On This Page

2020.12.0

Change Expected in Preview Orgs
Inclusive language and terminology December 9, 2020
New OAuth Administrator Roles API scopes December 9, 2020
New endpoint added to DynamicScale Rate Limits December 9, 2020
Account linking for SAML IdPs is now GA in Production December 9, 2020
One Time Use Refresh Token is now in Early Access (EA) December 9, 2020
Enhancements to Apps API for Idp Initiated Logins December 9, 2020
Enhancements to Apps API for SAML Apps December 9, 2020
Groups API extended search is now GA in Preview December 9, 2020

Inclusive language and terminology

Okta is focused on the adoption of inclusive language and communication. Some long-standing industry terminology and expressions have been updated in this release. More updates will be made in future releases.

In this release, the documentation for Custom Groups Claims has been updated with inclusive terminology. The term "whitelist" has been replaced with "allow list":

Existing custom claims that use the groupwhitelist Profile property don't need to change.

New OAuth Administrator Roles API scopes

The Administer Roles API now supports OAuth scopes okta.roles.manage and okta.roles.read. These scopes allow applications to read and manage (create, update, and delete) administrator roles in your Okta organization.

New endpoint added to DynamicScale rate limits

The DynamicScale add-on service now includes the following additional authentication endpoint: /login/login.html.

Account linking for SAML IdPs is now GA in Production

Admins can now enable or disable automatic account linking between SAML Identity Providers and Okta using the Identity Provider API. They can also restrict account linking based on whether the end user is a member of any specified groups.

One Time Use Refresh Token is now in Early Access (EA)

One Time Use Refresh Token, also called Refresh Token Rotation, is now in Early Access. Refresh Token Rotation helps a public client to securely rotate refresh tokens after each use. A new refresh token is returned each time the client makes a request to exchange a refresh token for a new access token. See Refresh Token Rotation.

Enhancements to Apps API for Idp Initiated Logins

The Apps API can now configure the Idp Initiated Login behavior, which is also available in the Admin Console. Note: The Idp Initiated Login is limited to OpenID Connect clients.

Enhancements to Apps API for SAML Apps

The Apps API can now configure the SLO URL behavior for SAML apps, which is also available in the Admin Console.

Groups API extended search is now GA in Preview

The Groups API support for extended search is now Generally Available (GA) in Preview.