Okta Preview Sandbox (oktapreview.com) features from 2016.51 and 2016.52 have been combined and pushed to Production (okta.com) 2016.52. This deployment began on January 9. For the latest information on our release schedule, see Current Release Status.
Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.
Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.02 was pushed the second week of 2016. The week numbers follow the ISO Week Date convention.
Two Plugin Features to be Enabled for All Orgs in December
Until now, not all Okta end users have seen the following Okta plugin features. These features will be enabled for all orgs starting this month:
- Automatic App Login – This feature enables the Okta browser plugin to recognize the login fields of apps that users navigate to directly, without going through the Okta Dashboard. Users can log in to more apps automatically, without needing to enter credentials.
- Save Password Banner – This feature displays a banner that offers to save passwords for most of the standard online apps that they visit. For more about this feature, see Adding an App from the Browser Plugin.
Changes to Okta Support for Android Mobile Operating System
Okta Mobile and Okta Verify currently support Android versions 4.0.4 and earlier, but our support for these versions ends on January 16, 2017. After that date, Okta will only support version 4.4.x and higher. Android for Work (AfW) is supported on Android 5.1.1 and higher. For more information, see Okta Support for Mobile Operating System Versions.
Chromium Mandatory Certificate Transparency Policy Impact on Android Devices
Certificate Authorities (CAs) Symantec and GeoTrust have yet to implement the Chromium Certificate Transparency policy. This means that Android devices running on some versions of Chrome 53 and 54 might refuse to accept certificates from these CAs. For more information, see Known Issue: Impact of Chromium Mandatory Certificate Transparency policy on Android devices.
Apple iOS 10 Upgrade Impact on Okta Mobility Management Password Sync
Users who have upgraded to iOS 10 should note the following: If you’re using Okta Mobility Management (OMM) to configure Exchange ActiveSync (EAS) profiles, a known issue has been introduced that affects OMM’s ability to perform Password Sync for EAS profile updates on iOS devices. For details and workarounds, see Known Issue: iOS10 upgrade impacts Okta Mobility Management (OMM) Password Sync.
We have enhanced the functionality of the User Admin role (Early Access) as follows:
User Admins can now use Manage People functionality on the Groups page.
User Admins can now remove people from groups that they manage.
User Admins can no longer view the Directory Integrations page.
This is an EA feature; to enable it contact Okta Support. For more information, see The User Admin Role (Early Access).
We are pleased to announce the General Availability (GA) of our enhanced System Log. This enhancement replaces the Okta System Log, located at Security > System Log in your Okta admin dashboard. We are rolling this feature out to all customers gradually over the next few weeks and plan to finish in March 2017. If you would like to receive this functionality sooner, contact Okta Support.
To improve usability, we have changed the name of SCIM UserAgent from OKTA SCIM Integration to Okta SCIM Client <version>. The current agent is named Okta SCIM Client 1.0.0.
Platform Release Notes
Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.
We've enhanced the following application integrations:
We've implemented SWA for the following Okta Verified applications:
We've implemented SAML for the following Okta Verified applications:
We've implemented SAML for the following Community Created applications:
We've changed Signature/Digest algorithms from SHA1 to SHA256 for the following SAML apps:
Bug numbers ending with an H are hotfixes. Hotfixes are typically deployed after the initial release.
Product Bug Fixes
The following issues are fixed:
- OKTA-68970 – The Call Me button displayed incorrectly on the Duo Authentication screen.
- OKTA-69342 – Updating user profiles from Workday → Okta → Active Directory (AD) failed in Workday-mastered orgs in which the AD attribute pwdLastSet was mapped to Okta using Attribute Level Mastering. This was part of a broader problem (now fixed) where the Attribute Level Mastering feature failed if one of the attributes in the user's profile was mastered in AD.
- OKTA-100446 – Accessing the Sign On tab of an inactive Radius-enabled app failed.
- OKTA-104235 – The On Prem Provisioning Agent did not process special characters correctly.
- OKTA-106667 – The new System Log (EA) did not display API rate limiting errors.
- OKTA-106671 – The uploaded Encryption Certificate for a SAML app was incorrectly shown as Expired.
- OKTA-107190 – Mapping the attribute ms-Exch-Mailbox-Guid to Okta caused imports of new users from Active Directory (AD) to fail.
- OKTA-107251 – The MSRtcSipPrimaryUserAddress attribute type incorrectly changed when the provisioning type changed.
- OKTA-108094 – Reactivation of deleted users in Dropbox failed.
- OKTA-108100 – The documentation describing several iframe functions for customizing end-user Home pages contained some errors.
- OKTA-108562 – After editing scopes in the General Settings tab for a single-page app (SPA; OIDC) and saving changes, navigating to another area of Okta deselected all scopes.
- OKTA-108635 – Requests for WS-Fed sign on for a SWA configured Office 365 app instance did not display appropriate error messages.
- OKTA-108926 – When the fromURI parameter contained /oauth2/ and a security question had not been set up, redirects failed.
- OKTA-109130 – Okta Mobile for iOS users were unable to install the SalesForce app from the Okta App Store.
- OKTA-109771 – Read-only user attributes could be changed when Inherit from AD was selected.
- OKTA-109874 – SCIM connector configurations could not be updated for app instances that used the authentication type http Header.
- OKTA-110453 – The latest update to the mobile policy feature incorrectly allowed admins to edit Default policy rules.
- OKTA-110792 – Orgs configured to use the red-bright theme in Settings > Appearance were reverted to the default theme.
App Integrations Fixes
The following SWA apps were not working correctly and are now fixed:
The following SAML apps were not working correctly and are now fixed: