2018.36

New Device Notification Emails are Generally Available (GA)

When enabled, end users will receive a new device notification email when signing in to Okta from a new or unrecognized device. This feature is now generally available to all orgs. For more information about email notifications, refer to the New or Unknown Device Notification Emails section on this page.

Email Rate Limiting

Okta is introducing new rate limits for emails that are sent to users. This will help with service protection.

New sendEmail Parameter for User Deletion and Deactivation

User deletion and deactivation requests now have an optional sendEmail parameter. For more information see the documentation for those endpoints:

• DELETE /api/v1/apps/${applicationId}/users/${userId}
• DELETE /api/v1/users/${userId}
• POST /api/v1/users/${userId}/lifecycle/deactivate

Support for JWTs Signed with Private Keys

Requests to the /token and /authorize endpoints will now accept JWTs signed with a private key. For more information see the OIDC documentation for the token endpoint and the authorize endpoint.

System Log Event for Rate Limit Override Expiration

A System Log event will be generated exactly two days before a temporary API rate limit override is set to expire. The limit's expiration is set by customer support based on a window agreed upon when the override was requested. Once a limit has expired, it will no longer take effect and the customer will be subject to the default limit for that API endpoint.

Required Properties in App User Schema

API calls to modify an app user schema can no longer change the nullability (required field) of a property if that property is shown as required in the default predefined schema for that app.

Previously Released Early Access Features 2018.36 Update

The following features have already been released as Early Access. To enable them, contact Support.