On this page
December
Weekly Release 2019.12.1
Change | Expected in Preview Orgs |
---|---|
Bug Fixed in 2019.12.1 | December 18, 2019 |
Bug Fixed in 2019.12.1
- Okta Verify Push could be enabled using the Factors Administration API even when Okta Verify TOTP was inactive. (OKTA-262950)
Monthly Release 2019.12.0
Change | Expected in Preview Orgs |
---|---|
Features API is Generally Available in Production | December 11, 2019 |
Token inline hook is Generally Available in Production | December 11, 2019 |
SAML inline hook is Generally Available in Production | December 11, 2019 |
Scope Object Properties Default Values | December 11, 2019 |
Okta-Hosted User Consent Dialog Change | December 11, 2019 |
OAuth for Okta Enabled for Clear User Sessions Endpoint | December 11, 2019 |
Bug Fixed in 2019.12.0 | December 11, 2019 |
Features API is Generally Available in Production
The Features API allows operations to manage self-service Early Access features in Production and Preview orgs, as well as manage self-service Beta features in Preview orgs and view Beta features in Production orgs.
Token inline hook is Generally Available in Production
The Token inline hook enables you to integrate your own custom functionality into the process of minting OAuth 2.0 and OpenID Connect tokens.
SAML inline hook is Generally Available in Production
The SAML inline hook enables you to customize SAML assertions returned by Okta. You can add attributes or modify existing attributes in outbound SAML assertions.
Scope Object Properties Default Values
In Scope objects created using the Authorization Server API, the default values of the displayName
and description
properties were updated to be more informative.
Okta-Hosted User Consent Dialog Change
In OAuth 2.0 or OpenID Connect authentication flows, Okta-hosted user consent dialogs were updated to display neutral colors for some UI elements.
OAuth for Okta Enabled for Clear User Sessions Endpoint
The Clear User Sessions endpoint now has OAuth for Okta enabled.
Bug Fixed in 2019.12.0
- In the Authorization Server API, supplying a
consent
property was previously required when creating a Scope object in orgs that had the EA feature enabled. It is now required only when updating existing Scope objects. (OKTA-250368)
November
Weekly Release 2019.11.3
Change | Expected in Preview Orgs |
---|---|
Bugs Fixed in 2019.11.3 | December 4, 2019 |
Bugs Fixed in 2019.11.3
POST calls to the
/api/v1/apps
endpoint couldn't be used with OAuth for Okta. (OKTA-259867)In some situations, ID tokens returned from Okta didn't contain the
idp
claim. (OKTA-253962)
Weekly Release 2019.11.2
Change | Expected in Preview Orgs |
---|---|
Bug Fixed in 2019.11.2 | November 20, 2019 |
Bug Fixed in 2019.11.2
Multifactor (MFA) Enrollment Policy objects returned by Okta included an unused property, enroll.profiles
. (OKTA-260160)
Weekly Release 2019.11.1
Change | Expected in Preview Orgs |
---|---|
Bug Fixed in 2019.11.1 | November 13, 2019 |
Bug Fixed in 2019.11.1
An incorrect status was returned in some cases when an admin checked another user's session information using the Sessions API (opens new window). (OKTA-245793)
Monthly Release 2019.11.0
Change | Expected in Preview Orgs |
---|---|
Web Authentication as a factor is Generally Available in Production | November 6, 2019 |
Features API is Generally Available in Preview | November 6, 2019 |
SAML inline hook is Generally Available in Preview | November 6, 2019 |
Token inline hook is Generally Available in Preview | November 6, 2019 |
OAuth for Okta is Early Access in Preview | November 6, 2019 |
Concurrent requests to the same app now return exception | November 6, 2019 |
Rate Limits for /oauth2 endpoints | November 6, 2019 |
Bug Fixed in 2019.11.0 | November 6, 2019 |
Web Authentication as a factor is Generally Available in Production
Admins can enable Web Authentication as a factor (WebAuthn) as defined by WebAuthn standards. WebAuthn supports both security key authentication such as YubiKey devices and platform authenticators such as Windows Hello.
