Okta Privileged Access API release notes (2025)

Okta Privileged Access (OPA) is available for both Okta Classic and Identity Engine.

August

Weekly release 2025.08.2

Change	Expected in Preview
Active Directory Remote Desktop Protocol (RDP) support is EA	August 20, 2025

Active Directory Remote Desktop Protocol (RDP) support is EA

Security admins can grant users RDP access to Windows servers with Active Directory (AD) credentials. After RDP access is granted, end users can connect to Windows servers through RDP using the SFT client. Security admins can set requirements, such as multifactor authentication, approval requests, or resource checkout, in order for users to connect through RDP. Currently, gateways aren't supported for RDP connections with AD credentials.

You can grant RDP permission to AD users on Windows servers through the security policy. See privileges (opens new window) in the Security Policy API. See user access method details in the List all user access methods for an Active Directory account (opens new window) method and in Server Resolve resource names (opens new window). For product documentation, see Add rules to a policy (opens new window).

Monthly release 2025.08.0

Active Directory rotate password configuration is EA

Resource admins can now disable the initial password rotation for discovered Active Directory (AD) accounts. Previously, all new or updated AD accounts discovered were automatically initiated for password rotation. Security admins can now set up security policies with rotate-password privileges. End users under that security policy can rotate accessible AD accounts regardless of whether the password was initially rotated. This feature provides the flexibility for OPA admins and end users to manage password rotation.

• Resource admins can disable initial password rotation through an AD account rule (see enable_initial_password_rotation in Create an Active Directory account rule (opens new window)).
• Security admins can create security policies with AD rules that enable password rotation privileges for end users (see the update_password privilege in rules.privileges (opens new window) from Create a security policy (opens new window)).
• End users with the rotate password privilege can rotate their account password (see Rotate the password for Active Directory account (opens new window)).

Service Accounts API is EA

The new Service Accounts API (opens new window) is now available for Okta Privileged Access-enabled orgs. This API allows you to manage SaaS or On-Prem Provisioning (OPP) app accounts. App accounts that you create through the Service Accounts API are visible to resource admins in the Okta Privileged Access dashboard. See Manage service accounts (opens new window) in the Okta Privileged Access product documentation.

This feature is available only if you're subscribed to Okta Privileged Access. Ensure that you've set up the Okta Privileged Access app before creating app accounts through the API.

Search capability for Okta Privileged Access secrets

Okta Privileged Access users can now search secrets and their folders. A new search query parameter is available for the List top-level secret folder for a user (opens new window) operation. End users can search for secrets or secret folders that they have access to by the secret name or description that contains a substring.

June

Monthly release 2025.06.0

Updates to password rotation frequency

You can now schedule the password rotation frequency for all projects up to a maximum of 400 days. The periodic_rotation_duration_in_seconds parameter now has a maximum value of 34,560,000 seconds in the following operations:

• Update project password policy for server accounts (opens new window)(/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_password_settings)
• Update a project password policy for Active Directory resources (opens new window) (/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/active_directory_password_settings)

May

Weekly release 2025.05.3

• OPA Active Directory API resources are EA
• Cloud Infrastructure Entitlements API is deprecated

OPA Active Directory API resources are EA

You can now manage Okta Privileged Access (OPA) Active Directory (AD) integrations through the API. To enable this Early Access feature, contact Okta Support. See the Manage Active Directory accounts (opens new window) product documentation. The following OPA AD API resources are available:

• Active Directory Accounts API (opens new window)
• Active Directory Connections API (opens new window)
• Active Directory resources through the Projects API (opens new window)

Cloud Infrastructure Entitlements API is deprecated

The Cloud infrastructure entitlements feature is no longer supported in Okta Privileged Access. All resources in the Cloud Infrastructure Entitlements API are now deprecated.