Okta Preview Sandbox (oktapreview.com) features from 2016.34 and 2016.35 have been combined and pushed to Production (okta.com) 2016.35. This deployment began on September 6. For the latest information on our release schedule, see Current Release Status.
Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.
Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.02 was pushed the second week of 2016. The week numbers follow the ISO Week Date convention.
Important Notice for AD Integrations Using Federated Profiles
If your Okta Active Directory (AD) integration uses Federated Profiles, you should update to the latest GA version of the Okta AD agent. Beginning April 21, 2016, Okta automatically migrated all orgs that use the Federated Profiles option to the Okta enhanced AD integration, which requires agent version 3.0.8 or higher. If your Okta AD agent is earlier than version 3.0.8, following the migration your organization may experience inconsistent behavior, including loss of groups and group memberships.
To identify orgs running Federated Profiles, see Determining Your AD Integration Type.
For download and installation instructions, see Installing and Configuring the Active Directory Agent.
Note: If you run multiple Okta AD agents, upgrade all agents on your domain servers to the same version. Running different versions of the AD agent can cause all of them to function at the level of your oldest agent.
Unless otherwise noted, these features are available for all organizations with release 2016.35.
An Admin link is now available in the Your Apps dialog when an admin is logged in to Okta. The link allows admins to jump immediately to the Admin Dashboard. This is an Early Access (EA) feature; to obtain it, contact Okta Support. For more information, see About the Browser Plugin.
We have removed the option Exclude AD username update from the Create Users section of the Active Directory Settings page. You can still configure this functionality by changing how these attributes are mapped in the Profile Editor. For details, see About Universal Directory.
Note: This change does not apply to existing orgs that have the Exclude AD username update option enabled.
Realtime Sync from Workday now supports auto activation of new users. See Configuring Provisioning for Workday for more information.
We are pleased to announce the Early Access (EA) release of Client Access Policies for Microsoft Office 365. We have added configuration options to our policy rules that enable you to control access to Office 365 by specifying the types of client (Desktop, Mobile, or Web) that the policy applies to.
For more information see Getting Started with Office 365 Client Access Policies.
This is an EA feature; contact Okta Support to enable it.
We have improved the default mapping behavior for OpenID Connect apps. To help you keep users in sync when mapping Okta User Profiles to Web App User Profiles, the option Apply mapping on user create and update is now the default setting.
Okta Mobile now supports enrollment of Android Nougat (7.0) devices into Android for Work (AfW).
- We now support importing the IA5String string type from the AD Schema.
Browser Plugin Updates
We have updated the Okta plugin for the Firefox, Internet Explorer (IE), and Safari browsers to version 5.8.0 for EA users. This release provides the following:
Firefox, IE, and Safari
Support for the Admin link (EA) in the Your Apps dialog (described in What's New above).
- Fixed an issue in which browsers running Okta IE plugin version 5.6.3 became non-responsive when accessing SharePoint 2013.
- Implemented several security enhancements.
To obtain EA plugin version 5.8.0, contact Okta Support. For plugin version history, see Browser Plugin Version History.
- The Okta Active Directory (AD) agent version 3.4.3 is now Generally Available (GA). This release provides the following:
- All the fixes and enhancements provided by EA versions 3.4.1 and 3.4.2.
- Support for writing binary data to an AD object's attribute.
For details, see Active Directory Agent Version History.
- The Okta IWA Web App version 1.9.2 is now GA. This release provides all the fixes and enhancements contained in EA versions 1.9.0, 1.9.1, and 1.9.2.
For details, see IWA Web App Version History.
Platform Release Notes
Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.
Incremental Features Summary
There are no incremental features to announce this week.
We've implemented SWA for the following Okta Verified applications:
Employers Mutual EMlearning
Employers Mutual EMSafe
Fair Work (OKTA-99012)
File Stack (OKTA-99017)
We've implemented SAML for the following Okta Verified applications:
IMS Health (OKTA-93710)
We've added the following Mobile applications for use with Okta Mobility Management (OMM):
We've changed Signature/Digest algorithms from SHA1 to SHA256 for the following SAML apps:
Bug numbers ending with an H are hotfixes. Hotfixes are typically deployed after the initial release.
Product Bug Fixes
The following issues are fixed:
- OKTA-69183 – Admins were able to enter non-standard URLs in the Configure SAML tab for recipient and destination URLs.
- OKTA-76374 – Okta custom security questions allowed answers that were part of the question.
- OKTA-83497 – Yammer email invitations for external networks were not sent if provisioned by Okta.
- OKTA-92338 – New sign in flows failed to display password requirements to end users.
- OKAT-92460 – Under certain circumstances, ServiceNow provisioning failed.
- OKTA-92536 – Org Admins and User Admins were unable to access user profiles.
- OKTA-93743 – When failed AD provisioning tasks were automatically retried, the initially selected Organizational Unit (OU) was unselected.
- OKTA-94207 – The Replicon app did not import the correct username into Okta.
- OKTA-94910 – When an enrolled MFA option was disabled, logging into Okta sent end users to a Too many redirects error page.
- OKTA-95714 – The search function failed when assigning an AIW app to the Application Administrator role.
- OKTA-96281 – User Profile properties could be removed via the Profile Editor even if they were referenced as a matchAttribute in SAML IdPs.
- OKTA-96335 – Identity Providers configured to look up IdP usernames by Okta username or email failed to return a valid match if the username was in both the username and email and a second user existed with the same email but different username.
- OKTA-96392 – API credentials validation failed during provisioning for the Confluence On-Prem app.
- OKTA-96535 – Under certain conditions, some Okta end users were unable to successfully complete their DUO enrollment.
- OKTA-96984 – When an end-user enrolled a second device in OMM, Okta re-pushed VPN and EAS profiles to all devices that were already enrolled.
- OKTA-97185 – The application and people count was inconsistent when assigning application(s) to people.
- OKTA-97692 – End users could not delete their mobile phone number in Settings > Forgot Password Text Message.
- OKTA-97734 – Mobile admins could not specify zero (0) maximum failed log-in attempts in iOS Passcode Requirements.
- OKTA-97801 – The Reset Password error message for previously used passwords was unclear.
- OKTA-98290 – Adding a private mobile app–configured to allow installation from the company app store–to an existing app created with the App Integration Wizard, resulted in the chiclet disappearing from the end user’s Home page.
- OKTA-98650 – Internal custom apps that were successfully installed on end user devices could not be managed.
- OKTA-98456 – Running ProvisioningUserJob ahead of its scheduled time failed.
- OKTA-98631 – Some customers with policies containing groups experienced unexpected behavior in certain user flows such as the login flow.
- OKTA-98701 – Filtering on Event Type, Message, or Outcome failed in the new System Log (EA).
- OKTA-98847 – Renewing an APNS certificate caused iOS push notifications to fail.
- OKTA-98946 – iOS device users signing-in to their Okta org with the Safari browser could not edit auto-populated usernames if the New Okta Sign In Experience was enabled.
- OKTA-99070 – Sign-in failed when trying to access some custom SAML apps created with the Okta SAML 2.0 template.
- OKTA-99450 – End users with uBlock installed were unable to load the Okta Homepage.
- OKTA-99470 – The Okta Apple Push Notification Service used an old certificate version when a newer one was available.
- OKTA-99959H – Attempts to get an OAuth authorization code resulted in intermittent 400 errors.
- OKTA-100672H – Attempting to update users' SMS factor through the Okta Factors API failed under certain circumstances.
App Integrations Fixes
The following SWA apps were not working correctly and are now fixed:
The following SAML apps were not working correctly and are now fixed:
The following Mobile app was not working correctly and is now fixed: