On this page

December

Weekly Release 2019.12.1

Change Expected in Preview Orgs
Bug Fixed in 2019.12.1 December 18, 2019

Bug Fixed in 2019.12.1

Monthly Release 2019.12.0

Change Expected in Preview Orgs
Features API is Generally Available in Production December 11, 2019
Token inline hook is Generally Available in Production December 11, 2019
SAML inline hook is Generally Available in Production December 11, 2019
Scope Object Properties Default Values December 11, 2019
Okta-Hosted User Consent Dialog Change December 11, 2019
OAuth for Okta Enabled for Clear User Sessions Endpoint December 11, 2019
Bug Fixed in 2019.12.0 December 11, 2019

Features API is Generally Available in Production

The Features API allows operations to manage self-service Early Access features in Production and Preview orgs, as well as manage self-service Beta features in Preview orgs and view Beta features in Production orgs.

Token inline hook is Generally Available in Production

The Token inline hook enables you to integrate your own custom functionality into the process of minting OAuth 2.0 and OpenID Connect tokens.

SAML inline hook is Generally Available in Production

The SAML inline hook enables you to customize SAML assertions returned by Okta. You can add attributes or modify existing attributes in outbound SAML assertions.

Scope Object Properties Default Values

In Scope objects created using the Authorization Server API, the default values of the displayName and description properties were updated to be more informative.

In OAuth 2.0 or OpenID Connect authentication flows, Okta-hosted user consent dialogs were updated to display neutral colors for some UI elements.

OAuth for Okta Enabled for Clear User Sessions Endpoint

The Clear User Sessions endpoint now has OAuth for Okta enabled.

Bug Fixed in 2019.12.0

  • In the Authorization Server API, supplying a consent property was previously required when creating a Scope object in orgs that had the EA feature enabled. It is now required only when updating existing Scope objects. (OKTA-250368)

November

Weekly Release 2019.11.3

Change Expected in Preview Orgs
Bugs Fixed in 2019.11.3 December 4, 2019

Bugs Fixed in 2019.11.3

  • POST calls to the /api/v1/apps endpoint couldn't be used with OAuth for Okta. (OKTA-259867)

  • In some situations, ID tokens returned from Okta didn't contain the idp claim. (OKTA-253962)

Weekly Release 2019.11.2

Change Expected in Preview Orgs
Bug Fixed in 2019.11.2 November 20, 2019

Bug Fixed in 2019.11.2

Multifactor (MFA) Enrollment Policy objects returned by Okta included an unused property, enroll.profiles. (OKTA-260160)

Weekly Release 2019.11.1

Change Expected in Preview Orgs
Bug Fixed in 2019.11.1 November 13, 2019

Bug Fixed in 2019.11.1

An incorrect status was returned in some cases when an admin checked another user's session information using the Sessions API (opens new window). (OKTA-245793)

Monthly Release 2019.11.0

Change Expected in Preview Orgs
Web Authentication as a factor is Generally Available in Production November 6, 2019
Features API is Generally Available in Preview November 6, 2019
SAML inline hook is Generally Available in Preview November 6, 2019
Token inline hook is Generally Available in Preview November 6, 2019
OAuth for Okta is Early Access in Preview November 6, 2019
Concurrent requests to the same app now return exception November 6, 2019
Rate Limits for /oauth2 endpoints November 6, 2019
Bug Fixed in 2019.11.0 November 6, 2019

Web Authentication as a factor is Generally Available in Production

Admins can enable Web Authentication as a factor (WebAuthn) as defined by WebAuthn standards. WebAuthn supports both security key authentication such as YubiKey devices and platform authenticators such as Windows Hello.

Features API is Generally Available in Preview

The Features API provides operations to manage self-service Early Access features in your Production and Preview orgs and self-service Beta features in your Preview org.

SAML inline hook is Generally Available in Preview

The SAML inline hook enables you to customize SAML assertions returned by Okta. You can add attributes or modify existing attributes in outbound SAML assertions.

Token inline hook is Generally Available in Preview

The Token inline hook enables you to integrate your own custom functionality into the process of minting OAuth 2.0 and OpenID Connect tokens.

OAuth for Okta is Early Access in Preview

With OAuth for Okta, you are able to interact with Okta APIs using scoped OAuth 2.0 access tokens. Each access token enables the bearer to perform specific actions on specific Okta endpoints, with that ability controlled by which scopes the access token contains. For more details, see our OAuth for Okta guide.

Concurrent requests to the same app now return exception

Concurrent PUT requests sent to the same app instance now return an ApiException rather than a 500 HTTP server error.

Rate Limits for /oauth2 endpoints

Rate limiting (opens new window) has been modified for /oauth2 endpoints so that requests that use an invalid client ID don't consume rate limit. Additionally, a System Log warning has been introduced to provide notification of high rate limit consumption by requests that use a valid client ID.

Bug Fixed in 2019.11.0

When the token inline hook feature was enabled and the claim couldn't be evaluated, the OAuth 2.0 token endpoint returned a 403 HTTP status code rather than 400. (OKTA-258981)

October

Weekly Release 2019.10.2

Change Expected in Preview Orgs
User Types Error Message Change October 31, 2019
Bugs Fixed in 2019.10.2 October 31, 2019

User Types Error Message Change

Error messages returned by the User Types API have changed. Omitting display name or variable name when attempting to create a User Type, or specifying a variable name that is already in use, results in a more specific error message being returned.

Bugs Fixed in 2019.10.2

  • A SameSite=None attribute sent by Okta caused a bug in cross-site handling of cookies in Chrome on iOS 12.* or earlier. (OKTA-254174)
  • In the Features API, when using mode=force to enable a feature and its dependencies, email notifications were not sent to admins for Beta dependencies that were enabled. (OKTA-249644)
  • The length of EL expressions that you could specify for OAuth 2.0 claim values was previously limited to a shorter length but has now been increased to 1024 characters. (OKTA-237675)

Weekly Release 2019.10.1

Change Expected in Preview Orgs
Maximum characters increased for the UserAgent string October 16, 2019

Maximum characters increased for the UserAgent string

The maximum length of the client.userAgent.rawUserAgent property value was increased from 200 to 500 characters. See UserAgent Object (opens new window) in the /logs API reference content for more information on this property.

Monthly Release 2019.10.0

Change Expected in Preview Orgs
Event Hooks API is Generally Available October 9, 2019
User Types API in Early Access October 9, 2019
Tokens transform events no longer available October 9, 2019
Cookies updated to preserve cross-functionality October 9, 2019
App Condition available for Enroll Policy October 9, 2019
Bugs Fixed in 2019.10.0 October 9, 2019

Event Hooks API is Generally Available

The Event Hooks API is Generally Available (GA) in Production.

User Types API in Early Access

The User Types API is in Early Access (EA) in both Preview and Production.

Tokens transform events no longer available

Tokens transform System Log events will no longer fire for SAML and token inline hooks. They have been replaced by inline hook events.

Cookies updated to preserve cross-functionality

To preserve cross-site functionality, Okta now adds the SameSite=None attribute to all relevant cookies when the client browser is Firefox 69 or above. Previously this was enabled only for Chrome 76 and above.

App Condition available for Enroll Policy

App Condition is now available for the Enroll Policy.

Bugs Fixed in 2019.10.0

  • WebAuthn Factors could not be verified using the Factors API. (OKTA-228239)
  • During OAuth 2 and OIDC sign-in flows, the Okta Sign-In Widget incorrectly rendered pre-populated usernames, substituting + with a space. (OKTA-235187)

September

Weekly Release 2019.09.4

Change Expected in Preview Orgs
Scope Naming Restriction October 2, 2019

Scope Naming Restriction

OAuth Scopes are not allowed to start with the okta. prefix. See the Note under Scope properties for more information.

Weekly Release 2019.09.3

Change Expected in Preview Orgs
Bug Fixed in 2019.09.3 September 25, 2019

Bug Fixed in 2019.09.3

  • After a user successfully scanned the QR code and completed the MFA enrollment process, the factorResult parameter was missing from the response. (OKTA-244102)

Weekly Release 2019.09.2

Change Expected in Preview Orgs
Bugs Fixed in 2019.09.2 September 18, 2019

Bugs Fixed in 2019.09.2

  • When users signed in using IdP Discovery or a Default IdP, any outgoing Hooks related to that sign-in event contained an incorrect request URL value. (OKTA-243190)
  • GET requests to the /users/me endpoint would return hidden standard attributes. (OKTA-243864)

Monthly Release 2019.09.0

Change Expected in Preview Orgs
Features API is Early Access EA in Preview and Production September 4, 2019
Mappings API is now Generally Available (GA) in Production September 4, 2019
Error Object in SAML assertion inline hook September 4, 2019
Rate Limits for Authorization Server Public Metadata September 4, 2019
Bugs Fixed in 2019.09.0 September 4, 2019

Features API is Early Access (EA) in Preview and Production

The Features API provides operations to manage self-service features in your Production and Preview orgs and Beta features in your Preview org.

Mappings API is now Generally Available (GA) in Production

The Okta Mappings API provides operations to manage the mapping of properties between an Okta User's and an App User's Profile Properties using Expression Language. This feature is now GA in Production.

Error Object in SAML assertion inline hook

For the SAML assertion inline hook, if an external service returns an error object, Okta now denies the SAML request and redirects the end user to an error page that displays the text string sent in error.errorSummary.

Rate Limits for Authorization Server Public Metadata

The public metadata endpoints for Authorization Servers are now each assigned separate rate limits, which are not shared with other endpoints.

Bugs Fixed in 2019.09.0

  • Responses from the GET /groups/rules API included deleted groups in the assignUserToGroups.groupIds property. (OKTA-242994)

  • Calls to the /users/${userid}/lifecycle/deactivate endpoint could time out when deactivating a user with an extraordinarily high number of app assignments. (OKTA-228031)

August

Weekly Release 2019.08.3

Change Expected in Preview Orgs
Bugs Fixed in 2019.08.3 August 29, 2019

Bugs Fixed in 2019.08.3

  • The Update inline hook call wasn't replacing the whole object. (OKTA-229337)

  • IP addresses identified as malicious by Okta ThreatInsight were missing from Events API ("security.threat.detected") event messages. See the Event Types catalog for more information on this event message. (OKTA-242795)

Weekly Release 2019.08.2

Change Expected in Preview Orgs
Bug Fixed in 2019.08.2 August 21, 2019

Bug Fixed in 2019.08.2

Paginated responses from the List Users with Search API were limited to a total of 50,000 results, and following the next link after that limit yielded an error. (OKTA-220619)

Weekly Release 2019.08.1

Change Expected in Preview Orgs
Bug Fixed in 2019.08.1 August 14, 2019

Bug Fixed in 2019.08.1

Some users were not able to access the Group Rules API, despite having proper permissions. (OKTA-240021)

Monthly Release 2019.08.0

Change Expected in Preview Orgs
Added Support for TOTP Factor August 7, 2019
Cookies updated to preserve cross-site functionality August 7, 2019
Inline hooks is now GA in Preview August 7, 2019
LinkedIn API V2 is now supported August 7, 2019
Mappings API is now GA in Preview August 7, 2019
Missing type property now returns a 400 error code August 7, 2019
Bug Fixed in 2019.08.0 August 7, 2019

Added Support for TOTP Factor

Okta now supports a custom MFA factor based on the time-based one-time passcode (TOTP) algorithm. For more information, see Custom HOTP Factor.

Cookies updated to preserve cross-site functionality

To preserve cross-site functionality in light of upcoming updates to Chrome (opens new window), Okta has added the SameSite=None attribute to all relevant cookies.

Inline hooks is now GA in Preview

Inline hooks enable you to integrate your own custom functionality into Okta process flows. The framework to support them is now Generally Available (GA) in Preview.

LinkedIn API V2 is now supported

Okta now supports LinkedIn API V2. Creation of LinkedIn Identity Providers has been re-enabled in all Production orgs.

Mappings API is now GA in Preview

The Okta Mappings API provides operations to manage the mapping of properties between an Okta User's and an App User's Profile Properties using Expression Language. This feature is now GA in Preview.

Missing type property now returns a 400 error code

If you create an IP network zone (opens new window) without a type property for an IP field, PUT or POST requests made to the Zone API now return a 400 error code.

Bug Fixed in 2019.08.0

In the Update User API, when the secondEmail attribute in a user's profile was updated with an empty value (instead of null), the user was incorrectly prompted for secondEmail. (OKTA-240382)

July

Weekly Release 2019.07.2

Change Expected in Preview Orgs
Deleting App Groups July 31, 2019
Bug Fixed in 2019.07.2 July 31, 2019

Deleting App Groups

The DELETE /groups/${groupId} endpoint now supports deleting app groups, in addition to Okta groups. Note, however, that groups configured for group push cannot be deleted.

Bug Fixed in 2019.07.2

  • When API Access Management Consent was enabled, the factor lifetime configured in the App Sign On Rule was ignored and the "Do not challenge me on this device for XXX" prompt didn't appear to the end user when signing in to an OpenID application. (OKTA-2233290)

Monthly Release 2019.07.0

Change Expected in Preview Orgs
Email Factor is now GA in Production July 10, 2019
LinkedIn IdP creation re-enabled in Preview July 10, 2019
Email Customization disabled for free orgs July 10, 2019

Email Factor is now GA in Production

The Email Factor is now Generally Available (GA) in all Production orgs.

LinkedIn IdP creation re-enabled in Preview

Creation of LinkedIn Identity Providers has been re-enabled in all Preview orgs.

Email Customization disabled for free orgs

To curtail phishing, free editions of Okta are no longer able to create and send customized email templates. For feature information, see Email and SMS Options (opens new window).

June

Weekly Release 2019.06.4

Change Expected in Preview Orgs
Token expiration window increased to five years July 3, 2019
Bug Fixed in 2019.06.4 July 3, 2019

Token expiration window increased to five years

The refresh token expiration window has increased to a maximum of five years in custom authorization servers.

Bug Fixed in 2019.06.4

  • The SystemLog V1 event type security.password_spray.detected has been deprecated. For threat related information, see security.threat.detected events. (OKTA-233958)

Weekly Release 2019.06.3

Change Expected in Preview Orgs
Token Inline Hook Can Modify Sub-Objects and Array Elements June 26, 2019
Bugs Fixed in 2019.06.3 June 26, 2019

Token Inline Hook Can Modify Sub-Objects and Array Elements

The Token Inline Hook now lets you modify particular sub-objects or array elements within objects contained in claims, without needing to update the rest of the object.

Bugs Fixed in 2019.06.3

  • When a customer used a token inline hook and returned an error object to Okta, Okta failed to pass the error to the token requester. (OKTA-231397)

  • The issuer claim inside JWT tokens was erroneously changing to all lowercase causing JWT verification failure when the application was case-sensitive. (OKTA-235710)

  • When a customer called the POST /idps/credentials/keys endpoint and supplied an x5t#S256 parameter to specify the SHA-256 thumbprint of the certificate that they were adding, Okta failed to validate the thumbprint.

Monthly Release 2019.06.0

Change Expected in Preview Orgs
Email Factor is now GA in Preview June 5, 2019
Users can be removed from a Profile source June 5, 2019

Email Factor is now GA in Preview

The Email Factor is now Generally Available (GA) in all Preview orgs.

Users can be removed from a Profile source

Users can now be unassigned from Apps that serve as their Profile source.

May

Weekly Release 2019.05.3

Change Expected in Preview Orgs
Token Inline Hook Can Modify or Remove Existing Claims (Early Access) May 29, 2019
Bugs Fixed in 2019.05.3 May 29, 2019

Token Inline Hook Can Modify or Remove Existing Claims (Early Access)

The token inline hook now supports changing or removing existing claims in tokens minted by the Okta Custom Authorization Server.

Bugs Fixed in 2019.05.3

  • Responses from the GET /groups/rules API failed to include a link to the next page of results in cases where there was more than one page. (OKTA-221434)

  • Calls to the /authorize endpoint during the Authorization Code with PKCE flow would fail if an idp parameter was supplied with the call (in Preview orgs only). (OKTA-229808)

Weekly Release 2019.05.2

Change Expected in Preview Orgs
Bug Fixed in 2019.05.2 May 22, 2019

Bug Fixed in 2019.05.2

  • The response ID of the User Schema API wasn't consistent with the actual server details. When a request was sent to GET/URL/api/v1/meta/schemas/user/default from a preview org, the response ID always contained a production org URL. (OKTA-218937)

Weekly Release 2019.05.1

Change Expected in Preview Orgs
Bugs Fixed in 2019.05.1 May 15, 2019

Bugs Fixed in 2019.05.1

  • When trusted apps overrode the device token, device fingerprints were lost. This caused unexpected behavior for new sign-on notification emails and device-based behavior detection. (OKTA-226646)
  • When a Group admin (who manages more than 1 user group) used the API to fetch users with pagination, the request failed to create a link for the next page of users. (OKTA-222660)

Monthly Release 2019.05.0

Change Expected in Preview Orgs
The Registration Inline Hook is in Early Access (EA) May 8, 2019
Bugs Fixed in 2019.05.0 May 8, 2019

The Registration Inline Hook is in Early Access (EA)

The registration inline hook allows you to integrate your own custom logic into Okta's Self-Service Registration flow.

Bugs Fixed in 2019.05.0

  • Assigning an admin role directly to a user failed if that user was part of a group with the same admin role assignment. (OKTA-223035)
  • The List Users with Search API returned outdated user data. (OKTA-215187)

April

Weekly Release 2019.04.2

Change Expected in Preview Orgs
Hashed Password Imports with SHA-512 Algorithm May 1, 2019
Bugs Fixed in 2019.04.2 May 1, 2019

Hashed Password Imports with SHA-512 Algorithm

You can use the SHA-512 hash type when importing passwords.

Bugs Fixed in 2019.04.2

  • Concurrent requests to modify the same app instance would result in an HTTP 500 error. (OKTA-205283)
  • Responses from the /oauth2/${authServerId}/.well-known/oauth-authorization-server and /oauth2/${authServerId}/.well-known/openid-configuration endpoints for Custom Authorization Servers would append a query parameter (client_id) to the value returned for the jwks_uri property. Inclusion of the query parameter was misleading because you cannot use the query parameter when calling the JWKS URI. (OKTA-217289)

Weekly Release 2019.04.1

Change Expected in Preview Orgs
The Event Hooks Feature is Now Available in EA April 17, 2019
Bug Fixed in 2019.04.1 April 17, 2019

The Event Hooks Feature is Now Available in EA

Event hooks enable you to use events within your Okta org to trigger process flows within your own software systems.

Bug Fixed in 2019.04.1

The applicable rate limit wasn't updated when the URL for the factor verification endpoint was changed. For more details, see our Rate Limits page. (OKTA-219067)

Monthly Release 2019.04.0

Change Expected in Preview Orgs
IdP Extensible Matching Rules are now GA in Preview April 10, 2019
The SAML Inline Hook is in EA April 10, 2019
Rate Limits Updated April 10, 2019
The Sign-In Widget Version for the Custom Login Page has been Updated April 10, 2019
Bug Fixed in 2019.04.0 April 10, 2019

IdP Extensible Matching Rules are now GA in Preview

IdP extensible matching rules allow you to define a regular expression pattern to filter untrusted IdP usernames. For details, see our IdPs page.

The SAML Inline Hook is in EA

The SAML inline hook enables you to customize SAML assertions returned by Okta. For details, see our SAML inline hook page.

Rate Limits Updated

Okta's API rate limits have been updated:

  • OAuth 2 rate limits were updated and clarified for all orgs.
  • The limit for the api/v1/apps endpoint was updated for Enterprise orgs. For details, see our Rate Limits page.

The Sign-In Widget Version for the Custom Login Page has been Updated

Custom Sign-in Pages can now use Sign-In Widget version 2.18. When you select the "latest" option, you automatically use 2.18. For more information, see our Sign-In Widget page.

Bug Fixed in 2019.04.0

IdPs did not match the user with the USERNAME_OR_EMAIL property when IDP_EXTENSIBLE_MATCHING_RULES was enabled. For details, see our IdPs page. (OKTA-218007)

March

Weekly Release 2019.03.3

Change Expected in Preview Orgs
Bugs Fixed in 2019.03.3 March 26, 2019

Bugs Fixed in 2019.03.3

Weekly Release 2019.03.2

Change Expected in Preview Orgs
PKCE for Browser Clients, CORS Headers for OAuth 2 Token Endpoint March 20, 2019
Bugs Fixed in 2019.03.2 March 20, 2019

PKCE for Browser Clients, CORS Headers for OAuth 2 Token Endpoint

Okta now supports Proof Key for Code Exchange (PKCE) for browser clients and returns CORS headers on the OAuth 2.0 Token endpoints.

Bugs Fixed in 2019.03.2

  • Under some circumstances, users in a locked out state would receive success responses from the SMS recovery API. (OKTA-207288)
  • In some instances, users who were not Okta-sourced would have inaccurate passwordChanged values in API responses. (OKTA-210233)
  • SAML applications created through the API would not save the value for the HonorForceAuthn property. (OKTA-209083)
  • For SAML applications, the attributeStatements object would not update if a null value was passed as part of a PUT operation. (OKTA-209767)

Weekly Release 2019.03.1

Note: Okta has changed our release model and version numbering. For more information, see here: https://support.okta.com/help/s/article/New-Okta-Release-Model (opens new window)

Change Expected in Preview Orgs
Bug Fixed in 2019.03.1 March 13, 2019
Previously Released Early Access Features 2019.03.1 Update Available Now

Bug Fixed in 2019.03.1

  • The Hypertext Application Language links for the inlineHooks API response objects referred to an invalid URL. (OKTA-1211982)

Previously Released Early Access Features 2019.03.1 Update

The following features have already been released as Early Access. To enable them, contact Support (opens new window).

Early Access Features Available Now
Custom domains
Custom Okta-hosted Sign-In Page
Custom Error Page
User Consent for OAuth 2.0 and OpenID Connect Flows

Monthly Release 2019.03.0

Note: Okta has changed our release model and version numbering. For more information, see: https://support.okta.com/help/s/article/New-Okta-Release-Model (opens new window)

Change Expected in Preview Orgs
Password Import Supports SHA-1 and MD5 March 6, 2019
Enable Role Assignment to Every Member of a Group March 6, 2019
New Rate Limits for /users/me March 6, 2019
Generic OIDC IdP is now GA in Preview March 6, 2019
User Search is now GA in Production March 6, 2019
The Import Inline Hook is in EA March 6, 2019
Previously Released Early Access Features 2019.03.0 Update Available Now

Password Import Supports SHA-1 and MD5

The Create/Update User API now supports importing users with SHA-1 and MD5 credentials. For more information, see our Users page.

Enable Role Assignment to Every Member of a Group

Super and Org Admins can now assign and unassign roles to every user in a group using the APIs. For more information, see our Roles page.

New Rate Limits for /users/me

The rate limits for the /users/me endpoint have been updated. For more information, see our Rate Limits page.

Generic OIDC IdP is now GA in Preview

Generic OpenID Connect allows users to sign in to an Okta org using their credentials from their existing account at an OIDC Identity Provider. A generic OIDC IdP can be a third-party IdP that supports OIDC, such as Salesforce or Yahoo or your own custom IdP. You can also configure federation between Okta orgs using OIDC as a replacement for SAML. For more information, see Federate Okta with OpenID Connect.

User Search is now GA in Production

Extended search capabilities for the /users endpoint is now Generally Available. For more information, see our Users page.

The Import Inline Hook is in EA

The import inline hook enables you to add custom logic to the process of importing new users into Okta from an app.

Previously Released Early Access Features 2019.03.0 Update

The following features have already been released as Early Access. To enable them, contact Support (opens new window).

Early Access Features Available Now
Custom domains
Custom Okta-hosted Sign-In Page
Custom Error Page
User Consent for OAuth 2.0 and OpenID Connect Flows

February

Monthly Release 2019.02.0

Note: Okta has changed our release model and version numbering. For more information, see here: https://support.okta.com/help/s/article/New-Okta-Release-Model (opens new window)

Change Expected in Preview Orgs Rollout to Production Orgs Expected to Start
Imported Hashed User Passwords Generally Available February 6, 2019 March 11, 2019
Inline hooks February 6, 2019 February 19, 2019
Token inline hook February 6, 2019 February 19, 2019
Signature and Digest Algorithms for Template WS-FED Apps February 6, 2019 February 19, 2019
Google Integration Updated February 6, 2019 February 19, 2019
High Capacity Rate Limits February 6, 2019 February 19, 2019
Creation of LinkedIn IdPs Temporarily Disabled February 14, 2019 February 19, 2019
Bug Fixed in 2019.02.0 February 6, 2018 February 19, 2019
Previously Released Early Access Features 2019.02.0 Update Available Now Available Now

Imported Hashed User Passwords Generally Available

Use of imported hashed passwords when creating or updating users in the Users API is now Generally Available (GA).

Inline hooks

Inline hooks enable you to integrate your own custom functionality into Okta process flows. The framework to support them is now in Early Access (EA/).

Token inline hook

The token inline hook enables you to integrate your own custom functionality into the process of minting OAuth 2.0 and OpenID Connect tokens.

Signature and Digest Algorithms for Template WS-Fed Apps

Template WS-Fed applications can now choose between SHA1 and SHA256 options for their Signature and Digest Algorithms. In addition, all Template WS-Fed applications will have X.509 certs signed with SHA256.

Google Integration Updated

Okta's Google social login integration has been updated to account for the deprecation of the Google+ API. More information can be found in our Knowledge Base (opens new window).

High Capacity Rate Limits

A new High Capacity Rate Limit SKU is now available. The impacted endpoints and their rate limits can be found on our Rate Limits page.

Creation of LinkedIn IdPs Temporarily Disabled

We have disabled the creation of new LinkedIn identity providers until further notice due to the upcoming LinkedIn API V1 deprecation.

Bug Fixed in 2019.02.0

  • There was a typo in the error text returned when a property was set to a 4-byte UTF-8 character (such as an emoji) in a field that does not allow such characters.

Previously Released Early Access Features 2019.02.0 Update

The following features have already been released as Early Access. To enable them, contact Support (opens new window).

Early Access Features Available Now
Custom domains
Custom Okta-hosted Sign-In Page
Custom Error Page
User Consent for OAuth 2.0 and OpenID Connect Flows

January

Weekly Release 2019.01.2

Note: Okta has changed our release model and version numbering. For more information, see here: https://support.okta.com/help/s/article/New-Okta-Release-Model (opens new window)

Change Expected in Preview Orgs Rollout to Production Orgs Expected to Start
Bug Fixed in 2019.01.2 January 30, 2019 February 4, 2019
Previously Released Early Access Features 2019.01.2 Update Available Now Available Now

Bug Fixed in 2019.01.2

  • Admin roles that were granted, scoped, or revoked through the Roles API did not appear in the System Log.

  • Verifying an OTP using the Voice Call MFA factor failed when the user tried to verify with the OTP within 30 seconds after auto-activation of the Voice Call MFA factor.

Previously Released Early Access Features 2019.01.2 Update

The following features have already been released as Early Access. To enable them, contact Support (opens new window).

Early Access Features Available Now
Custom domains
Custom Okta-hosted Sign-In Page
Custom Error Page
User Consent for OAuth 2.0 and OpenID Connect Flows

Monthly Release 2019.01.0

Note: Okta has changed our release model and version numbering. Under the old system, this would have been release 2019.1. For more information, see here: https://support.okta.com/help/s/article/New-Okta-Release-Model (opens new window)

Change Expected in Preview Orgs Rollout to Production Orgs Expected to Start
Social Authentication Generally Available January 9, 2019 January 14, 2019
IdP Discovery Generally Available January 9, 2019 January 14, 2019
Relay State Format Now Configurable for SAML IdPs January 9, 2019 January 14, 2019
No Events API Access for New Orgs January 9, 2019 January 14, 2019
Updated Office 365 Legacy Rate Limit January 9, 2019 January 14, 2019
Bug Fixed in 2019.01.0 January 9, 2018 January 14, 2019
Previously Released Early Access Features 2019.01.0 Update Available Now Available Now

Social Authentication Generally Available

Social Authentication is now Generally Available (GA).

IdP Discovery Generally Available

IdP Discovery is now Generally Available (GA) as part of the Policy API.

Relay State Format Now Configurable for SAML IdPs

The Protocol Object now contains a Relay State object that allows an admin to configure the Relay State format on the SAML IdP.

No Events API Access for New Orgs

As part of the deprecation process, new orgs created from this release onwards will not have access to the Events API.

Updated Office 365 Legacy Rate Limit

The default legacy rate limit for the /app/office365/{key}/sso/wsfed/active endpoint has been lowered from 2000 to 1000.

Bug Fixed in 2019.01.0

  • Some orgs were unable to create the number of users that they were entitled to. (OKTA-203819)

Previously Released Early Access Features 2019.01.0 Update

The following features have already been released as Early Access. To enable them, contact Support (opens new window).

Early Access Features Available Now
Custom domains
Custom Okta-hosted Sign-In Page
Custom Error Page
User Consent for OAuth 2.0 and OpenID Connect Flows