Okta Preview Sandbox (oktapreview.com) features from 2016.42 and 2016.43 have been combined and pushed to Production (okta.com) 2016.43. This deployment began on November 1. For the latest information on our release schedule, see Current Release Status.
Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.
Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.02 was pushed the second week of 2016. The week numbers follow the ISO Week Date convention.
Deprecation Announcement for iOS 8
Okta will end support for iOS 8 on November 13, 2016. When support for this version ends, existing end users will not be affected. Users attempting new installs on iOS 8 will see a notice stating that their OS version is no longer supported. After November 13th, Okta will chiefly support iOS versions 9.x and 10.x. For details on this version and our mobile support policy, see Okta Mobile and Okta Verify Supported Versions.
We're Auto-Enabling the New Okta Sign-In Experience
The New Okta Sign-In Experience currently is available to all orgs which have chosen to enable it in Settings > Appearance > Sign-In Configuration. If you have not done so already, we recommend that you enable the feature now to let your users become familiar with it. Beginning November 15, 2016 Okta will enable the feature automatically for all new and existing Preview orgs that have not enabled it already.
The New Okta Sign-In Experience has been Generally Available (GA) for the past two quarters and is currently in use by hundreds of Okta customers. For more information about this feature, see New Okta Sign-In Experience.
Unless otherwise noted, these features are available for all organizations with release 2016.43.
- Do you customize the SMS text messages sent to your end users for MFA verification? Now you can localize into any of the 18 supported languages! For details, see Email and SMS Options.
It's now easier for mobile admins to specify if and when Android devices are wiped after end users exceed the maximum number of failed passcode attempts. (For Android for Work devices, only the Work profile is wiped.)
This is part of the improved Early Access (EA) Mobile Policies feature. To enable it, contact Okta Support. For details, see Configuring Android Platform Rules – EA.
Newly-added profile masters are now automatically placed at the bottom of the Profile Masters list instead of the top, as before. This avoids the unnecessary profile updates that occurred when a newly-added profile master had first priority.
Client Access Policies for Microsoft Office 365 is now Generally Available (GA). This feature adds configuration options to policy rules that allow you to control access to Office 365 by specifying the client types to which the policy applies (Desktop, Mobile, or Web).
For more information, see Getting Started with Office 365 Client Access Policies.
Like org-level policies, app-level sign-on policies now allow you to specify a lifetime factor interval of six months.
We've improved the help text in the Email Notifications panel to make it clearer that admin email settings are applied only to the admin account in which they are specified. For more information, see Account Settings.
To improve how Okta handles pushing countryCode attributes from Okta mastered profiles to Active Directory, we now default to a 0 (zero) value if the attribute is empty. This avoids interruptions to user provisioning that occur when the attribute is empty.
- We have increased the number of IP addresses that you can add within the Network IP zones feature from 75 to 150.
We have Improved the performance of the EA New System Log.
Okta's updated WiFi configuration allows you to create multiple WiFi profiles and assign them to OMM-enrolled mobile devices so that users are no longer limited to just one WiFi profile per device. It also adds support for the WPA/WPA2 Enterprise protocol. For details, see WiFi Profiles.
This is an Early Access (EA) feature. To enable it, contact Okta Support. When enabled, WiFi settings move from Security > Policies to Devices > WiFi.
Our Android for Work (AfW) integration with Okta Mobility Management (OMM) is now Generally Available (GA). The integration combines AfW's advanced security features with Okta’s provisioning and enterprise mobility management capabilities. For more feature details, see About Android for Work. For configuration information, see Setting Up Android for Work.
We have increased the maximum graphic file size to 10MB in iOS .ipa files. For more about private apps, see Private App Store.
Note: This item was originally documented in the 2016.41 Preview release notes.
Support for the Hungarian and Romanian languages for the end user experience is now available to all customers in Beta format. You can select the default language preference for your entire org, and your end users can select a different language preference for their own experience. The end user's preference overrides the language set for the org. For more information, see Setting Language Preferences.
The OpenID Connect ID Token panel is moved to the Sign On tab, as shown below. This affects customers using the EA OIDC feature.
