The OIE upgrade is “Eligible with warning” due to the potential impact on user experience.
Potential Experience Impact
Level of Effort for Upgrade to Parity: High - CIAM (customer experience) has a low tolerance for any impact to the User Experience changes that are associated with the improvements of OIE. Hence, we want to be sure they investigate a bit further to understand the limited impacts during the upgrade.
The following guides help highlight the feature changes:
- General Upgrade Guidance: Upgrade to Okta Identity Engine
- Developer Focused Guidance: Identity Engine upgrade overview
- Upgrade Sign-In Widget: Upgrade the Okta Sign-In Widget
Verify
-
Account Activation Flow [Email Templates]
-
[Admin/API/Directory Initiated]
-
fromURI in email template
-
Payload activationToken into Custom AuthN API
-
-
[Custom SDK/Management API]
-
Custom/External Email?
-
fromURI in email template
-
Payload recoveryToken into Custom AuthN API
-
-
-
Email Template modifications Activation & Recovery
-
Used to divert to the Custom Embedded application
-
-
Custom Password Recovery Flow
PRE-Upgrade
-
No changes are REQUIRED prior to upgrade to Okta Identity Engine
-
The /authn API will continue to work in a "classic mode" in Identity Engine to make the upgrade transition easier
Post-Upgrade Parity (Classic Mode)
-
Discovery Dependent: Email Templates
Post-Upgrade Enhanced Experience (OIE Functionality)
-
Option 1: Shift from Classic SDK/API to Federation Model (Okta hosted)
- Advancements in Identity Engine extensibility may deprecate the need for a customer-hosted sign-in experience.
- Option 2: Shift from Classic SDK/API to Embedded SDK
- Option 3: Shift from Classic SDK/API to Direct Authentication API
A good starting point for building an understanding of Redirection vs. Embedded Authentication models is Okta deployment models - redirect vs. embedded.
