Okta Production – Release 2017.13 Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Okta Production – Release 2017.13
Published: Apr 4, 2017   -   Updated: Jun 22, 2018

Okta Production Release 2017.13 began deployment on April 3. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

User-added image

Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2017.03 was pushed the third week of 2017. The week numbers follow the ISO Week Date convention. 

Special Announcements

The Okta Release Notes are moving!

Release 2017.13 is the last version of the release notes that we'll published in this form and location. Beginning with release 2017.15, you can find the release notes at http://help.okta.com.

Our new design and functionality allows for clear navigation through all the elements you care about in Okta: Production and PreviewEarly Access features, Special announcements, and Mobile releases. You can see a list of all the features in a release quickly and find all available Early Access features. Try them out at https://help.okta.com/en/prev/Content/Topics/ReleaseNotes/okta-rel-notes.htm.

Advance Notice: API Rate Limit Improvements

We are making org­-wide rate limits more granular, and treating authenticated end ­user interactions separately. More granular rate limits will further lessen the likelihood of calls to one URI impacting another. Treating authenticated end­ user interactions separately will lessen the chances of one user’s impacting another. We’re also providing a transition period so you can see what these changes will look like in your Okta system log before enforcing them:

  1. Starting in early April, 2017, we will provide system log alerts to let you know if you exceeded any of these new API rate limits.

  2. Starting in early April, 2017, we will treat authenticated end ­user interactions on a per­-user basis. Interactions like SSO after login won’t apply to your org­-wide API rate limits.

  3. Early in May, 2017, we will enforce the new, more granular rate limits. At that point, the warnings in the System Log will change to error notifications.

Of course, as each change is released, we’ll announce the change in the Platform Release Notes on http://developer.okta.com.

For a full description of the rate limit changes, see API Rate Limit Improvements.  

What's New

Unless otherwise noted, these features are available for all organizations with release 2017.13.

  • You can configure a custom domain so that email Okta sends to your end users appears to come from an address that you specify instead of the default Okta sender noreply@okta.com. This allows you to present a more branded experience to your end users. For details, see Configure a Custom Email Domain. This is an Early Access feature; contact Okta Support to enable it.

    User-added image

  • You can now customize expired password flows to redirect end users to a website that you specify instead of the default Okta expired password form. This enhancement aligns with Okta's other password redirect options to provide a fully customized password management experience outside of Okta. For details, see Expired Password. This is an EA feature; contact Okta Support to enable it.

    User-added image

  • We have enhanced our EA version of the ServiceNow app to support Password Sync. For more information about this app, see the ServiceNow (EA) Provisioning Guide.

  • We have enhanced our System Log to now log the actual raw user agent string in the RawUserAgent string field.

Platform Release Notes

Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.

Agent Updates

  • We have updated the On­-Premises Provisioning (OPP) agent to version 1.0.13. This allows the OPP agent to use the TLS v1.2 protocol, and deprecates TLSv1.0. We recommend updating your OPP agent as soon as possible, as TLSv1.0 is no longer considered secure.

  • We have released Okta IWA Agent version 1.10.3 for EA users. This version restores support for Windows Server 2008 (removed temporarily in version 1.10.2).

    To obtain this EA version, contact Okta Support. For version history, see SSO IWA Web App Version History.

Application Updates

We've implemented SWA for the following Okta Verified applications:

  • IBM Connections (OKTA-119786)

  • LoansPQ (OKTA-119828)

  • TrueAbility (OKTA-119073)

We've implemented SAML for the following Okta Verified applications:

  • Blueboard (OKTA-117705)

  • BoardEffect (OKTA-120303)

  • Oracle Hyperion EPM Cloud
    Services (OKTA-116517)

We've added the following Mobile application for use with Okta Mobility Management (OMM) (Android and iOS):

  • Reflektive (OKTA-118779)


We've added the following Mobile applications for use with Okta Mobility Management (OMM) (iOS only):

  • GreatVines Beverage Sales
    Execution (OKTA-119035)

  • Invision (OKTA-120152)

Bug Fixes

Bug numbers ending with an H are hotfixes. Hotfixes are typically deployed after the initial release.

Product Bug Fixes

The following issues are fixed:

  • OKTA-79821 – The Save Password button failed to save the password for some users.
  • OKTA-86540 – IP Zones were listed by ID instead of by name or order last added
  • OKTA-111018 – Users with the Okta New Sign-In Page enabled received a 400 Bad Request when attempting to sign into Veeva Vault app.
  • OKTA-111656 – The Okta plugin failed to sign in some users.
  • OKTA-112935 – When some admins attempted to create an AD-mastered user, an Okta-mastered user was sometimes created instead.
  • OKTA-113253 – When admins used a Reset Password template, their end users were redirected to a 403 error page. 
  • OKTA-114197 – After deleting a user with an enrolled device, the Device Overview page failed to load.
  • OKTA-114853 – Some users' refresh token failed to refresh. 
  • OKTA-115282 – Setting up the Security Key (U2F) key factor from the user account page resulted in an error message.
  • OKTA-117968 – Some users received an error when importing users from their Okta Production org.

Note: OKTA-113496H – If you encountered a timeout error while attempting to create a large number of user accounts via the API, contact Okta Support for a possible remedy.

Integrations Fixes

The following SWA apps were not working correctly and are now fixed:

  • CrazyEgg (OKTA-119975)

  • Egnyte (OKTA-120373)

  • ESPN (OKTA-120482)

  • Google AdSense (OKTA-120154)

  • MetLife MyBenefits (OKTA-120301)

  • Microsoft OneDrive

  • SyncBASE (OKTA-120149)

  • Union Bank (OKTA-119767)

  • Verizon Wireless Business

The following SAML app was not working correctly and is now fixed:

  • Saba (OKTA-112840)


The following OMM app was not working correctly and is now fixed:

  • Bill.com (OKTA-119939)