Okta Production – Release 2016.18 Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka0f0000000mcamka0&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fokta-production-release-2016-18
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Okta Production – Release 2016.18
Published: May 10, 2016   -   Updated: Jun 22, 2018
Okta Production Release 2016.18 began deployment on May 9. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

User-added image

Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.05 was pushed the fifth week of 2016.

Migrating Orgs with Federated Profiles (AD Integrations)

Beginning April 21, 2016 for Preview orgs and May 4, 2016 for Production orgs, Okta automatically will migrate all orgs that use the Active Directory (AD) Federated Profiles option to the Okta enhanced AD integration. Enhanced integration combines the best features of our Classic Imports and Federated Profiles options into a single, simplified, more robust offering. For more details, see About Okta's Enhanced Active Directory Integration.

To help ensure a successful migration, note the following:

  • Some features of Enhanced AD Integration require that all Okta AD Agents be upgraded to version 3.3.5.  Otherwise, changes you make to Group OU settings will not take effect for JIT Provisioning until you restart your agents. (The agent upgrade requires a complete uninstallation and reinstallation; see Installing and Configuring the Active Directory Agent.)
  • By default, Enhanced AD Integration synchronizes groups on a daily basis (you can change the import frequency in Import and Account settings.) Your integration settings for user imports is preserved. This means that if your org is not configured to run scheduled imports, your users continue to be imported and/or updated via Just In Time provisioning (JIT).

New Product Features​

Unless otherwise noted, these features are available for all preview organizations with this release.
  • Admins can now auto-launch a specific app for all end users at sign in. Previously, this option was only available to end users. Now, admins can access this option from the specific <App> page > General tab > App Settings, as detailed in Using the Okta Applications Page. Note: Checking this option only affects end users that are newly assigned to the app. Previously assigned users must manually choose auto-launch by accessing the app chiclet <App> Settings button.

    User-added image

  • Availability: This is an Early Access (EA) feature; contact Okta Support to enable it.

    Okta enhanced Multifactor authentication (MFA) options are now Generally Available (GA). MFA options can now be assigned on the group level, and also allow you to enforce admin-created rules, such as mandatory sign in requirements. Additionally, policies and rules can be location-based to secure off-network connections. For details, see Using the Multifactor Page.

    Availability: This feature is GA for all orgs.

  • Task functionality is enhanced to allow edits of all fields in the app assignment screen when processing provisioning, activation, and validation feature tasks. For more information see About Your Administrator Dashboard.

    Availability: This is an EA feature; contact Okta Support to enable it.

  • We've made it easier to assign grant types in OAuth 2.0 Settings by grouping all the options together in a set of checkboxes in Allowed grant types. This one location and label replaces the Allow Offline Access checkbox for web and native apps, and the Allow Password Credentials checkbox for native apps. For more information, see Using OpenID Connect.

  • Okta's powerful new Universal Directory (UD) integration with Smartsheet is now GA for all preview orgs, and new production orgs. See About Universal Directory for more details.

    Availability: This feature is GA in release 2016.18 for all preview and new production organizations, and in release 2016.19 for existing production organizations.

  • An enhancement to the Workday implementation is now GA. This improvement increases import speed.

    Availability: This feature is available in release 2016.18 for new preview and production organizations and in releases 2016.20–2016.22 for existing production organizations.

New Platform Features

Note: You can find platform documentation and other developer resources at http://developer.okta.com.

Improved Security with Increased Size for Refresh Token

The size of the refresh token for OAuth 2.0/OpenID Connect has been increased for added security.

Version 1.0.1 JavaScript SDK is Available

The Okta Auth JavaScript (JS) SDK version 1.0.1 is available here. Okta Auth JS SDK is a wrapper around Okta's authentication API. Use it to obtain an Okta session cookie or an ID token.

Incremental Features Summary

The following table summarizes features that are enabled incrementally. Links in this table go to the release notes in which the feature was initially announced. After the feature is fully released, it is no longer tracked in this table. For release history of all features, see Features by Release.

