Okta Preview Release 2017.03 began deployment on January 23. For the latest information on our release schedule, see Current Release Status.
Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.
Version numbers usually indicate the year and week of the year when releases are pushed to orgs. For example, release 2017.02 was pushed the second week of 2017. The week numbers follow the ISO Week Date convention.
Apple iOS 10 Upgrade Impact on Okta Mobility Management Password Sync
Users who have upgraded to iOS 10 should note the following: If you’re using Okta Mobility Management (OMM) to configure Exchange ActiveSync (EAS) profiles, a known issue has been introduced that affects OMM’s ability to perform Password Sync for EAS profile updates on iOS devices. For details and workarounds, see Known Issue: iOS10 upgrade impacts Okta Mobility Management (OMM) Password Sync.
Unless otherwise noted, these features are available for all organizations with release 2017.03.
An animated transition page now appears when users click chiclets to log into apps:
This is an Early Access (EA) feature; contact Okta Support to enable it.
Okta Verify with Touch ID is now Generally Available (GA). You can configure an end-user fingerprint request that appears after the initial MFA challenge. If the user's device is lost or stolen, no one else can gain access to it. This feature is currently available only for iOS devices. For details, see Okta Verify with Touch ID.
We have improved text in the end user Welcome screen and Settings page in the Japanese language.
SCIM template apps are now available in Preview.
In addition to the index, we now support requesting the SAML ACS Endpoint by URL. For information about allowing apps to request other URLs, see Using the App Integration Wizard.
You can set an authorization server to manually rotate keys. Keys are rotated automatically by default. For more information, see API Access Management.
Important: Automatic key rotation is more secure than manual. Use manual key rotation only if you can't use automatic.
You can now search on the exact name of an authorization server or resource URI from the Authorization Servers tab (Security > API).
Platform Release Notes
Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.
We've enhanced the following application integrations:
We've implemented SWA for the following Okta Verified applications:
We've implemented SAML for the following Okta Verified application:
We've added the following Mobile application for use with Okta Mobility Management (OMM):
We've changed Signature/Digest algorithms from SHA1 to SHA256 for the following SAML apps:
Bug numbers ending with an H are hotfixes. Hotfixes are typically deployed after the initial release.
Product Bug Fixes
The following issues are fixed:
- OKTA-98392 – Mobile setup for Duo MFA failed to scale for mobile devices.
- OKTA-102542 – Okta's automatic app sign-in feature failed to present a login banner for some apps accessed outside of Okta.
- OKTA-104954 – Null values for SCIM app custom attributes were not pushed to third-party apps.
- OKTA-105809 – A 400 Bad Request error was caused when more than thirty users signed in using a single browser.
- OKTA-105873 – Importing users via a CSV file failed for some types of apps.
- OKTA-107998 – API-activated users were successfully created and assigned to a group, even when they did not meet the group’s password requirements, but failed at activation.
- OKTA-109159 – Manipulating HTML script tags for use in the Okta MFA security question was prevented, while saving unsafe database additions was allowed.
- OKTA-111339 – Salesforce Community provisioning failed for custom Community user profiles.
- OKTA-111609 – The new System Log did not log User attempted unauthorized access to app events.
- OKTA-111832 – Authenticating users failed for apps that use wrappers.
App Integrations Fixes
The following SWA apps were not working correctly and are now fixed: