On This Page

2021.01.0

Change Expected in Preview Orgs
Group object source property is now GA in Production January 7, 2021
New Apps API endpoints in Early Access (EA) January 7, 2021
Developers can now use SWA for testing SCIM app integrations January 7, 2021
The Subscriptions API is now available in Self-Service Early Access (EA) January 7, 2021
New phone rate limits January 7, 2021
WebAuthn feature validation updates with Trusted Origins API January 7, 2021
Bug fixed in 2021.01.0 January 7, 2021

Group object source property is now GA in Production

For Groups API requests that return a Group or a list of Groups, the Group object type APP_GROUP includes a source property that provides the ID of the source application for the returned Group. This property is now GA in Production. See Group attributes.

New Apps API endpoints in Early Access (EA)

The Apps API now includes additional Early Access endpoints and objects for provisioning connections and features:

These updates improve the ability of administrators to configure application logos and provisioning details, previously available only through the Admin Console.

Note: Currently, only the Okta Org2Org application supports Application Provisioning Connection and Application Features operations.

Developers can now use SWA for testing SCIM app integrations

ISVs and developers who want to create and submit a SCIM-only app integration to the OIN can now use SWA as the sign-in method for SCIM app testing.

The Subscriptions API is now available in Self-Service Early Access (EA)

The Subscriptions API is now available in Self-Service EA. The Subscriptions API provides operations to manage email subscription settings for Okta administrator notifications.

New phone rate limits

Users who attempt Voice and SMS enrollment can now be rate limited. Voice and SMS enrollment rate-limit events are now logged in the System Log.

See System Log events for rate limits.

WebAuthn feature validation updates with Trusted Origins API

The WebAuthn feature now supports trusted cross-origin and cross-Relying Party Identifier (RP ID) validation when using the Trusted Origins API. Trusted Origins are configured in the Okta Trusted Origins framework either through the Admin Console or using the API. These Trusted Origins, configured with the CORS scope, now support orgs using WebAuthn for sign-in pages hosted at Trusted Origins distinct from the org's Okta URL (that is, different from the org's Okta or custom domain URL).

Bug fixed in 2021.01.0

Non-CORS requests to the OAuth 2.0 /introspect and /revoke endpoints failed when the Okta session cookie was present. (OKTA-356288)