end users will not be affected. Users attempting new installs on iOS 8 will see a notice stating that their OS version is no longer supported. After November 13th, Okta will chiefly support iOS versions 9.x and 10.x. For details on this version and our mobile support policy, see Okta Mobile and Okta Verify Supported Versions.

We're Auto-Enabling the New Okta Sign-In Experience

The New Okta Sign-In Experience currently is available to all orgs which have chosen to enable it in Settings > Appearance > Sign-In Configuration. If you have not done so already, we recommend that you enable the feature now to let your users become familiar with it. Beginning November 15, 2016 Okta will enable the feature automatically for all new production orgs and all new and existing preview orgs and that have not enabled it already.

User-added image

The New Okta Sign-In Experience has been Generally Available (GA) for the past two quarters and is currently in use by hundreds of Okta customers. For more information about this feature, see New Okta Sign-In Experience.

What's New

Unless otherwise noted, these features are available for all organizations with release 2016.45.

  • When adding a SAML app, admins can configure multiple ACS URLs to support apps in which you can specify where the SAML Response is sent. For more information, see Using the App Integration Wizard.

    User-added image

  • In orgs running the IWA Web app, JIT operations fail if the user is disconnected from Active Directory (AD). This is consistent with current JIT behavior in non-IWA AD environments. This functionality is GA for new preview and production orgs. For more information about the IWA Web app, see Configuring Desktop SSO.

  • Voice call MFA users receive the voice call code in their preferred language. For details on using voice call authentication, see Using Voice Call Authentication.

  • The improvements we implemented to help admins create Mobile Policies and Rules on a per-platform basis are now GA. For more information, see Configuring Mobile Policies.

    User-added image

  • Yammer, Sway, CRM, and Planner chiclets are now available under the General tab for the Office 365 app. Yammer customers must have an Office 365 tenant associated with their Yammer network to leverage this functionality.

    User-added image

  • We've increased the http request timeout period to accelerate large import jobs from Workday that use unpaginated custom report URLs.

  • We've added the ability to search for the externalId attribute through schema discovery to our NetSuite Universal Directory (UD) integration (Early Access). See NetSuite Provisioning Guide for more details.

  • To improve performance of our new System Log (EA), we have limited search results to six months.

Agent Update

The Okta Java LDAP Agent version 5.3.8 is now available to EA users. This release provides internal improvements. For the version history, see Java LDAP Agent Version History.

Browser Update

On November 14, 2016, Okta will begin a phased GA release of browser plugin version 5.9.1 for Internet Explorer (IE). This release provides performance and security enhancements. Okta strongly recommends that you install the plugin if prompted to do so. If you have any questions or concerns following the upgrade, contact Okta Support. For version history, see Browser Plugin Version History.

Note: A previous version of this announcement incorrectly referenced IE plugin version 5.9.0 as the phased rollout GA candidate. That has been corrected to 5.9.1.

Toolkit Updates

We have updated the Okta JIRA Authenticator to version 2.0.3. This update provides the following:

  • To allow orgs to use JIRA native authentication instead of Okta SAML authentication, we support whitelisting service provider URLs (such as the servicedesk/customer/portal endpoint) in the okta-config-jira.xml file.
  • Fixed an issue in which credential-based authentication (basic auth) against the JIRA Software API returned an empty response in orgs with the JIRA On-Prem authenticator installed.

As both the JIRA Authenticator and the Confluence Authenticator are built on the Okta SAML Toolkit for Java, all three components are incremented to version 2.0.3 to maintain version consistency. For more details on these integrations, see Using the Confluence On Premises SAML App and Using the JIRA On-Premises SAML App. For toolkit version history, see Current JIRA JAR Version History.

We strongly recommend that customers download and upgrade the latest SAML toolkit and the necessary Jira or Confluence authenticators. You can access all of these tools from the Okta Downloads page (from the Dashboard go to Settings > Downloads).

Platform Release Notes

Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.

Incremental Features Summary

The IWA app changes described above are available for new preview and production orgs only.

Application Updates

We have enhanced the following applications:

  • Both EventBoard apps (EventBoard (SWA only) and EventBoard) apps have been rebranded to Teem.

  • We've added support for an EU instance of the BambooHR SWA app.

  • The NameID attribute for BambooHR SAML can now contain either a username or a user email address.

