|Feature Enhancement||Expected in Preview Orgs||Expected in Production Orgs|
|OpenID Connect||Generally Available now||Generally Available beginning 8/7/2017|
|Key Rollover||Generally Available now||Generally Available beginning 8/7/2017|
|Email for Two-Factor Authentication||Early Access by 8/3/2017||Early Access beginning 8/7/2017|
|SHA-256 Signed Certificates for New SAML 2.0 Apps||Generally Available by 8/3/2017||Generally Available beginning 9/11/2017|
A new version of the Sign-In Widget is available now for all orgs.
OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol, which allows computing clients to verify the identity of an end user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end user in an interoperable and REST-like manner. In technical terms, OpenID Connect specifies a RESTful HTTP API, using JSON as a data format.
All new SAML 2.0 apps are bootstrapped with SHA-256 signed public certificates. Existing SAML 2.0 apps are unchanged.
You can enroll a user with an email factor. See Enroll Okta Email Factor for details.