Okta Production – Release 2017.11 Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Okta Production – Release 2017.11
Published: Mar 22, 2017   -   Updated: Jun 22, 2018

Okta Production Release 2017.11 began deployment on March 21. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

User-added image

Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2017.03 was pushed the third week of 2017. The week numbers follow the ISO Week Date convention. 

Special Announcements

The Okta Release Notes have a new look!

We are moving to a new, interactive release notes format. Our new design and functionality allows for clear navigation through all the elements you care about in Okta: Production and PreviewEarly Access features, Special announcements, and Mobile releases. You can see a list of all the features in a release quickly and find all available Early Access features. Try them out at https://help.okta.com/en/prod/Content/Topics/ReleaseNotes/okta-rel-notes.htm.

Advance Notice: API Rate Limit Improvements

We are making org­-wide rate limits more granular, and treating authenticated end ­user interactions separately. More granular rate limits will further lessen the likelihood of calls to one URI impacting another. Treating authenticated end­ user interactions separately will lessen the chances of one user’s impacting another. We’re also providing a transition period so you can see what these changes will look like in your Okta system log before enforcing them:

  1. Starting in early April, 2017, we will provide system log alerts to let you know if you exceeded any of these new API rate limits.

  2. Starting in early April, 2017, we will treat authenticated end ­user interactions on a per­-user basis. Interactions like SSO after login won’t apply to your org­-wide API rate limits.

  3. Early in May, 2017, we will enforce the new, more granular rate limits. At that point, the warnings in the System Log will change to error notifications.

Of course, as each change is released, we’ll announce the change in the Platform Release Notes on http://developer.okta.com.

For a full description of the rate limit changes, see API Rate Limit Improvements.  

Browser plugin phased rollout

On February 20, 2017, Okta began a phased Generally Available (GA) release of Okta browser plugin version 5.11.x for all supported browsers. We've postponed our plan to complete the rollout on March 7, 2017. The new target is April 1, 2017. This version provides security enhancements. Okta strongly recommends that you install the plugin when prompted to do so. If you have any questions or concerns following the upgrade, contact Okta Support. For version history, see Browser Plugin Version History.

New Okta Sign-In Experience to be enabled for all remaining Production orgs

We've postponed our plan to automatically enable the New Okta Sign-In Experience by February 15, 2017 for the remaining Production orgs that have not enabled it yet. Our new target is April 1, 2017. In the meantime, we recommend that you enable the feature at your convenience to let your users become familiar with it. If you have any questions, please contact Okta Support.

What's New

Unless otherwise noted, these features are available for all organizations with release 2017.11.

  • We now configure Gmail with a generated Exchange ActiveSync Device Identifier (EAS ID) when you deploy the Gmail native app to your Android for Work-enabled devices. This is consistent with our support for the native mail app on iOS devices. EAS IDs are provided in a CSV file available at Devices > Overview. You can use EAS Device IDs in your environment to control which Exchange ActiveSync-enabled devices are allowed to connect to your Exchange Servers.

    User-added image

  • The System Log now records the result of applying the Okta sign-on policy to determine whether to use multi-factor authentication for a user trying to log in. This log entry includes the user's zone:

    User-added image

Platform Release Notes

Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.

Agent Update

The Okta Java LDAP Agent version 5.3.9 is now available to Early Access (EA) users. This release improves the ability to import large number of users by streaming LDAP objects during import. For the version history, see Java LDAP Agent Version History.

Application Updates

We've enhanced the following applications:

  • We have enhanced the Amazon Web Services (AWS) configuration screen to reduce sensitive information displayed.

  • We have enhanced user group synchronization for Microsoft Office 365 instances that are configured with Universal Sync to ensure that newly provisioned AD-mastered O365 users are synchronized as members of AD-mastered Groups in O365 correctly. This is an EA feature; contact Okta Support to enable it.

We've implemented SWA for the following Okta Verified applications:

  • CBRE-EA (OKTA-115150)

  • A Cloud Guru (OKTA-117538)

  • Adstream (OKTA-115203)

  • Alerus Financial Retirement
    Account Access (OKTA-116702)

  • Atlassian Cloud (OKTA-118934)

  • BirdDogHR (OKTA-115842)

  • Cook County Illinois (OKTA-109891)

  • Ensighten (OKTA-117875)

  • J. P. Morgan Markets (OKTA-115883)

  • Merchant e-Solutions (OKTA-116199)

  • Western Union Point of Sale

We've implemented SAML for the following Okta Verified applications:

  • Bambu by Sprout Social (OKTA-116521)

  • ContractSafe (OKTA-116632)

  • Euromonitor Passport (OKTA-117579)

  • FotoWeb (OKTA-99225)