  • AlertLogic SWA app's login URL has changed from http://invision.alertlogic.net to http://console.clouddefender.alertlogic.com.

We've implemented SAML for the following Community Created application:

  • Adobe Creative Cloud (OKTA-102602)


We've implemented SAML for the following Okta Verified applications:

  • Cezanne (OKTA-105560)

  • Collective Health (OKTA-105565)

  • Commercial Tribe (OKTA-103763)

  • CyberArk Password Vault
    Web Access (OKTA-98250)

  • EveryoneSocial (OKTA-104350)

  • Expensify (OKTA-102698)

  • Freshdesk (OKTA-72234)

  • NeotaLogic (OKTA-91884)

​Bug Fixes

Bug numbers ending with an H are hotfixes. Hotfixes are typically deployed after the initial release.

Product Bug Fixes

The following issues are fixed:

  • OKTA-77302 – The Okta Password Health report was truncated after 100,000 rows. 
  • OKTA-100847 – Deactivated users were displayed on the Assign to People panel for an app.
  • OKTA-101993 – Users were not able to be deprovisioned for Facebook at Work.
  • OKTA-101558 – RSA SecurID end users who were deactivated and then reactivated in Okta, received a server error message on their browser and mobile devices when signing in.
  • OKTA-101575 – A small number of logins failed intermittently.
  • OKTA-102195 – The Duo widget text in Okta pointed to an incorrect link (My Settings & Devices) in Duo.
  • OKTA-102226 – The Supervisor and SupervisorID attributes in BambooHR were not updated for user update and import actions. 
  • OKTA-103545 – In Okta end-user Settings, the confirmation dialog box appeared off screen for Firefox users attempting to delete their Forgot Password recovery phone number.  
  • OKTA-104126 – Performing a resend operation for self-service unlock sometimes caused an incorrect error message to display.
  • OKTA-104314 – Access to help.okta.com was blocked by Okta's Whitelist feature.
  • OKTA-105066 – Users secondary email addresses disappeared after requesting a password reset.
  • OKTA-105194 – The New Sign In Experience failed to honor choosing a Remember device setting on some MFA-required apps.
  • OKTA-106511 – Changing a group member’s username in app settings failed if the user was assigned to the app via a group app assignment and the app was SWA or created with the SAML Template 2.0 or the WS-Fed Template
  • OKTA-106665 – Okta's Box integration did not support WebLink objects.

App Integrations Fixes

The following SWA apps were not working correctly and are now fixed:

  • ActivTrak (OKTA-105494)

  • ADP Portal (Employee) (OKTA-105287)

  • AirPlus International Corp Card

  • Angus (OKTA-105609)

  • AxurePortal (OKTA-105767)

  • Bloomberg (OKTA-105910)

  • Blue Shield CA (OKTA-105498)

  • Cisco AMP for Endpoints (OKTA-105499)

  • Cloudways (OKTA-106193)

  • Communities In Schools (OKTA-105013)

  • ExpenseCloud (OKTA-105603)

  • Globality ReadMe.io (OKTA-105000)

  • Hulu (OKTA-106256)

  • Insala (OKTA-106258)

  • InterCall (OKTA-104701)

  • iRecruit (OKTA-105599)

  • JIRA Cloud (Atlassian) (OKTA-105806)

  • Key Bank (OKTA-106255)

  • Kyriba (OKTA-106263)

  • Mercer iBenefit Center (OKTA-105612)

  • Monster Hiring (OKTA-106265)

  • MoveIt FTP (OKTA-105766)

  • MyPayFlex (OKTA-105305)

  • NetX360 (OKTA-105776)

  • New York Times (OKTA-105293)

  • Officevibe (OKTA-105768)

  • Optimal Workshop (OKTA-105657)

  • QANTAS (OKTA-106215)

  • Regions OnePass (OKTA-105497)

  • Shape (OKTA-105516)

  • ShoreTelSky Portal (OKTA-105774)

  • Tripwire PureCloud (OKTA-105495)

  • Victorias Secret (OKTA-106599)

  • VoiceShot (OKTA-105765)

  • Voya - Retirement Plan Participants

  • Yapmo (OKTA-105378)

  • Zerto (OKTA-104387)

The following SAML app was not working correctly and is now fixed:

  • NetDocuments (OKTA-105909)