Okta Production – Release 2016.20 Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka0f0000000mcejka0&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fokta-production-release-2016-20
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Average Rating:
Okta Production – Release 2016.20
Published: May 24, 2016   -   Updated: May 24, 2016
Okta Production Release 2016.20 began deployment on May 23. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

User-added image

Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.02 was pushed the second week of 2016. The week numbers follow the ISO Week Date convention. 

Important Notice for AD Integrations Using Federated Profiles

If your Okta Active Directory (AD) integration uses Federated Profiles, you should update to the latest GA version of the Okta AD agent. Beginning April 21, 2016, Okta automatically migrated all orgs that use the Federated Profiles option to the Okta enhanced AD integration, which requires agent version 3.0.8 or higher. If your Okta AD agent is earlier than version 3.0.8, following the migration your organization may experience inconsistent behavior, including loss of groups and group memberships.

To identify orgs running Federated Profiles, see Determining Your AD Integration Type.

For download and installation instructions, see Installing and Configuring the Active Directory Agent.

Note: If you run multiple Okta AD agents, upgrade all agents on your domain servers to the same version. Running different versions of the AD agent can cause all of them to function at the level of your oldest agent.

New Product Features​

Unless otherwise noted, these features are available for all preview organizations with this release.
  • We are pleased to announce our new, improved System Log.  

    User-added image

    Improvements include:

    • Time Zone: You can now select the time zone for the system log display.
    • Improved Search functionality: We've improved basic search functionality and added a robust advanced search option. 
    • Event Details: You can drill down to view more information about events.

    For more information, see System Log.

    Availability: The new system log is an Early Access (EA) feature; contact Okta support to enable it.

  • We've improved the password reset and unlock flows for end users unable to use SMS, either due to their group's policy settings or because their mobile phone number is not configured. Now, when these users click the Reset or Send SMS button and do not receive an SMS, they can click a link to reset or unlock their password via email.

    User-added image

  • LDAP Imports is now Generally Available (GA). This feature allows admins to do the following:
    • Import users and groups manually or automatically
    • Configure import matching rules
    • Set auto-activation/confirmation
    • Master from LDAP
    • Specify user and group object filters
    • Optionally suppress activation emails

    For best results, we strongly recommend that you install and configure the latest version of the Okta Java LDAP agent (Settings > Downloads). For more information about Okta LDAP Imports, see Introducing LDAP Imports.

    Availability: This feature is available to existing preview organizations and new preview and production organizations in release 2016.20.

  • When connecting your app with OpenID Connect, you can use a Proof Key for Code Exchange (PKCE) instead of a client secret for client authentication. For more information, see Using OpenID Connect.

    Availability: This feature is available in release 2016.20 for all organizations.

  • Reporting is enhanced to add OpenID Connect events to the app utilization report, the app access report, and the suspicious activity report. For general information on all reports, see Using the Okta Reports Page.

    Availability: This feature is available in release 2016.20 for all organizations.

New Platform Features

Note: You can find platform documentation and other developer resources at http://developer.okta.com.

Sign-In Widget Version 1.3.2

Customize your users' login experience with Okta's Sign in Widget SDK version 1.3.2, with support for social authentication and OIDC. Authenticate users on any web site, implement MFA, self-service password reset, and other capabilities. This version includes the Account successfully unlocked! page.

Version 1.3.2 is Generally Available (GA). For more information, see Okta Sign-In Widget.

PKCE Support

Using PKCE client authentication in OpenID Connect apps is supported by the code_challenge parameter. For detailed information, see OAuth 2.0 Endpoints.

Incremental Features Summary

The following table summarizes features that are enabled incrementally. Links in this table go to the release notes in which the feature was initially announced. After the feature is fully released, it is no longer tracked in this table. For release history of all features, see Features by Release.

FeaturePreview
New Orgs
Production
New Orgs
Preview
Existing Orgs
Production
Existing Orgs
LDAP Imports2016.202016.202016.20
New Okta Sign-in Experience2016.192016.19
Workday Import Performance Improvement 2016.182016.182016.18 (5/9)2016.20-2016.22

Browser Plugin Updates

The Okta plugin version 5.6.0. for Firefox, Internet Explorer, and Safari browsers is now GA. This version provides internal improvements.

We have updated the plugin for the FirefoxInternet Explorer, and Safari browsers to version 5.6.3 for EA users. This version supports the HttpOnly flag, a security measure that provides additional protection against theft of session cookies.

Availability: This is an EA plugin; contact Okta support to enable it.

For plugin version history, see Browser Plugin Version History.

Application Updates

Integrations

We've implemented SWA for the following Okta Verified applications:

  • Report-Uri (OKTA-88266)

  • Fonts.com (OKTA-88360)

  • Currency Exchange International (OKTA-88932)

  • Pipeline Deals (OKTA-89365)

  • Acusport (OKTA-89702)

Bug Fixes

Bug numbers ending with an H are hotfixes. Hotfixes are generally deployed after the initial release.

Product Bug Fixes

The following issues are fixed:

  • OKTA-63233 – The Okta Verify Setup instructions for the Android app referred to the wrong download site.
  • OKTA-75269 – Accessing the iTunes Connect app from the Okta Home page failed for some users.
  • OKTA-79857 – Validation of the username transform in Okta Expression Language (EL) expressions needed improvement.
  • OKTA-80386 – Installation of the Okta plugin for Internet Explorer (IE) failed for some Windows 10 users.
  • OKTA-81355 – Imports from the Zendesk app did not complete.
  • OKTA-84944 – For IE users in orgs with the new Okta sign-in experience enabled, the placeholder text in the sign-in page username or password field disappeared unexpectedly under certain circumstances. 
  • OKTA-85231 – A limited number of orgs were deprovisioned due to a variable CA certificate name. The name is now based on the Org ID.
  • OKTA-85990 – The Zscaler app group limit was limited to eight.
  • OKTA-86971 – Provisioning to Box failed after reactivating users that are members of push groups.
  • OKTA-87917 – Some changes made to existing app instances triggered long running times, which prevented changes from being saved.
  • OKTA-88195 – After updating mappings for the Microsoft O365 app, some attributes lost their mappings.
  • OKTA-89371 – When updating attributes in the Org2Org app, some attributes were overwritten.
  • OKTA-90119H – The unencrypted device flag displayed in the device list for Okta Mobile iOS users even though the OS device management was enabled.
  • OKTA-90363H – When creating a user via the Okta API, the API failed to apply the correct policy settings in orgs where group password policy was not enabled.

Platform Bug Fixes

The following issues are fixed:
  • OKTA-79857 – Validation of the usernameTemplate field in Okta EL expressions needed improvement.
  • OKTA-86425 – If a request includes the HTTP accept-encoding header with value set to gzip, not all API responses were compressed. Note: This issue was not in 2016.20 Preview.
  • OKTA-88273 – Incorrect policy settings appeared when adding a user through the Okta API in orgs with the Group Password Policy feature enabled.

App Integrations Fixed

The following SWA apps were not working correctly and are now fixed:

  • Sysomos (OKTA-88972)

  • Axonix (OKTA-88998)

  • ST Math (OKTA-89255)

  • Domain Tools (OKTA-89257)

  • Pusher (OKTA-89463)

Post a Comment