Okta Production Release 2016.18 began deployment on May 9
. For the latest information on our release schedule, see Current Release Status
Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.
Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.05 was pushed the fifth week of 2016.
Migrating Orgs with Federated Profiles (AD Integrations)
Beginning April 21, 2016 for Preview orgs and May 4, 2016 for Production orgs, Okta automatically will migrate all orgs that use the Active Directory (AD) Federated Profiles option to the Okta enhanced AD integration. Enhanced integration combines the best features of our Classic Imports and Federated Profiles options into a single, simplified, more robust offering. For more details, see About Okta's Enhanced Active Directory Integration.
To help ensure a successful migration, note the following:
- Some features of Enhanced AD Integration require that all Okta AD Agents be upgraded to version 3.3.5. Otherwise, changes you make to Group OU settings will not take effect for JIT Provisioning until you restart your agents. (The agent upgrade requires a complete uninstallation and reinstallation; see Installing and Configuring the Active Directory Agent.)
- By default, Enhanced AD Integration synchronizes groups on a daily basis (you can change the import frequency in Import and Account settings.) Your integration settings for user imports is preserved. This means that if your org is not configured to run scheduled imports, your users continue to be imported and/or updated via Just In Time provisioning (JIT).
New Product Features
Unless otherwise noted, these features are available for all preview organizations with this release.
Admins can now auto-launch a specific app for all end users at sign in. Previously, this option was only available to end users. Now, admins can access this option from the specific <App> page > General tab > App Settings, as detailed in Using the Okta Applications Page. Note: Checking this option only affects end users that are newly assigned to the app. Previously assigned users must manually choose auto-launch by accessing the app chiclet <App> Settings button.
Availability: This is an Early Access (EA) feature; contact Okta Support to enable it.
Okta enhanced Multifactor authentication (MFA) options are now Generally Available (GA). MFA options can now be assigned on the group level, and also allow you to enforce admin-created rules, such as mandatory sign in requirements. Additionally, policies and rules can be location-based to secure off-network connections. For details, see Using the Multifactor Page.
Availability: This feature is GA for all orgs.
Task functionality is enhanced to allow edits of all fields in the app assignment screen when processing provisioning, activation, and validation feature tasks. For more information see About Your Administrator Dashboard.
Availability: This is an EA feature; contact Okta Support to enable it.
We've made it easier to assign grant types in OAuth 2.0 Settings by grouping all the options together in a set of checkboxes in Allowed grant types. This one location and label replaces the Allow Offline Access checkbox for web and native apps, and the Allow Password Credentials checkbox for native apps. For more information, see Using OpenID Connect.
Okta's powerful new Universal Directory (UD) integration with Smartsheet is now GA for all preview orgs, and new production orgs. See About Universal Directory for more details.
Availability: This feature is GA in release 2016.18 for all preview and new production organizations, and in release 2016.19 for existing production organizations.
An enhancement to the Workday implementation is now GA. This improvement increases import speed.
Availability: This feature is available in release 2016.18 for new preview and production organizations and in releases 2016.20–2016.22 for existing production organizations.
New Platform Features
You can find platform documentation and other developer resources at http://developer.okta.com
Improved Security with Increased Size for Refresh Token
The size of the refresh token for OAuth 2.0/OpenID Connect has been increased for added security.
. Okta Auth JS SDK is a wrapper around Okta's authentication API. Use it to obtain an Okta session cookie or an ID token.
Incremental Features Summary
The following table summarizes features that are enabled incrementally. Links in this table go to the release notes in which the feature was initially announced. After the feature is fully released, it is no longer tracked in this table. For release history of all features, see Features by Release.
|Smartsheet UD Integration||2016.18||2016.18||2016.18||2016.19|
|Workday Import Performance Improvement (see above)||2016.18||2016.18||2016.18 (5/9)||2016.20-2016.22|
|Password Policy (Softlock)||2016.15||2016.17-2016.18||2016.15||2016.17-2016.18|
|SAML Destination Attribute||2015.52||2015.52||2016.16-1016.18||2016.16-2016.18|
We've updated the SAML setup instructions for the Spoke application (OKTA-88025).
We've implemented SAML for the following Okta Verified application:
We've implemented SWA for the following Okta Verified applications:
AHS Vendor Portal (OKTA-88009)
Edge Group Portal (OKTA-88270)
Howard County Public School
MessageBird (NL) (OKTA-88006)
Mood Media - Voice Design
Online Tech - OTPortal (OKTA-88012)
Scrypt - Sfax (OKTA-88016)
TelePacific - OneCentral (OKTA-88013)
ZeroFox Dashboard (OKTA-88017)
We've added the following Mobile applications for use with Okta Mobility Management (OMM):
Bug numbers ending with an H are hotfixes. Hotfixes are generally deployed after the initial release.
Product Bug Fixes
The following issues are fixed:
- OKTA-60554 – Duo reports failed to show user authentication IP addresses.
- OKTA-84734 – The message Account successfully unlocked! did not display after some users unlocked their Okta account.
- OKTA-86456 – The relay state URL was lost for certain end users when signing into Office 365 or GoToMeeting apps.
- OKTA-86690 – A group rule error did not clearly state the 100-rule limit.
- OKTA-86866 – For the Microsoft identity provider (IdP) for social authentication, the externalId Profile mapping for appeared in the SYSTEM section instead of BASE. (Previously reported in Preview 2016.17.)
- OKTA-86892 – The change password procedure failed for end users in some orgs with the New Okta Sign-In Experience enabled.
- OKTA-87092 – JIT provisioning failed to sign in first-time Okta end users.
- OKTA-87118 – The profile editor option on create and update to set user mapping was not available for Google Apps after provisioning was enabled.
- OKTA-87827H – Removed a potential cross-site scripting vulnerability from the Duo settings.
- OKTA-88188H – Fixed Incorrect session validation when a custom sign-out URL is specified.
- OKTA-88939H – Some AD imports failed following a large change to AD.
Platform Bug Fixes
The following issues are fixed
- OKTA-86900 – Setting Use a custom login page for this application when creating a new SAML app failed to cause the Embed Link to redirect to the Login page URL.
- OKTA-87045 – In authorization flows, Okta failed to post an error message back to the client when a client_id or redirect_uri was invalid.
App Integrations Fixed
The following SWA apps were not working correctly and are now fixed:
The following SAML apps were not working correctly and are now fixed: