Starting in October 2025, the "Cache CRL for" configuration setting for the Smart Card IdP will be completely removed from the admin user interface. This feature, as previously mentioned in the product documentation, is now deprecated because Okta has implemented a new, more robust, and automatic CRL caching mechanism.
- Multifactor authentication - Smart Card IdP
- Okta Classic Engine
- Okta Identity Engine
Audience
This information is intended for all customers who are currently using the Smart Card IdP and have configured a non-default value for the "Cache CRL for" setting. The default value for this setting was 6 hours before the planned deprecation.
Details
The "Cache CRL for" setting on the Configure Smart Card IdP page, which allowed administrators to specify how long Okta should cache a CRL, will be fully deprecated and removed from the user interface starting October 2025. Okta replaced the old CRL caching logic with a new, more resilient, and automatic mechanism. This new system automatically honors the CRL's expiration date, checks for updates to the previously downloaded CRLs every 10 minutes, and, if needed, downloads the updated CRL to ensure the cached serial numbers and next update date are current. This eliminates the need for manual configuration and provides a more reliable process for keeping CRLs up to date.
Organization administrators do not need to take any additional steps to opt into the new caching mechanism or make any changes to the existing configuration of their Smart Card IdPs.
Related References
