On this page
Okta Classic Engine API release notes (2026)
Subscribe to RSS
January
Weekly release 2026.01.2
| Change | Expected in Preview Orgs |
|---|---|
| Bug fixed in 2026.01.2 | January 28, 2026 |
Bug fixed in 2026.01.2
When you call the List all Groups API (/api/v1/groups (opens new window)) with the expand=stats query parameter, the response returned inaccurate data for the _embedded.stats.hasAdminPrivileges field for groups with assigned custom roles. (OKTA-1094903)
Weekly release 2026.01.1
| Change | Expected in Preview Orgs |
|---|---|
| Bugs fixed in 2026.01.1 | January 14, 2026 |
Bugs fixed in 2026.01.1
The
agentTypeparameter wasn't required in thePOST /api/v1/agentPoolsendpoint and an exception didn't occur if that parameter was missing. (OKTA-1071106)After provisioning a group from Active Directory or reactivating a user in an Okta group (Reactivate a user API (opens new window)), Okta assigned an admin role to the user through group rules but didn't create a System Log event for the assignment. (OKTA-1071233)
Monthly release 2026.01.0
| Change | Expected in Preview Orgs |
|---|---|
| Encryption of ID tokens and access tokens is GA in Production | August 7, 2025 |
| Unified claims generation for custom apps is GA in Production | July 30, 2025 |
| Additional Anything-as-a-Source API endpoints is GA in Production | December 10, 2025 |
| Anything-as-a-Source for groups and group memberships API is GA in Production | December 10, 2025 |
| Developer documentation updates in 2026.01.0 | January 7, 2026 |
| Bugs fixed in 2026.01.0 | January 8, 2025 |
Encryption of ID tokens and access tokens is GA in Production
You can now encrypt OIDC ID tokens for Okta-protected custom app integrations using JSON Web Encryption. You can also now encrypt access tokens minted by a custom authorization server. See Key management.
Unified claims generation for custom apps is GA in Production
Unified claims generation is a new streamlined interface for managing claims (OIDC) and attribute statements (SAML) for Okta-protected custom app integrations. In addition to group and user profile claims, the following new claim types are available: entitlements (required OIG), device.profile, session.id, and session.amr. See Okta Expression Language in Identity Engine.
Additional Anything-as-a-Source API endpoints is GA in Production
Anything-as-a-Source (XaaS) capabilities allow customers to use a custom identity source with Okta. With XaaS, customers can source entities such as users into Okta Universal Directory by connecting a custom HR app or a custom database. This release offers Anything-as-a-Source APIs for both individual operations and bulk operations on groups, group memberships, and users. Okta now enables creating and updating users, creating and updating groups, and managing group memberships into Okta Universal Directory from any identity source using the Identity Source APIs. See Identity Sources (opens new window).
Anything-as-a-Source for groups and group memberships API is GA in Production
Anything-as-a-Source (XaaS) capabilities allow customers to use a custom identity source with Okta. With XaaS, customers can source entities such as users into Okta Universal Directory by connecting a custom HR app or a custom database. This release offers XaaS capabilities with groups and group memberships, allowing customers to start sourcing groups with XaaS. Okta now enables creating and updating users, creating and updating groups, and managing group memberships into Okta Universal Directory from any identity source using the Identity Source APIs. See Identity Sources (opens new window).
Developer documentation updates in 2026.01.0
- The rate limits documentation has been revised and updated on the References tab. New updates include detailed explanations on rate limit buckets, as well as more information on how to increase your rate limits. See the Rate Limits overview.
- The Okta API release notes now provide an RSS feed for each API release note category: Classic Engine, Identity Engine, Identity Governance, Privileged Access, Access Gateway, and Aerial. Click the RSS icon to subscribe.
Bugs fixed in 2026.01.0
The following attributes weren't properly being gated as reserved attributes:
orgid,activationstatus,apistatus,logintype,initialreconcilecomplete,activationdate,statuschangeddate,apilastupdate,passwordexpirationguess,passwordexpirationcursor,numunlocks,changedstatus. See Review reserved attributes (opens new window). (OKTA-1049339)An error sometimes occurred when an admin attempted to update the username for an app user. (OKTA-1047716)
