Okta Production – Release 2016.49 Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Okta Production – Release 2016.49
Published: Dec 13, 2016   -   Updated: Jun 22, 2018

Okta Production Release 2016.49 began deployment on December 12. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

User-added image

Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.02 was pushed the second week of 2016. The week numbers follow the ISO Week Date convention. 

Special Announcements

Apple iOS 10 Upgrade Impact on Okta Mobility Management Password Sync

Users who have upgraded to iOS 10 should note the following: If you’re using Okta Mobility Management (OMM) to configure Exchange ActiveSync (EAS) profiles, a known issue has been introduced that affects OMM’s ability to perform Password Sync for EAS profile updates on iOS devices. For details and workarounds, see Known Issue: iOS10 upgrade impacts Okta Mobility Management (OMM) Password Sync.

Okta Mobile Connect

The latest updates to Box (v 3.8.9) and Workday (v 2016.41.156.401708) mobile apps have allowed for compatibility with Okta Mobile Connect (OMC), an Okta flow that enables SSO for native mobile apps. As a result, Okta has re-enabled OMC, for Box and Workday only. Other apps previously using OMC will remain disabled until vendors fix the existing issues related to Apple iOS 10 compatibility. For details and a workaround for end users who do not upgrade to the latest versions, see Known Issue: Apple iOS update causes failure in Okta Mobile Connect.

What's New

Unless otherwise noted, these features are available for all organizations with release 2016.49.

  • You can permanently delete a deactivated user with the Delete button that appears in the directory screen for that user, as shown below. You cannot undo this deletion. After deletion you can reuse the username and other identifiers; however, log entries are retained. For more information, see Deactivating and Deleting People. This is an Early Access (EA) feature; contact Okta Support to enable it.

    User-added image

  • We have added two new MFA options for Okta end-users:

    • Windows Edge users can seamlessly authenticate through Windows Hello.

    • Okta has also added U2F security key (FIDO 1.0) support, allowing for the use of third-party security keys on Chrome and Firefox.

      For more information, see Multifactor Authentication under Factor Types. These are EA features; contact Okta Support to enable them.

  • You can now perform more granular imports from Active Directory (AD) using Okta's new User and Group filters. Create LDAP syntax queries to selectively import users matching the criteria that you specify. For more information, see Configuring Import and Provisioning Settings.

    User-added image

    This is an EA feature; contact Okta Support to enable it.

  • The improvements we implemented to help admins create Mobile Policies and Rules on a per-platform basis are now enabled for orgs enrolled in the Okta Free Trial and orgs using the Office 365 Bundle.

    User-added image

  • Okta's Instance-level Delegated Authentication (Del Auth) feature is now GA. This feature moves Del Auth enablement from the org-level to the instance-level. While preserving current Del Auth functionality, instance-level Del Auth is optimized for use in environments with multiple AD instances. It allows admins to delegate authentication on a per AD-instance level to support more granular authentication scenarios. For more information, see Delegated Authentication.

    User-added image

  • App Names are now logged to our new System Log (EA) for the following specific events:

    • Profile push event (user already found in app).

    • Import event (user already found in Okta but could not reactivate).

  • Okta has added a simple passcode option when adding a device policy for Okta Mobility Management (OMM). When admins allow simple passcodes on iOS and OS X devices, end-users can use repeated or increasing/decreasing characters, such as 123 or CBA, when creating passcodes. For more information, see Security Policies under Mobile Policies.

            User-added image

Toolkit Updates

The Okta Confluence Toolkit version 2.0.3 is confirmed to support Confluence on-prem version 6.0.1. For more information, see the Current Confluence Jar Version History.

Okta strongly recommends that customers download and upgrade the latest SAML toolkit and the necessary Jira or Confluence authenticators. You can access all of these tools from the Okta Downloads page (from the Dashboard select Settings > Downloads).

Correction: The 2016.49 Preview release notes published on December 7 initially referenced the wrong version of the Confluence Toolkit. The correct version appears above (v2.0.3). 

Browser Update

We have modified the phased GA rollout of the Internet Explorer (IE) browser plugin that we began on November 14, 2016 by promoting plugin version 5.9.2 as the latest GA rollout candidate. Version 5.9.2 fixes an issue that prevented the IE plugin from working with our EMEA production environment and also provides performance and security enhancements. Okta strongly recommends that you install the plugin if prompted to do so. If you have any questions or concerns following the upgrade, contact Okta Support. For plugin version history, see Browser Plugin Version History.

Platform Release Notes

Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.

Incremental Features Summary

The following table summarizes features that are enabled incrementally. Links in the Feature column point to additional documentation for that feature, if available. After the feature is fully released, it is no longer tracked in this table. For release history of all features, see Features by Release.

New Orgs
New Orgs
Existing Orgs
Existing Orgs
Instance-level Delegated Authentication (GA)2016.492015.49      –      2015.50

Application Updates

We've enhanced the following application integrations:

  • Our Universal Directory-enabled provisioning integrations for RingCentral Production and RingCentral User Acceptance Testing (UAT) environments are now GA (Preview orgs only). The RingCentral applications support attribute-level mastering, which allows RingCentral to act as a master for user's direct and extension numbers while other attributes are mastered by a different source, such as Active Directory.

    User-added image

  • Workplace by Facebook
    • We have enhanced the Workplace by Facebook provisioning integration to include support for the Location attribute. You can now add the Location field to the AppUser profile through Schema Discovery and map it accordingly.

