New Platform Feature: Limit on Size of Groups Claim
To protect against arbitrarily large numbers of groups matching the group filter, the group claim has a limit of 100.
If more than 100 groups match the filter, then the request fails.
For more information about configuring an app for OpenID Connect, including group claims, see Using OpenID Connect.
For more information about group claims in the API, see Scope-dependent claims.
The following issues are fixed:
OKTA-89624 – Base schema attributes for OpenID Connect without default mappings weren't included in ID token claims.
OKTA-89867 – Creating a new user and adding that user to a group with the same create request via the API failed, which was a problem for group-scoped User Admins creating users.
OKTA-90593 – The Group property lastMembershipUpdated wasn't updated when adding or removing users from an Active Directory group using scheduled import.
OKTA-90898 – Updating credentials failed when using the Apps API for custom apps.
OKTA-91066 – System log messages related to OpenID Connect didn't contain scopes.
Added on June 29:
OKTA-90514 – When adding a group target to a User Administrator role via the API, that user still had the ability to administer all groups. Also, removing the last group target from a role after one has been added was incorrectly allowed.