  • HireVue (OKTA-112967)

  • LiGO (OKTA-115115)

  • Merlin Guides (OKTA-115970)

  • Nmbrs (OKTA-117137)

  • Onshape (OKTA-115971)

  • Platform9 (OKTA-97788)

  • Schwab Compliance
    Technologies (OKTA-108582)

  • Secret Server (OKTA-115972)

  • Splunk Cloud (OKTA-114946)

  • Testable (OKTA-115562)

We've added the following Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS):

  • Certify (OKTA-115303)

  • Greenhouse (OKTA-115836)

  • Hightower (OKTA-87082)

  • Procore (OKTA-115699)

  • Pulse Connect Secure
    VPN (OKTA-115309)

  • VLC (OKTA-117613)

Bug Fixes

Bug numbers ending with an H are hotfixes. Hotfixes are typically deployed after the initial release.

Product Bug Fixes

The following issues are fixed:

  • OKTA-107707 – AD-mastered users received an incorrect description of the password complexity requirement when changing or resetting passwords if the Group Password Policy feature was not enabled.
  • OKTA-112348 – Concur users could not update employee IDs because of a change in the Concur API.
  • OKTA-113061 – ADP users received an error after disabling a group in their Active Directory.
  • OKTA-114022 – The Sign Out button located on the App MFA screen failed to sign out users.
  • OKTA-114203 – Deleted and deactivated App Wizard or org-created applications were still assignable to admins.
  • OKTA-115824 – The generated list of Zscaler IP Addresses was stale.
  • OKTA-117237 – Some users could not sign into Skype for Business when the Office 365 sign-on policy denies ActiveSync traffic. 
  • OKTA-117305 – A link emailed to some AD-mastered users to unlock their accounts resulted in a 403 error.
  • OKTA-118196 – Enabling or disabling Exchange ActiveSync settings for Office O365 failed for some orgs.
  • OKTA-118544 – Removed Mobile Admin rights were incorrectly restored to some users.
  • OKTA-118733H – The label on a button located in the Okta footer was difficult to read because its font was too dark.

App Integrations Fixes

The following SWA apps were not working correctly and are now fixed:

  • AdvancedMD (OKTA-117176)

  • Amazon Associates CA Affiliate

  • Amazon CA (OKTA-116925)

  • Amazon Web Services (OKTA-115117)

  • Amplitude (OKTA-117441)

  • AP Stylebook (OKTA-117712)

  • Atlas Solutions (OKTA-117476)

  • AvayaLive (OKTA-115557)

  • Bing Ads (OKTA-116205)

  • BioCentury (OKTA-117566)

  • Codeship (OKTA-117369)

  • Confluence (Atlassian) (OKTA-116216)

  • D2L (OKTA-117567)

  • Dash (OKTA-116424)

  • Dataloader.io (OKTA-115819)

  • DealerSocket AAX (OKTA-117127)

  • Dell EMC (OKTA-117569)

  • Docker Hub (OKTA-115331)

  • Essendex (OKTA-114906)

  • Exclusive Resorts (OKTA-117126)

  • Geckoboard (OKTA-116259)

  • Give Something Back (OKTA-117129)

  • Hellofax (OKTA-118422)

  • HelloSign (OKTA-115502)

  • Inspired eLearning (OKTA-116992)

  • JoyentCloud (OKTA-117565)

  • Kaiser (OKTA-116425)

  • Kampyle (OKTA-116427)

  • LawRoom (OKTA-117420)

  • Lifesize Cloud (OKTA-115541)

  • MarkMonitor (OKTA-117125)

  • MathWorks (OKTA-115559)

  • MetLife MyBenefits (OKTA-116356)

  • Nature.com (OKTA-116426)

  • OpenVPN Connect (OKTA-117714)

  • Operative.One (OKTA-117179)

  • Oracle Human Capital Management

  • Oracle Partner Store (OKTA-117713)

  • Oracle Support (OKTA-116428)

  • Rackspace Cloud Control Panel

  • RackSpace Webmail (OKTA-116598)

  • RingCentral (OKTA-115817)

  • RingCentral (UK) (OKTA-117124)

  • RingCentral SWA (OKTA-115555)

  • SendGrid (OKTA-116385)

  • Skype (OKTA-115290)

  • Smartsheet (OKTA-116462)

  • SnapAV (OKTA-117128)

  • SpyFu (OKTA-117143)

  • Team Gantt (OKTA-117007)

  • Tech Data (OKTA-115664)

  • Teladoc (OKTA-117572)

  • Twilio (OKTA-117571)

  • Uline (OKTA-118130)

  • ZocDoc (OKTA-116699)

The following OMM apps were not working correctly and are now fixed:

  • Office 365 (OKTA-111356)