    • Workplace by Facebook has updated their API to exclude support for the suppressEmail attribute and the Send Email Claim checkbox under the provisioning tab is now a legacy feature. See the Workplace by Facebook provisioning guide for more details.

We've implemented SWA for the following Okta Verified applications:

  • Air Tickets Australia (OKTA-100104)

  • CMS Enterprise Portal (OKTA-108593)

  • Confluence (Atlassian) (OKTA-103819)

  • IBM MaaS360 (OKTA-108133)

  • National Life Group (OKTA-108969)

  • One Medical Member Login (OKTA-108331)

  • Sun Life Connect (OKTA-105920)

We've implemented SAML for the following Okta Verified applications:

  • Moat Pro (OKTA-105642)

  • Price f(x) (OKTA-97790)

  • Simppler (OKTA-108422)

  • Verecho (OKTA-108062)

  • VersionOne (OKTA-107922)

  • Yapmo (OKTA-107089)

  • My Comscore (OKTA-108580)

We've added the following Mobile application for use with Okta Mobility Management (OMM) (Android and iOS):

  • Lexus Financial Services (OKTA-77198)


We've added the following Mobile applications for use with Okta Mobility Management (OMM) (iOS only):

  • AppDynamics (OKTA-84397)

  • BambooHR (OKTA-70844)

  • Coupa (OKTA-69472)

  • Meraki Dashboard (OKTA-69589)

  • Paylocity Web Pay (OKTA-69474)

  • PlanSource Benefits (OKTA-83882)

  • SharpSpring (OKTA-77089)

  • ShipStation (OKTA-81594)

  • Skrill (OKTA-82917)

  • Trip Advisor (OKTA-87458)

  • UKForex (OKTA-82041)

  • Wells Fargo (Commercial Electronic
    Office) (OKTA-69473)

  • XPO Logistics Last Mile (OKTA-77090)

We've changed Signature/Digest algorithms from SHA1 to SHA256 for the following SAML app:

  • Namely (OKTA-108092)

  • RingCentral SAML (OKTA-107643)

  • Artifactory (OKTA-109124)

  • Aspera Faspex V3 (OKTA-109122)

  • BenefitFocus (OKTA-108491)

  • Benetrac (OKTA-107947)

  • CityLighting Order Guide (OKTA-108485)

  • Dynamic Signal (OKTA-108751)

  • eLogic Learning (OKTA-108492)

  • Lynda.com (OKTA-107635)

  • Quandora (OKTA-108342)

  • Saleshood SAML (OKTA-108708)

  • SurveyMonkey (OKTA-107940)

  • Taleo Enterprise Edition (OKTA-107944)

  • WebDAM (OKTA-109121)

  • Workforce Software (OKTA-108482)

  • YourCause (OKTA-108732)

Bug Fixes

Bug numbers ending with an H are hotfixes. Hotfixes are typically deployed after the initial release.

Product Bug Fixes

The following issues are fixed:

  • OKTA-74911 – In some cases, a push through the Radius agent resulted in the agent name appearing as unknown.
  • OKTA-96065 – Clicking the Configure password policy link on the Authentication page for AD incorrectly triggered a new tab to open.
  • OKTA-101823 – The Manager attribute was not mapped between AD and Okta.
  • OKTA-102757 – An incorrect email message was sent to end users who were re-activated after deactivation.
  • OKTA-103077 – Office 365 end users were unable to access the Next button when attempting to setup Okta Verify on iOS.
  • OKTA-103443 – Fields did not auto-populate when building advanced searches in our new System Log (EA).
  • OKTA-103710 – CSV imports for the Rally app failed.
  • OKTA-105587 – When no factors were enrolled for a user, admins could not exit the Reset Multifactor Authentication dialog.
  • OKTA-105884 – Initial incomplete group imports caused subsequent group membership imports to fail in some circumstances.
  • OKTA-106643 – After a Password Sync failed, it was not retried as expected.
  • OKTA-107572 – The events Plugin downloaded and Status information from script execution were missing from the System Log.
  • OKTA-107885 – Self-service Voice Password Reset did not work for LDAP-mastered users.
  • OKTA-107892 - The OMM policy options for OS X did not clearly indicate the implications and behavior when the maximum number of password attempts were exceeded by end users.
  • OKTA-108185 – Attempting to create user accounts failed in some Preview orgs.
  • OKTA-108786 – The maximum length of Okta custom email template was less than described in Okta documentation.

The following SWA apps were not working correctly and are now fixed:

  • Autotask (OKTA-109020)

  • Availity (OKTA-107338)

  • Bing Webmaster (OKTA-108966)

  • Halogen (OKTA-104862)

  • Lead2Lease (OKTA-107355)

  • Microsoft Outlook (OKTA-108652)

  • Mimecast Personal Portal v3 (OKTA-107463)

  • Ravti (OKTA-108191)

  • S&P Capital IQ (OKTA-108651)

  • Site5 (OKTA-108818)

  • TigerText (OKTA-108964)

The following SAML app was not working correctly and is now fixed:

  • ListenTool (OKTA-104710)


The following OMM apps were not working correctly and are now fixed:

  • ServiceNow - Eureka and later releases (OKTA-107989)

  • ServiceNow(OKTA-107989)