On This Page
To protect against arbitrarily large numbers of groups matching the group filter, the group claim has a limit of 100. If more than 100 groups match the filter, then the request fails.
- For more information about configuring an app for OpenID Connect, including group claims, see Using OpenID Connect.
- For more information about group claims in the API, see Scope-dependent claims.
The following issues are fixed:
- OKTA-89624 - Base schema attributes for OpenID Connect without default mappings weren't included in ID token claims.
- OKTA-89867 - Creating a new user and adding that user to a group with the same create request via the API failed, which was a problem for group-scoped User Admins creating users.
- OKTA-90593 - The Group property lastMembershipUpdated wasn't updated when adding or removing users from an Active Directory group using scheduled import.
- OKTA-90898 - Updating credentials failed when using the Apps API for custom apps.
- OKTA-91066 - System log messages related to OpenID Connect didn't contain scopes.
Added on June 29:
- OKTA-90514 - When adding a group target to a User Administrator role via the API, that user still had the ability to administer all groups. Also, removing the last group target from a role after one has been added was incorrectly allowed.