Root Cause Analysis:Problem Description & Impact:
September 26, 2017
Okta took corrective actions to address the issue and the service returned to normal in all affected Cells when the issue was resolved at 11:34am PDT.
However, Skype for Business and Oracle Right Now embedded browsers behaved in a non-standard way. The issue occurred when the embedded browsers going through the new sign-in flow threw a runtime exception rather than returning false as expected. This caused the embedded browser to pop up a window with "Script Error" that the users saw during Single Sign-On.
Mitigating Steps & Corrective Actions:
Following the release of 2017.38 to production, the new sign-in flow led to unexpected end user impact. Okta Engineering raised a post on Trust at 6:17AM and a work around was provided to Support for customers whom were willing to revert to the previous deprecated Okta sign-in experience. A full fix was rolled out across the impacted cells between 10:09AM and 11:40AM PDT and the workaround was reverted.
To prevent future recurrence, engineering has added processes to perform additional validation steps around the sign-in flow which affects embedded browsers. Additionally, Okta will be mentioning all sign-in flow related changes in the release notes.