The Tasks, Delve, and Video options are now available in the General tab for the Office 365 app. Also, the Sites option has been renamed SharePoint Online.
The New Okta Sign In page now resizes automatically to display correctly on small browser windows.
The gray Okta app name no longer appears in search results on end-user dashboards.
On November 14, 2016, Okta will begin a phased General Availability release of browser plugin version 5.9.0 for Internet Explorer (IE). This release provides performance and security enhancements. Okta strongly recommends that you install the plugin if prompted to do so. If you have any questions or concerns following the upgrade, contact Okta Support. For version history, see Browser Plugin Version History.
Platform Release Notes
Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.
Incremental Features Summary
There are no incremental features to announce this week.
We have enhanced the following SWA applications:
- The EventBoard app has been renamed and is now known as Teem.
- The AlertLogic app's login URL has changed from http://invision.alertlogic.net to http://console.clouddefender.alertlogic.com.
- We've added support for an EU instance of the BambooHR app.
The Facebook@Work app is now named Workplace@Facebook.
We've implemented SWA for the following Okta Verified application:
- Zang OnEsna (OKTA-103588)
We've implemented SAML for the following Okta Verified applications:
We've implemented SAML for the following Community Created applications:
We've added the following Mobile application for use with Okta Mobility Management (OMM):
Bug numbers ending with an H are hotfixes. Hotfixes are typically deployed after the initial release.
Product Bug Fixes
The following issues are fixed:
- OKTA-71615 – Assigning a minimum password age that exceeded Okta limits displayed an error message that showed inconsistent units of time.
- OKTA-95176 – When blocked by the password policy settings, users received incorrect error messages when attempting an anonymous self-service password reset.
- OKTA-98501 – The Okta browser plugin did not offer to generate a random password on the change password page in the SuccessFactors app.
- OKTA-98940 – During automatic reauthentication specified in an app Sign-On Policy rule, the initial query parameters were not preserved.
- OKTA-99022 – The warning message that the browser plugin displays when users attempt to log in to an unknown org was unreadable for some languages.
- OKTA-99643 – The Okta browser plugin for Internet Explorer (IE) version 5.7.0 did not automatically enter credentials in the sign-in page of non-OAN apps.
- OKTA-100228 – Changes to SAML Issuer IDs were not shown in the SAML setup instructions.
- OKTA-100632 – Enrolling in Duo MFA when using a U2F token failed for end users in orgs with the New Okta Sign In Experience enabled.
- OKTA-101446 – Some large imports caused a timeout error.
- OKTA-101856 – Some text on the end user Settings page had slight localization errors in the Czech and Italian languages.
- OKTA-102850 – A push password error failed to display for OPP apps in the new System Log.
- OKTA-103322 – Event field names in the expanded rows of the System Log displayed with inconsistent case.
- OKTA-103392 – An error message appeared in the IE Console after users clicked the Okta plugin Save Password banner. Functionality was unaffected.
- OKTA-104250 – The import safeguard message did not display correctly.
- OKTA-104520 – During automatic reauthentication specified in an app Sign-On Policy rule, the initial query parameters were not preserved. This is now fixed for all orgs.
- OKTA-104737 – Importing new users failed in some orgs configured with Android for Work.
App Integrations Fixes
The following SWA apps were not working correctly and are now fixed:
- 8x8 Account Manager (OKTA-104783)
- 99designs (OKTA-103800)
- AAAS (OKTA-104183)
- Anthem (OKTA-103643)
- Chase Bank - Personal (OKTA-102110)
- Citibank (OKTA-104981)
- eTrade (OKTA-104742)
- eWallet ADP (OKTA-102957)
- HRMDirect (OKTA-104762)
- HubSpot (OKTA-101298)
- Paylocity Web Pay (OKTA-95554)
- SHRM Online (OKTA-104392)
- Tech Data (OKTA-101459)
- ViaWest Client Center (OKTA-103412)
- Wells Fargo – Personal (OKTA-102635)
- Zerto Support (OKTA-104387)
The following Mobile apps were not working correctly and are now fixed: