Okta Production – Release 2016.15 Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Okta Production – Release 2016.15
Published: Apr 19, 2016   -   Updated: Jun 22, 2018

Okta Production Release 2016.15 began deployment on April 18. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

User-added image

New Features​

  • We are pleased to announce that Okta and Google have partnered to integrate Android for Work (AfW) with Okta Mobility Management (OMM). Customers are now able to take advantage of the advanced security features of Android for Work alongside Okta’s provisioning and enterprise mobility management capabilities. For more feature details, see About Android for Work. For configuration information, see Setting Up Android for Work.

    This is an Early Access (EA) feature; contact Okta Support to enable it.

  • Our Private App Store is now available for Android devices. This feature allows admins to upload internally developed enterprise apps to Okta and distribute them via Okta Mobility Management (OMM). Private App Store provides more details.

    This feature is EA; please contact Okta Support to enable it.

  • Admins can now specify a Profile name when configuring Microsoft Exchange ActiveSync (EAS) to synchronize their users' mobile devices with their Exchange server. This Profile name appears on their end users' devices:
    User-added image
    See Enabling Mobile Access to Applications for more information.

  • Okta Mobility Management (OMM) messages are now displayed in the system log.

  • Okta Expression Language for username can now be used when configuring mobile apps in OMM. See Managed Application Configurations​ for more details.

  • The Okta On-Prem MFA agent (formerly the RSA SecurID agent) is now Generally Available (GA). This agent provides an enhanced end user experience for orgs that use non-RSA, on-premises MFA providers with Okta. You can use this agent to leverage MFA challenges from a variety of on-premises multifactor authentication tools. For more information, see Configuring On-Prem MFA (including RSA SecurID).
  • Like Super, Org, and User admins, now App admins can choose not to receive email notifications about locked user accounts. For more information, see Using the Okta Settings Page.

    User-added image

  • Admins can now import the default Users container without importing all Organizational Units (OU) in the domain. The setting is available in the Import and Account Settings section for the Okta Active Directory agent. For more information, see Installing and Configuring the Active Directory Agent.

    User-added image

  • To help ensure successful imports from Active Directory (AD) to Okta, we’ve increased the character limit of address fields in Okta to match the limits in AD.
  • Our Softlock feature, a safeguard against end-user lockouts, is now GA. This option also prevents a malicious third party from using Okta to lock out an end user in AD. Softlock is available to AD-mastered group password policy users. For details, see Configuring Group Password Policies.

Okta Developer Platform New Features

  • Support for AMR Change

    OAuth Working Group updated the Authentication Method Reference Values specification to replace the proof-of-possession value (pop) with more granular values for hardware (hwk) and software (swk). You can use these values with the Sessions API AMR object.

  • OIDC Endpoint Update

    In the OIDC endpoint /.well-known/openid-configuration,you can specify the value none for the property token_endpoint_auth_methods_supported, and you can specify refresh_token as a valid value for the client application property grant_types.

Documentation for the Okta Developer Platform is available at http://developer.okta.com.

Incremental Features Summary

The following table summarizes features that are enabled incrementally. Links in the Feature column point to additional documentation for that feature, if available. After the feature is fully released, it is no longer tracked in this table. For release history of all features, see Features by Release.

New Orgs
New Orgs
Existing Orgs
Existing Orgs
Password Policy (Softlock)2016.152016.17-2016.182016.152016.17-2016.18
Enhanced Automatic App Login (Plugin)2015.462015.46      –      –

Agent Update

The Okta On-Prem MFA Agent version 1.3.0 is now GA. For more about this agent, see Configuring On-Prem MFA (including RSA SecurID). For version history, see On-Premises MFA Agent Version History.

Browser Support

On April 15, 2016, Okta will discontinue support for Microsoft Internet Explorer 8 (IE8), as well as all versions of Compatibility View that represent IE8. After that date, Okta Customer Support will no longer investigate issues related to IE8. For more information about supported browsers, see Platforms, Browser, and OS Support.



We've implemented SAML for the following Okta Verified applications:

  • Expensewatch (OKTA-86114)

  • LiquidPlanner (OKTA-83886)

  • Ruvixx (OKTA-84693)

We've implemented SWA for the following Okta Verified applications:

  • Accretive Solutions (OKTA-86369)

  • Aerohive Support Portal

  • Cheetah Media Link (OKTA-86380)

  • Contently (OKTA-86432)

  • Credit Union Executives Society (OKTA-86378)

  • EmberScreencasts (OKTA-86373)

  • Entelo (OKTA-81647)

  • Google Merchant Center

  • LaSalle Solutions - LAMP

  • Lincoln Financial Group

  • Mittwald (OKTA-86416)

  • MoneyGuidePro (OKTA-86437)

  • PureCloud Collaborate

  • Wizbii (OKTA-86381)

Bug Fixes

Bug numbers ending with an H are hotfixes. Hotfixes are generally deployed after the initial release.

The following issues are fixed:

  • OKTA-76089 – The Okta locale attribute was ignored during group membership rule mapping.
  • OKTA-78243 – Users could not resume their import jobs after an import safeguard event.
  • OKTA-84677 – The fromURI parameter changed HTTPS to HTTP on apps that use the custom login feature.
  • OKTA-85131 – During imports from .csv files, primary and mobile phone numbers were incorrectly flagged as not matching the required pattern.
  • OKTA-85231 – All iOS mobile tokens for Microsoft Office 365 for some orgs were invalidated after imports. Company name is now read only for OMM users.
  • OKTA-86162 – Some queries on Okta Mobile executed very slowly.
  • OKTA-86870H – Imports from Workday failed under certain circumstances.

The following SWA apps were not working correctly and are now fixed:

  • ADP Run (OKTA-85193)

  • CareFirst (OKTA-85848)

  • cloud.IQ (OKTA-85846)

  • Donlen Driver (OKTA-85854)

  • First National Bank (OKTA-85517)

  • Full Slate (OKTA-85645)

  • K1000 Administrator Interface

  • Mimeo (OKTA-85847)

  • myATI (OKTA-85385)

  • Prophet CRM (OKTA-85771)

  • Standout M (OKTA-86241)

  • Trip Advisor (OKTA-86242)

  • VMware Horizon View VDI