Okta Production Release 2016.10 began deployment on March 14. For the latest information on our release schedule, see Current Release Status.
Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.
- We have improved the app sign-in experience for Okta customers with Integrated Windows Authentication (IWA) in mixed environments. Improvements include:
- If automatic app sign-in fails, now the relay state of the desired app is preserved, users are redirected back to the Okta Sign-In page to enter credentials, and then authenticated to the app. This ensures that non-IWA SSO-capable users can complete the sign-in process and SSO in to the apps they want, while IWA SSO-capable users retain the optimal automatic app sign-in experience they've always enjoyed.
- Customization options allow admins to change the IWA detection timeout period, as well as create IIS URL rewrite rules to redirect specified clients to the Okta Sign-In page without attempting IWA SSO.
The improved IWA app sign-in experience requires Okta IWA Web App agent version 1.9.1. and is available to Early Access (EA) users. To obtain this version, contact Okta Support. For more information, see Configuring Desktop SSO.
- We have enhanced our Managed Applications Configurations feature for Okta Mobility Management (OMM). Now, admins can configure key-value pairs for individual mobile apps with more granularity, rather than sending configurations that are shared among mobile instances. For details, see Managed Application Configurations.
- Okta is pleased to introduce the Okta On-Prem MFA agent. This new agent provides an enhanced end user experience for orgs that use non-RSA, on-premises MFA providers with Okta. The Okta On-Prem MFA agent is designed to eventually replace the Okta RSA SecurID agent. This is an EA release; to obtain it, contact Okta Support. For more information, see Configuring On-Prem MFA (including RSA SecurID).
The Okta user state, Suspended is now Generally Available (GA). Suspended users cannot log in to Okta, and the Okta login is blocked for apps that support SAML. App and group memberships are maintained for suspended users and are reinstated if the user is subsequently unsuspended.
For information on suspending and unsuspending users from the UI, see Using the Okta People Page. For information on API support for these lifecycle states, see Suspend User in the Okta API documentation.
There are two enhancements to the system log. When users are added or removed from groups, the log now specifies whether the change was initiated by an admin or by a rule. Additionally, the log now indicates when a rule is deactivated that contains a user attribute in a condition.
On March 1, 2016, Okta discontinued support for iOS 7.x. Okta Customer Support will no longer investigate issues related to iOS 7. For more details see Okta Mobile and Okta Verify Supported Versions. To learn about Okta’s version support information, see our new Supported Configurations page.
Okta Developer Platform
Documentation for the Okta Developer Platform is available at http://developer.okta.com.
Incremental Features Summary
The following table summarizes features that are enabled incrementally. Links in the Feature column point to additional documentation for that feature, if available. After the feature is fully released, it is no longer tracked in this table. For release history of all features, see Features by Release.
|Group-based Sign On Policies||2015.48|| –||2015.48|| –|
|Enhanced Automatic App Login (Plugin)||2015.46||2015.46|| –|| –|
|Box for EMM||2016.09||2016.11||2016.09||2016.11|
|WS-Federation Auto Config||2016.09||2016.10||2016.09||2016.10|
|New User State: Suspended (GA)||2016.10||2016.11||2016.10||2016.11|
We have released the following Okta agents for Early Access (EA) customers:
To obtain either of these EA releases, contact Okta Support.
We've implemented SAML for the following Okta Verified applications:
We've implemented SAML for the following Community Created applications:
We've implemented SWA for the following Okta Verified applications:
Blue Bottle Coffee (OKTA-83008)
Knowledge Owl (OKTA-82145)
RTD Smartcard (OKTA-82223)
The National Bike Challenge
We've added the following Mobile application for use with Okta Mobility Management (OMM):
*Available in 2016.11 Production.
Bug numbers ending with an H are hotfixes. Hotfixes are generally deployed after the initial release.
- OKTA-48790 – Fixed an issue in which the SAML process fails for Template SAML 2.0 apps when attributes referenced in the attribute statement have blank or null values.
- OKTA-63793 – Fixed an issue where end users clicked an application link but were looped back to the Okta portal instead of being sent to the appropriate app.
- OKTA-70182 – Fixed an issue in which the Okta browser plugin prompted to change admin-managed passwords when users navigated to the change password page for the app.
- OKTA-70956 – Fixed an issue that caused permission errors when using SMS as part of multifactor authentication.
- OKTA-77034 – Fixed an issue in which SAML attribute statements were deleted after upgrading the Cloud Provisioning Connector (CPC) package.
- OKTA-78332 – Fixed an issue in which end users of WS-Fed applications using an SP-initiated flow were redirected to the Okta login screen instead of the defined URL.
- OKTA-79503 – Fixed a timeout issue that caused an erroneous message to appear on OMM enrolled iOS devices.
- OKTA-80022 – Fixed an issue that prevented updating mapped CDATA information from an IDP profile to an Okta user profile.
- OKTA-81486 – Fixed an issue that prevented assigning applications or policies to groups that contained parentheses in their names.
- OKTA-81713 – Fixed an issue in which operations for forgotten passwords did not validate SMS codes correctly.
- OKTA-81916 – Fixed an issue that prevented editing the app label in the HealthyU app.
- OKTA-83388 – Fixed an issue where clicking the Add Application button triggered an HTTP Status Code 500 error.
- OKTA-83461 – Fixed an issue launching apps in which users were prompted to start their VPN even though it was already connected.
The following SWA apps were not working correctly and are now fixed:
Discover Card (OKTA-82424)
Rackspace Cloud (OKTA-77929)
Sungard Availability Services -