Features API is Generally Available in Preview
The Features API provides operations to manage self-service Early Access features in your Production and Preview orgs and self-service Beta features in your Preview org.
SAML inline hook is Generally Available in Preview
The SAML inline hook enables you to customize SAML assertions returned by Okta. You can add attributes or modify existing attributes in outbound SAML assertions.
Token inline hook is Generally Available in Preview
The Token inline hook enables you to integrate your own custom functionality into the process of minting OAuth 2.0 and OpenID Connect tokens.
OAuth for Okta is Early Access in Preview
With OAuth for Okta, you are able to interact with Okta APIs using scoped OAuth 2.0 access tokens. Each access token enables the bearer to perform specific actions on specific Okta endpoints, with that ability controlled by which scopes the access token contains. For more details, see our OAuth for Okta guide.
Concurrent requests to the same app now return exception
Concurrent PUT requests sent to the same app instance now return an ApiException
rather than a 500 HTTP server error.
Rate Limits for /oauth2 endpoints
Rate limiting (opens new window) has been modified for /oauth2
endpoints so that requests that use an invalid client ID don't consume rate limit. Additionally, a System Log warning has been introduced to provide notification of high rate limit consumption by requests that use a valid client ID.
Bug Fixed in 2019.11.0
When the token inline hook feature was enabled and the claim couldn't be evaluated, the OAuth 2.0 token endpoint returned a 403 HTTP status code rather than 400. (OKTA-258981)
October
Weekly Release 2019.10.2
Change | Expected in Preview Orgs |
---|---|
User Types Error Message Change | October 31, 2019 |
Bugs Fixed in 2019.10.2 | October 31, 2019 |
User Types Error Message Change
Error messages returned by the User Types API have changed. Omitting display name or variable name when attempting to create a User Type, or specifying a variable name that is already in use, results in a more specific error message being returned.
Bugs Fixed in 2019.10.2
- A
SameSite=None
attribute sent by Okta caused a bug in cross-site handling of cookies in Chrome on iOS 12.* or earlier. (OKTA-254174) - In the Features API, when using
mode=force
to enable a feature and its dependencies, email notifications were not sent to admins for Beta dependencies that were enabled. (OKTA-249644) - The length of EL expressions that you could specify for OAuth 2.0 claim values was previously limited to a shorter length but has now been increased to 1024 characters. (OKTA-237675)
Weekly Release 2019.10.1
Change | Expected in Preview Orgs |
---|---|
Maximum characters increased for the UserAgent string | October 16, 2019 |
Maximum characters increased for the UserAgent string
The maximum length of the client.userAgent.rawUserAgent
property value was increased from 200 to 500 characters. See UserAgent Object (opens new window) in the /logs
API reference content for more information on this property.
Monthly Release 2019.10.0
Change | Expected in Preview Orgs |
---|---|
Event Hooks API is Generally Available | October 9, 2019 |
User Types API in Early Access | October 9, 2019 |
Tokens transform events no longer available | October 9, 2019 |
Cookies updated to preserve cross-functionality | October 9, 2019 |
App Condition available for Enroll Policy | October 9, 2019 |
Bugs Fixed in 2019.10.0 | October 9, 2019 |
Event Hooks API is Generally Available
The Event Hooks API is Generally Available (GA) in Production.
User Types API in Early Access
The User Types API is in Early Access (EA) in both Preview and Production.
Tokens transform events no longer available
Tokens transform System Log events will no longer fire for SAML and token inline hooks. They have been replaced by inline hook events.
Cookies updated to preserve cross-functionality
To preserve cross-site functionality, Okta now adds the SameSite=None
attribute to all relevant cookies when the client browser is Firefox 69 or above. Previously this was enabled only for Chrome 76 and above.
App Condition available for Enroll Policy
App Condition is now available for the Enroll Policy.
Bugs Fixed in 2019.10.0
- WebAuthn Factors could not be verified using the Factors API. (OKTA-228239)
- During OAuth 2 and OIDC sign-in flows, the Okta Sign-In Widget incorrectly rendered pre-populated usernames, substituting
+
with a space. (OKTA-235187)
September
Weekly Release 2019.09.4
Change | Expected in Preview Orgs |
---|---|
Scope Naming Restriction | October 2, 2019 |
Scope Naming Restriction
OAuth Scopes are not allowed to start with the okta.
prefix. See the Note under Scope properties for more information.
Weekly Release 2019.09.3
Change | Expected in Preview Orgs |
---|---|
Bug Fixed in 2019.09.3 | September 25, 2019 |
Bug Fixed in 2019.09.3
- After a user successfully scanned the QR code and completed the MFA enrollment process, the
factorResult
parameter was missing from the response. (OKTA-244102)
Weekly Release 2019.09.2
Change | Expected in Preview Orgs |
---|---|
Bugs Fixed in 2019.09.2 | September 18, 2019 |
Bugs Fixed in 2019.09.2
- When users signed in using IdP Discovery or a Default IdP, any outgoing Hooks related to that sign-in event contained an incorrect request URL
value
. (OKTA-243190) GET
requests to the/users/me
endpoint would return hidden standard attributes. (OKTA-243864)
Monthly Release 2019.09.0
Change | Expected in Preview Orgs |
---|---|
Features API is Early Access EA in Preview and Production | September 4, 2019 |
Mappings API is now Generally Available (GA) in Production | September 4, 2019 |
Error Object in SAML assertion inline hook | September 4, 2019 |
Rate Limits for Authorization Server Public Metadata | September 4, 2019 |
Bugs Fixed in 2019.09.0 | September 4, 2019 |
Features API is Early Access (EA) in Preview and Production
The Features API provides operations to manage self-service features in your Production and Preview orgs and Beta features in your Preview org.
Mappings API is now Generally Available (GA) in Production
The Okta Mappings API provides operations to manage the mapping of properties between an Okta User's and an App User's Profile Properties using Expression Language. This feature is now GA in Production.
Error Object in SAML assertion inline hook
For the SAML assertion inline hook, if an external service returns an error
object, Okta now denies the SAML request and redirects the end user to an error page that displays the text string sent in error.errorSummary
.
Rate Limits for Authorization Server Public Metadata
The public metadata endpoints for Authorization Servers are now each assigned separate rate limits, which are not shared with other endpoints.
Bugs Fixed in 2019.09.0
Responses from the
GET /groups/rules
API included deleted groups in theassignUserToGroups.groupIds
property. (OKTA-242994)Calls to the
/users/${userid}/lifecycle/deactivate
endpoint could time out when deactivating a user with an extraordinarily high number of app assignments. (OKTA-228031)
August
Weekly Release 2019.08.3
Change | Expected in Preview Orgs |
---|---|
Bugs Fixed in 2019.08.3 | August 29, 2019 |
Bugs Fixed in 2019.08.3
The Update inline hook call wasn't replacing the whole object. (OKTA-229337)
IP addresses identified as malicious by Okta ThreatInsight were missing from Events API ("security.threat.detected") event messages. See the Event Types catalog for more information on this event message. (OKTA-242795)
Weekly Release 2019.08.2
Change | Expected in Preview Orgs |
---|---|
Bug Fixed in 2019.08.2 | August 21, 2019 |
Bug Fixed in 2019.08.2
Paginated responses from the List Users with Search API were limited to a total of 50,000 results, and following the next
link after that limit yielded an error. (OKTA-220619)
Weekly Release 2019.08.1
Change | Expected in Preview Orgs |
---|---|
Bug Fixed in 2019.08.1 | August 14, 2019 |
Bug Fixed in 2019.08.1
Some users were not able to access the Group Rules API, despite having proper permissions. (OKTA-240021)
Monthly Release 2019.08.0
Change | Expected in Preview Orgs |
---|---|
Added Support for TOTP Factor | August 7, 2019 |
Cookies updated to preserve cross-site functionality | August 7, 2019 |
Inline hooks is now GA in Preview | August 7, 2019 |
LinkedIn API V2 is now supported | August 7, 2019 |
Mappings API is now GA in Preview | August 7, 2019 |
Missing type property now returns a 400 error code | August 7, 2019 |
Bug Fixed in 2019.08.0 | August 7, 2019 |
Added Support for TOTP Factor
Okta now supports a custom MFA factor based on the time-based one-time passcode (TOTP) algorithm. For more information, see Custom HOTP Factor.
Cookies updated to preserve cross-site functionality
To preserve cross-site functionality in light of upcoming updates to Chrome (opens new window), Okta has added the SameSite=None
attribute to all relevant cookies.
Inline hooks is now GA in Preview
Inline hooks enable you to integrate your own custom functionality into Okta process flows. The framework to support them is now Generally Available (GA) in Preview.
LinkedIn API V2 is now supported
Okta now supports LinkedIn API V2. Creation of LinkedIn Identity Providers has been re-enabled in all Production orgs.
Mappings API is now GA in Preview
The Okta Mappings API provides operations to manage the mapping of properties between an Okta User's and an App User's Profile Properties using Expression Language. This feature is now GA in Preview.
Missing type property now returns a 400 error code
If you create an IP network zone (opens new window) without a type
property for an IP field, PUT or POST requests made to the Zone API now return a 400 error code.
Bug Fixed in 2019.08.0
In the Update User API, when the secondEmail
attribute in a user's profile was updated with an empty value (instead of null
), the user was incorrectly prompted for secondEmail
. (OKTA-240382)
July
Weekly Release 2019.07.2
Change | Expected in Preview Orgs |
---|---|
Deleting App Groups | July 31, 2019 |
Bug Fixed in 2019.07.2 | July 31, 2019 |
Deleting App Groups
The DELETE /groups/${groupId}
endpoint now supports deleting app groups, in addition to Okta groups. Note, however, that groups configured for group push cannot be deleted.
Bug Fixed in 2019.07.2
- When API Access Management Consent was enabled, the factor lifetime configured in the App Sign On Rule was ignored and the "Do not challenge me on this device for XXX" prompt didn't appear to the end user when signing in to an OpenID application. (OKTA-2233290)
Monthly Release 2019.07.0
Change | Expected in Preview Orgs |
---|---|
Email Factor is now GA in Production | July 10, 2019 |
LinkedIn IdP creation re-enabled in Preview | July 10, 2019 |
Email Customization disabled for free orgs | July 10, 2019 |
Email Factor is now GA in Production
The Email Factor is now Generally Available (GA) in all Production orgs.
LinkedIn IdP creation re-enabled in Preview
Creation of LinkedIn Identity Providers has been re-enabled in all Preview orgs.
Email Customization disabled for free orgs
To curtail phishing, free editions of Okta are no longer able to create and send customized email templates. For feature information, see Email and SMS Options (opens new window).
June
Weekly Release 2019.06.4
Change | Expected in Preview Orgs |
---|---|
Token expiration window increased to five years | July 3, 2019 |
Bug Fixed in 2019.06.4 | July 3, 2019 |
Token expiration window increased to five years
The refresh token expiration window has increased to a maximum of five years in custom authorization servers.
Bug Fixed in 2019.06.4
- The SystemLog V1 event type
security.password_spray.detected
has been deprecated. For threat related information, seesecurity.threat.detected
events. (OKTA-233958)
Weekly Release 2019.06.3
Change | Expected in Preview Orgs |
---|---|
Token Inline Hook Can Modify Sub-Objects and Array Elements | June 26, 2019 |
Bugs Fixed in 2019.06.3 | June 26, 2019 |
Token Inline Hook Can Modify Sub-Objects and Array Elements
The Token Inline Hook now lets you modify particular sub-objects or array elements within objects contained in claims, without needing to update the rest of the object.
Bugs Fixed in 2019.06.3
When a customer used a token inline hook and returned an
error
object to Okta, Okta failed to pass the error to the token requester. (OKTA-231397)The issuer claim inside JWT tokens was erroneously changing to all lowercase causing JWT verification failure when the application was case-sensitive. (OKTA-235710)
When a customer called the
POST /idps/credentials/keys
endpoint and supplied anx5t#S256
parameter to specify the SHA-256 thumbprint of the certificate that they were adding, Okta failed to validate the thumbprint.
Monthly Release 2019.06.0
Change | Expected in Preview Orgs |
---|---|
Email Factor is now GA in Preview | June 5, 2019 |
Users can be removed from a Profile source | June 5, 2019 |
Email Factor is now GA in Preview
The Email Factor is now Generally Available (GA) in all Preview orgs.
Users can be removed from a Profile source
Users can now be unassigned from Apps that serve as their Profile source.
May
Weekly Release 2019.05.3
Change | Expected in Preview Orgs |
---|---|
Token Inline Hook Can Modify or Remove Existing Claims (Early Access) | May 29, 2019 |
Bugs Fixed in 2019.05.3 | May 29, 2019 |
Token Inline Hook Can Modify or Remove Existing Claims (Early Access)
The token inline hook now supports changing or removing existing claims in tokens minted by the Okta Custom Authorization Server.
Bugs Fixed in 2019.05.3
Responses from the
GET /groups/rules
API failed to include a link to the next page of results in cases where there was more than one page. (OKTA-221434)Calls to the
/authorize
endpoint during the Authorization Code with PKCE flow would fail if anidp
parameter was supplied with the call (in Preview orgs only). (OKTA-229808)
Weekly Release 2019.05.2
Change | Expected in Preview Orgs |
---|---|
Bug Fixed in 2019.05.2 | May 22, 2019 |
Bug Fixed in 2019.05.2
- The response ID of the User Schema API wasn't consistent with the actual server details. When a request was sent to
GET/URL/api/v1/meta/schemas/user/default
from a preview org, the response ID always contained a production org URL. (OKTA-218937)
Weekly Release 2019.05.1
Change | Expected in Preview Orgs |
---|---|
Bugs Fixed in 2019.05.1 | May 15, 2019 |
Bugs Fixed in 2019.05.1
- When trusted apps overrode the device token, device fingerprints were lost. This caused unexpected behavior for new sign-on notification emails and device-based behavior detection. (OKTA-226646)
- When a Group admin (who manages more than 1 user group) used the API to fetch users with pagination, the request failed to create a link for the next page of users. (OKTA-222660)
Monthly Release 2019.05.0
Change | Expected in Preview Orgs |
---|---|
The Registration Inline Hook is in Early Access (EA) | May 8, 2019 |
Bugs Fixed in 2019.05.0 | May 8, 2019 |
The Registration Inline Hook is in Early Access (EA)
The registration inline hook allows you to integrate your own custom logic into Okta's Self-Service Registration flow.
Bugs Fixed in 2019.05.0
- Assigning an admin role directly to a user failed if that user was part of a group with the same admin role assignment. (OKTA-223035)
- The List Users with Search API returned outdated user data. (OKTA-215187)
April
Weekly Release 2019.04.2
Change | Expected in Preview Orgs |
---|---|
Hashed Password Imports with SHA-512 Algorithm | May 1, 2019 |
Bugs Fixed in 2019.04.2 | May 1, 2019 |
Hashed Password Imports with SHA-512 Algorithm
You can use the SHA-512 hash type when importing passwords.
Bugs Fixed in 2019.04.2
- Concurrent requests to modify the same app instance would result in an HTTP 500 error. (OKTA-205283)
- Responses from the
/oauth2/${authServerId}/.well-known/oauth-authorization-server
and/oauth2/${authServerId}/.well-known/openid-configuration
endpoints for Custom Authorization Servers would append a query parameter (client_id
) to the value returned for thejwks_uri
property. Inclusion of the query parameter was misleading because you cannot use the query parameter when calling the JWKS URI. (OKTA-217289)
Weekly Release 2019.04.1
Change | Expected in Preview Orgs |
---|---|
The Event Hooks Feature is Now Available in EA | April 17, 2019 |
Bug Fixed in 2019.04.1 | April 17, 2019 |
The Event Hooks Feature is Now Available in EA
Event hooks enable you to use events within your Okta org to trigger process flows within your own software systems.
Bug Fixed in 2019.04.1
The applicable rate limit wasn't updated when the URL for the factor verification endpoint was changed. For more details, see our Rate Limits page. (OKTA-219067)
Monthly Release 2019.04.0
Change | Expected in Preview Orgs |
---|---|
IdP Extensible Matching Rules are now GA in Preview | April 10, 2019 |
The SAML Inline Hook is in EA | April 10, 2019 |
Rate Limits Updated | April 10, 2019 |
The Sign-In Widget Version for the Custom Login Page has been Updated | April 10, 2019 |
Bug Fixed in 2019.04.0 | April 10, 2019 |
IdP Extensible Matching Rules are now GA in Preview
IdP extensible matching rules allow you to define a regular expression pattern to filter untrusted IdP usernames. For details, see our IdPs page.
The SAML Inline Hook is in EA
The SAML inline hook enables you to customize SAML assertions returned by Okta. For details, see our SAML inline hook page.
Rate Limits Updated
Okta's API rate limits have been updated:
- OAuth 2 rate limits were updated and clarified for all orgs.
- The limit for the
api/v1/apps endpoint
was updated for Enterprise orgs. For details, see our Rate Limits page.
The Sign-In Widget Version for the Custom Login Page has been Updated
Custom Sign-in Pages can now use Sign-In Widget version 2.18. When you select the "latest" option, you automatically use 2.18. For more information, see our Sign-In Widget page.
Bug Fixed in 2019.04.0
IdPs did not match the user with the USERNAME_OR_EMAIL
property when IDP_EXTENSIBLE_MATCHING_RULES
was enabled. For details, see our IdPs page. (OKTA-218007)
March
Weekly Release 2019.03.3
Change | Expected in Preview Orgs |
---|---|
Bugs Fixed in 2019.03.3 | March 26, 2019 |
Bugs Fixed in 2019.03.3
- When Creating a User with Imported Hashed Password, if the hash algorithm was SHA-256, the operation previously required a salt to be provided. (OKTA-214183)
Weekly Release 2019.03.2
Change | Expected in Preview Orgs |
---|---|
PKCE for Browser Clients, CORS Headers for OAuth 2 Token Endpoint | March 20, 2019 |
Bugs Fixed in 2019.03.2 | March 20, 2019 |
PKCE for Browser Clients, CORS Headers for OAuth 2 Token Endpoint
Okta now supports Proof Key for Code Exchange (PKCE) for browser clients and returns CORS headers on the OAuth 2.0 Token endpoints.
Bugs Fixed in 2019.03.2
- Under some circumstances, users in a locked out state would receive success responses from the SMS recovery API. (OKTA-207288)
- In some instances, users who were not Okta-sourced would have inaccurate
passwordChanged
values in API responses. (OKTA-210233) - SAML applications created through the API would not save the value for the
HonorForceAuthn
property. (OKTA-209083) - For SAML applications, the
attributeStatements
object would not update if anull
value was passed as part of a PUT operation. (OKTA-209767)
Weekly Release 2019.03.1
Note: Okta has changed our release model and version numbering. For more information, see here: https://support.okta.com/help/s/article/New-Okta-Release-Model (opens new window)
Change | Expected in Preview Orgs |
---|---|
Bug Fixed in 2019.03.1 | March 13, 2019 |
Previously Released Early Access Features 2019.03.1 Update | Available Now |
Bug Fixed in 2019.03.1
- The Hypertext Application Language links for the inlineHooks API response objects referred to an invalid URL. (OKTA-1211982)
Previously Released Early Access Features 2019.03.1 Update
The following features have already been released as Early Access. To enable them, contact Support (opens new window).