FeaturePreview
New Orgs
Production
New Orgs
Preview
Existing Orgs
Production
Existing Orgs
Smartsheet UD Integration2016.182016.182016.182016.19
Workday Import Performance Improvement (see above)2016.182016.182016.18 (5/9)2016.20-2016.22
Password Policy (Softlock)2016.152016.17-2016.182016.152016.17-2016.18
SAML Destination Attribute2015.522015.522016.16-1016.182016.16-2016.18

Application Updates

Enhancements

We've updated the SAML setup instructions for the Spoke application (OKTA-88025).

Integrations

We've implemented SAML for the following Okta Verified application:

  • Gorilla Expense (OKTA-87183)

 

We've implemented SWA for the following Okta Verified applications:

  • AggregateSpendID (OKTA-85401)

  • AHS Vendor Portal (OKTA-88009)

  • Clearbit (OKTA-88267)

  • Dash (OKTA-88007)

  • Edge Group Portal (OKTA-88270)

  • Guidebook (OKTA-88269)

  • Howard County Public School
    System (OKTA-87178)

  • Indiegogo (OKTA-88014)

  • MessageBird (NL) (OKTA-88006)

  • Mood Media - Voice Design
    (OKTA-88018)

  • Online Tech - OTPortal (OKTA-88012)

  • Scrypt - Sfax (OKTA-88016)

  • Tawk.to (OKTA-88011)

  • TelePacific - OneCentral (OKTA-88013)

  • ZeroFox Dashboard (OKTA-88017)

We've added the following Mobile applications for use with Okta Mobility Management (OMM):

  • Facebook at Work (OKTA-83621)

  • Outlook Web Access - 2003
    (OKTA-87929)

Bug Fixes

Bug numbers ending with an H are hotfixes. Hotfixes are generally deployed after the initial release.

Product Bug Fixes

The following issues are fixed:

  • OKTA-60554 – Duo reports failed to show user authentication IP addresses.
  • OKTA-84734 – The message Account successfully unlocked! did not display after some users unlocked their Okta account.
  • OKTA-86456 – The relay state URL was lost for certain end users when signing into Office 365 or GoToMeeting apps.
  • OKTA-86690 – A group rule error did not clearly state the 100-rule limit.
  • OKTA-86866 – For the Microsoft identity provider (IdP) for social authentication, the externalId Profile mapping for appeared in the SYSTEM section instead of BASE. (Previously reported in Preview 2016.17.)
  • OKTA-86892 – The change password procedure failed for end users in some orgs with the New Okta Sign-In Experience enabled.
  • OKTA-87092 – JIT provisioning failed to sign in first-time Okta end users.
  • OKTA-87118 – The profile editor option on create and update to set user mapping was not available for Google Apps after provisioning was enabled.
  • OKTA-87827H – Removed a potential cross-site scripting vulnerability from the Duo settings.
  • OKTA-88188H – Fixed Incorrect session validation when a custom sign-out URL is specified.
  • OKTA-88939H – Some AD imports failed following a large change to AD.

Platform Bug Fixes

The following issues are fixed:
  • OKTA-86900 – Setting Use a custom login page for this application when creating a new SAML app failed to cause the Embed Link to redirect to the Login page URL.
  • OKTA-87045 – In authorization flows, Okta failed to post an error message back to the client when a client_id or redirect_uri was invalid.

App Integrations Fixed

The following SWA apps were not working correctly and are now fixed:

  • DiscoverOrg (OKTA-87715)

  • MxToolbox (OKTA-87976)

  • Pulse Realty Solutions (OKTA-88222)

  • Ricoh Resource Center
    (OKTA-87979)

  • ShipStation (OKTA-87973)

  • Travizon (OKTA-87977)

The following SAML apps were not working correctly and are now fixed:

  • Spoke (OKTA-88025)

  • ZScaler (OKTA-87460)

  • Spoke (OKTA-88025)