On This Page
|Change||Expected in Preview Orgs|
|Inclusive language and terminology||November 4, 2020|
|System Log API adds additional filter expressions||November 4, 2020|
|Zones API includes ||November 4, 2020|
|Client-based rate limiting is now GA in Production||(See entry)|
|User Consent for OAuth 2.0 and OpenID Connect flows is rolling out to GA in Production||(See entry)|
|Account linking for SAML IdPs is now GA in Preview||November 4, 2020|
|Group object ||November 4, 2020|
|MyAccount API is now in Early Access (EA)||November 4, 2020|
|Bug Fixed in 2020.11.0||November 4, 2020|
Okta is focused on the adoption of inclusive language and communication. Some long-standing industry terminology and expressions have been updated in this release. More updates will be made in future releases.
The descriptive information returned on both the invalid redirect URI and invalid logout URI error pages has been updated to remove the term "whitelisted".
The System Log API
/logs endpoint can now use the SCIM filter expression operators:
ew (ends with),
ne (not equal), and
not (not function).
To help you manage zones in your organization, the Early Access Zones API now includes the
usage attribute. There are two types of zones: Policy Network Zones and Block List Network Zones.
Client-based rate limiting for the
/authorize endpoint is now available in production orgs. It provides granular isolation between requests made to the
/authorize endpoint by using a combination of the Client ID, user's IP address, and Okta device identifier. This isolates rogue OAuth clients and bad actors, ensuring valid users and applications don't run into rate limit violations.
This feature will be available to orgs in Okta Production cells on November 9, 2020.
A consent represents a user's explicit permission to allow an application to access resources protected by scopes. As part of an OAuth 2.0 or OpenID Connect authentication flow, you can prompt the user with a page to approve your app's access to specified resources. See the consent property for scopes.
This feature will be gradually made available to orgs in Okta Production cells beginning on November 11, 2020.
Admins can now enable or disable automatic account linking between SAML Identity Providers and Okta using the Identity Provider API. They can also restrict account linking based on whether the end user is a member of any specified groups.
For API requests that return a Group or a list of Groups, the Group object includes a
source property that provides the ID of the source application for the returned Group. This property is now GA in all Preview orgs. See Group attributes.
expiresAt property value of the Authentication transaction object was returned with an
/authn response that also included the
sessionToken parameter (not
stateToken), the value incorrectly indicated a 3-minute lifetime. (OKTA-319907)