Early Access Features Available Now |
---|
Custom domains |
Custom Okta-hosted Sign-In Page |
Custom Error Page |
User Consent for OAuth 2.0 and OpenID Connect Flows |
Monthly Release 2019.03.0
Note: Okta has changed our release model and version numbering. For more information, see: https://support.okta.com/help/s/article/New-Okta-Release-Model (opens new window)
Change | Expected in Preview Orgs |
---|---|
Password Import Supports SHA-1 and MD5 | March 6, 2019 |
Enable Role Assignment to Every Member of a Group | March 6, 2019 |
New Rate Limits for /users/me | March 6, 2019 |
Generic OIDC IdP is now GA in Preview | March 6, 2019 |
User Search is now GA in Production | March 6, 2019 |
The Import Inline Hook is in EA | March 6, 2019 |
Previously Released Early Access Features 2019.03.0 Update | Available Now |
Password Import Supports SHA-1 and MD5
The Create/Update User API now supports importing users with SHA-1 and MD5 credentials. For more information, see our Users page.
Enable Role Assignment to Every Member of a Group
Super and Org Admins can now assign and unassign roles to every user in a group using the APIs. For more information, see our Roles page.
New Rate Limits for /users/me
The rate limits for the /users/me
endpoint have been updated. For more information, see our Rate Limits page.
Generic OIDC IdP is now GA in Preview
Generic OpenID Connect allows users to sign in to an Okta org using their credentials from their existing account at an OIDC Identity Provider. A generic OIDC IdP can be a third-party IdP that supports OIDC, such as Salesforce or Yahoo or your own custom IdP. You can also configure federation between Okta orgs using OIDC as a replacement for SAML. For more information, see Federate Okta with OpenID Connect.
User Search is now GA in Production
Extended search capabilities for the /users
endpoint is now Generally Available. For more information, see our Users page.
The Import Inline Hook is in EA
The import inline hook enables you to add custom logic to the process of importing new users into Okta from an app.
Previously Released Early Access Features 2019.03.0 Update
The following features have already been released as Early Access. To enable them, contact Support (opens new window).
Early Access Features Available Now |
---|
Custom domains |
Custom Okta-hosted Sign-In Page |
Custom Error Page |
User Consent for OAuth 2.0 and OpenID Connect Flows |
February
Monthly Release 2019.02.0
Note: Okta has changed our release model and version numbering. For more information, see here: https://support.okta.com/help/s/article/New-Okta-Release-Model (opens new window)
Change | Expected in Preview Orgs | Rollout to Production Orgs Expected to Start |
---|---|---|
Imported Hashed User Passwords Generally Available | February 6, 2019 | March 11, 2019 |
Inline hooks | February 6, 2019 | February 19, 2019 |
Token inline hook | February 6, 2019 | February 19, 2019 |
Signature and Digest Algorithms for Template WS-FED Apps | February 6, 2019 | February 19, 2019 |
Google Integration Updated | February 6, 2019 | February 19, 2019 |
High Capacity Rate Limits | February 6, 2019 | February 19, 2019 |
Creation of LinkedIn IdPs Temporarily Disabled | February 14, 2019 | February 19, 2019 |
Bug Fixed in 2019.02.0 | February 6, 2018 | February 19, 2019 |
Previously Released Early Access Features 2019.02.0 Update | Available Now | Available Now |
Imported Hashed User Passwords Generally Available
Use of imported hashed passwords when creating or updating users in the Users API is now Generally Available (GA).
Inline hooks
Inline hooks enable you to integrate your own custom functionality into Okta process flows. The framework to support them is now in Early Access (EA/).
Token inline hook
The token inline hook enables you to integrate your own custom functionality into the process of minting OAuth 2.0 and OpenID Connect tokens.
Signature and Digest Algorithms for Template WS-Fed Apps
Template WS-Fed applications can now choose between SHA1 and SHA256 options for their Signature and Digest Algorithms. In addition, all Template WS-Fed applications will have X.509 certs signed with SHA256.
Google Integration Updated
Okta's Google social login integration has been updated to account for the deprecation of the Google+ API. More information can be found in our Knowledge Base (opens new window).
High Capacity Rate Limits
A new High Capacity Rate Limit SKU is now available. The impacted endpoints and their rate limits can be found on our Rate Limits page.
Creation of LinkedIn IdPs Temporarily Disabled
We have disabled the creation of new LinkedIn identity providers until further notice due to the upcoming LinkedIn API V1 deprecation.
Bug Fixed in 2019.02.0
- There was a typo in the error text returned when a property was set to a 4-byte UTF-8 character (such as an emoji) in a field that does not allow such characters.
Previously Released Early Access Features 2019.02.0 Update
The following features have already been released as Early Access. To enable them, contact Support (opens new window).
Early Access Features Available Now |
---|
Custom domains |
Custom Okta-hosted Sign-In Page |
Custom Error Page |
User Consent for OAuth 2.0 and OpenID Connect Flows |
January
Weekly Release 2019.01.2
Note: Okta has changed our release model and version numbering. For more information, see here: https://support.okta.com/help/s/article/New-Okta-Release-Model (opens new window)
Change | Expected in Preview Orgs | Rollout to Production Orgs Expected to Start |
---|---|---|
Bug Fixed in 2019.01.2 | January 30, 2019 | February 4, 2019 |
Previously Released Early Access Features 2019.01.2 Update | Available Now | Available Now |
Bug Fixed in 2019.01.2
Admin roles that were granted, scoped, or revoked through the Roles API did not appear in the System Log.
Verifying an OTP using the Voice Call MFA factor failed when the user tried to verify with the OTP within 30 seconds after auto-activation of the Voice Call MFA factor.
Previously Released Early Access Features 2019.01.2 Update
The following features have already been released as Early Access. To enable them, contact Support (opens new window).
Early Access Features Available Now |
---|
Custom domains |
Custom Okta-hosted Sign-In Page |
Custom Error Page |
User Consent for OAuth 2.0 and OpenID Connect Flows |
Monthly Release 2019.01.0
Note: Okta has changed our release model and version numbering. Under the old system, this would have been release
2019.1
. For more information, see here: https://support.okta.com/help/s/article/New-Okta-Release-Model (opens new window)
Change | Expected in Preview Orgs | Rollout to Production Orgs Expected to Start |
---|---|---|
Social Authentication Generally Available | January 9, 2019 | January 14, 2019 |
IdP Discovery Generally Available | January 9, 2019 | January 14, 2019 |
Relay State Format Now Configurable for SAML IdPs | January 9, 2019 | January 14, 2019 |
No Events API Access for New Orgs | January 9, 2019 | January 14, 2019 |
Updated Office 365 Legacy Rate Limit | January 9, 2019 | January 14, 2019 |
Bug Fixed in 2019.01.0 | January 9, 2018 | January 14, 2019 |
Previously Released Early Access Features 2019.01.0 Update | Available Now | Available Now |
Social Authentication Generally Available
Social Authentication is now Generally Available (GA).
IdP Discovery Generally Available
IdP Discovery is now Generally Available (GA) as part of the Policy API.
Relay State Format Now Configurable for SAML IdPs
The Protocol Object now contains a Relay State object that allows an admin to configure the Relay State format on the SAML IdP.
No Events API Access for New Orgs
As part of the deprecation process, new orgs created from this release onwards will not have access to the Events API.
Updated Office 365 Legacy Rate Limit
The default legacy rate limit for the /app/office365/{key}/sso/wsfed/active
endpoint has been lowered from 2000 to 1000.
Bug Fixed in 2019.01.0
- Some orgs were unable to create the number of users that they were entitled to. (OKTA-203819)
Previously Released Early Access Features 2019.01.0 Update
The following features have already been released as Early Access. To enable them, contact Support (opens new window).
Early Access Features Available Now |
---|
Custom domains |
Custom Okta-hosted Sign-In Page |
Custom Error Page |
User Consent for OAuth 2.0 and OpenID Connect Flows |