On This Page
|Change||Expected in Preview Orgs|
|Inclusive language and terminology||December 9, 2020|
|New OAuth Administrator Roles API scopes||December 9, 2020|
|New endpoint added to DynamicScale Rate Limits||December 9, 2020|
|Account linking for SAML IdPs is now GA in Production||December 9, 2020|
|One Time Use Refresh Token is now in Early Access (EA)||December 9, 2020|
|Enhancements to Apps API for Idp Initiated Logins||December 9, 2020|
|Enhancements to Apps API for SAML Apps||December 9, 2020|
|Groups API extended search is now GA in Preview||December 9, 2020|
Okta is focused on the adoption of inclusive language and communication. Some long-standing industry terminology and expressions have been updated in this release. More updates will be made in future releases.
In this release, the documentation for Custom Groups Claims has been updated with inclusive terminology. The term "whitelist" has been replaced with "allow list":
Existing custom claims that use the
groupwhitelist Profile property don't need to change.
The Administer Roles API now supports OAuth scopes
okta.roles.read. These scopes allow applications to read and manage (create, update, and delete) administrator roles in your Okta organization.
The DynamicScale add-on service now includes the following additional authentication endpoint:
Admins can now enable or disable automatic account linking between SAML Identity Providers and Okta using the Identity Provider API. They can also restrict account linking based on whether the end user is a member of any specified groups.
One Time Use Refresh Token, also called Refresh Token Rotation, is now in Early Access. Refresh Token Rotation helps a public client to securely rotate refresh tokens after each use. A new refresh token is returned each time the client makes a request to exchange a refresh token for a new access token. See Refresh Token Rotation.
The Apps API can now configure the Idp Initiated Login behavior, which is also available in the Admin Console. Note: The Idp Initiated Login is limited to OpenID Connect clients.
The Apps API can now configure the SLO URL behavior for SAML apps, which is also available in the Admin Console.
The Groups API support for extended search is now Generally Available (GA) in Preview.