Okta Preview Release 2017.13 began deployment on March 30. For the latest information on our release schedule, see Current Release Status.
Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.
Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2017.03 was pushed the third week of 2017. The week numbers follow the ISO Week Date convention.
The Okta Release Notes are moving!
Release 2017.13 is the last version of the release notes to be published in this form and location. As of release 2017.14 you will find the release notes at http://help.okta.com.
Our new design and functionality allows for clear navigation through all the elements you care about in Okta: Production and Preview, Early Access features, Special announcements, and Mobile releases. You can see a list of all the features in a release quickly and find all available Early Access features. Try them out at https://help.okta.com/en/prev/Content/Topics/ReleaseNotes/okta-rel-notes.htm.
Advance Notice: API Rate Limit Improvements
We are making org-wide rate limits more granular, and treating authenticated end user interactions separately. More granular rate limits will further lessen the likelihood of calls to one URI impacting another. Treating authenticated end user interactions separately will lessen the chances of one user’s impacting another. We’re also providing a transition period so you can see what these changes will look like in your Okta system log before enforcing them:
Starting in early April, 2017, we will provide system log alerts to let you know if you exceeded any of these new API rate limits.
Starting in early April, 2017, we will treat authenticated end user interactions on a per-user basis. Interactions like SSO after login won’t apply to your org-wide API rate limits.
Early in May, 2017, we will enforce the new, more granular rate limits. At that point, the warnings in the System Log will change to error notifications.
Of course, as each change is released, we’ll announce the change in the Platform Release Notes on http://developer.okta.com.
For a full description of the rate limit changes, see API Rate Limit Improvements.
Browser plugin phased rollout
On February 20, 2017, Okta began a phased Generally Available (GA) release of Okta browser plugin version 5.11.x for all supported browsers. We've postponed our plan to complete the rollout on March 7, 2017. The new target is April 1, 2017. This version provides security enhancements. Okta strongly recommends that you install the plugin when prompted to do so. If you have any questions or concerns following the upgrade, contact Okta Support. For version history, see Browser Plugin Version History.
New Okta Sign-In Experience to be enabled for all remaining Production orgs
We've postponed our plan to automatically enable the New Okta Sign-In Experience by February 15, 2017 for the remaining Production orgs that have not enabled it yet. Our new target is April 1, 2017. In the meantime, we recommend that you enable the feature at your convenience to let your users become familiar with it. If you have any questions, please contact Okta Support.
Unless otherwise noted, these features are available for all organizations with release 2017.13.
You can configure a custom domain so that email Okta sends to your end users appears to come from an address that you specify instead of the default Okta sender firstname.lastname@example.org. This allows you to present a more branded experience to your end users. For details, see Configure a Custom Email Domain. This is an Early Access feature; contact Okta Support to enable it.
You can now customize expired password flows to redirect end users to a website that you specify instead of the default Okta expired password form. This enhancement aligns with Okta's other password redirect options to provide a fully customized password management experience outside of Okta. For details, see Expired Password. This is an EA feature; contact Okta Support to enable it.
We have enhanced our EA version of the ServiceNow app to support Password Sync. For more information about this app, see the ServiceNow (EA) Provisioning Guide.
We have enhanced our System Log to now log the actual raw user agent string in the RawUserAgent string field.
Platform Release Notes
Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.
We have updated the On-Premises Provisioning (OPP) agent to version 1.0.13. This allows the OPP agent to use the TLS v1.2 protocol, and deprecates TLSv1.0. We recommend updating your OPP agent as soon as possible, as TLSv1.0 is no longer considered secure.
We have released Okta IWA Agent version 1.10.3 for EA users. This version restores support for Windows Server 2008 (removed temporarily in version 1.10.2).
To obtain this EA version, contact Okta Support. For version history, see SSO IWA Web App Version History.
We've implemented SWA for the following Okta Verified applications:
We've implemented SAML for the following Okta Verified applications:
We've added the following Mobile application for use with Okta Mobility Management (OMM) (Android and iOS):
We've added the following Mobile applications for use with Okta Mobility Management (OMM) (iOS only):
Bug numbers ending with an H are hotfixes. Hotfixes are typically deployed after the initial release.
Product Bug Fixes
The following issues are fixed:
- OKTA-79821 – The Save Password button failed to save the password for some users.
- OKTA-86540 – IP Zones were listed by ID instead of by name or order last added.
- OKTA-111018 – Users with the Okta New Sign-In Page enabled received a 400 Bad Request when attempting to sign into Veeva Vault app.
- OKTA-111656 – The Okta plugin failed to sign in some users.
- OKTA-112935 – When some admins attempted to create an AD-mastered user, an Okta-mastered user was sometimes created instead.
- OKTA-113253 – When admins used a Reset Password template, their end users were redirected to a 403 error page.
- OKTA-114197 – After deleting a user with an enrolled device, the Device Overview page failed to load.
- OKTA-114853 – Some users' refresh token failed to refresh.
- OKTA-115282 – Setting up the Security Key (U2F) key factor from the user account page resulted in an error message.
- OKTA-117968 – Some users received an error when importing users from their Okta Production org.
The following SWA apps were not working correctly and are now fixed:
The following SAML app was not working correctly and is now fixed:
The following OMM app was not working correctly and is now fixed: