On this page
Okta Classic Engine API release notes (2026)
Subscribe to RSS
February
Monthly release 2026.02.0
| Change | Expected in Preview Orgs |
|---|---|
| Lightweight Directory Access Protocol Bidirectional Group Management is GA in Production | December 5, 2025 |
| Developer documentation updates in 2026.02.0 | February 4, 2026 |
| Bugs fixed in 2026.02.0 |
Lightweight Directory Access Protocol Bidirectional Group Management
The Bidirectional Group Management API (opens new window) has been expanded to allow you to manage Lightweight Directory Access Protocol (LDAP) groups from within Okta. You can add or remove users from groups based on their identity and access requirements. This ensures that changes made to user access in Okta are reflected in LDAP.
Okta can only manage group memberships for users and groups imported into Okta using the LDAP or Active Directory (AD) integration. It isn't possible to manage users and groups that weren't imported through LDAP or AD integration or are outside the organizational unit's scope for the integration using this feature.
Developer documentation updates in 2026.02.0
- All references to deprecated API Postman collections are now removed from Home | Okta Developer (opens new window) and replaced with references to the Okta Public API Collections (opens new window) workspace.
- The new Universal Directory concept provides a comprehensive overview of Okta’s Universal Directory (UD). UD is the centralized data layer that serves as the foundation for the entire Okta platform. This new doc replaces the previous User Profiles concept and goes into more depth on its components and advantages.
- The Okta developer portal search results now include the API references.
Bugs fixed in 2026.02.0
- When users requested metadata for a non-existent identity provider, the system attempted to trigger an undefined error code. This caused a secondary exception in the Splunk logs. (OKTA-504955)
- When no-cache, no-store headers from
/oauth2/<authorizationServerId>/v1/keyswere returned, it caused an unnecessarily high number of requests to/oauth2/<authorizationServerId>/v1/keys. (OKTA-1099636) - Scopes that were skipped during granular consent were still included in the access token after grants were created. (OKTA-1045702)
January
Weekly release 2026.01.2
| Change | Expected in Preview Orgs |
|---|---|
| Bug fixed in 2026.01.2 | January 28, 2026 |
Bug fixed in 2026.01.2
When you call the List all Groups API (/api/v1/groups (opens new window)) with the expand=stats query parameter, the response returned inaccurate data for the _embedded.stats.hasAdminPrivileges field for groups with assigned custom roles. (OKTA-1094903)
Weekly release 2026.01.1
| Change | Expected in Preview Orgs |
|---|---|
| Bugs fixed in 2026.01.1 | January 14, 2026 |
Bugs fixed in 2026.01.1
The
agentTypeparameter wasn't required in thePOST /api/v1/agentPoolsendpoint and an exception didn't occur if that parameter was missing. (OKTA-1071106)After provisioning a group from Active Directory or reactivating a user in an Okta group (Reactivate a user API (opens new window)), Okta assigned an admin role to the user through group rules but didn't create a System Log event for the assignment. (OKTA-1071233)
Monthly release 2026.01.0
| Change | Expected in Preview Orgs |
|---|---|
| Encryption of ID tokens and access tokens is GA in Production | August 7, 2025 |
| Unified claims generation for custom apps is GA in Production | July 30, 2025 |
| Additional Anything-as-a-Source API endpoints is GA in Production | December 10, 2025 |
| Anything-as-a-Source for groups and group memberships API is GA in Production | December 10, 2025 |
| Developer documentation updates in 2026.01.0 | January 7, 2026 |
| Bugs fixed in 2026.01.0 | January 8, 2025 |
Encryption of ID tokens and access tokens is GA in Production
You can now encrypt OIDC ID tokens for Okta-protected custom app integrations using JSON Web Encryption. You can also now encrypt access tokens minted by a custom authorization server. See Key management.
Unified claims generation for custom apps is GA in Production
Unified claims generation is a new streamlined interface for managing claims (OIDC) and attribute statements (SAML) for Okta-protected custom app integrations. In addition to group and user profile claims, the following new claim types are available: entitlements (required OIG), device.profile, session.id, and session.amr. See Okta Expression Language in Identity Engine.
Additional Anything-as-a-Source API endpoints is GA in Production
Anything-as-a-Source (XaaS) capabilities allow customers to use a custom identity source with Okta. With XaaS, customers can source entities such as users into Okta Universal Directory by connecting a custom HR app or a custom database. This release offers Anything-as-a-Source APIs for both individual operations and bulk operations on groups, group memberships, and users. Okta now enables creating and updating users, creating and updating groups, and managing group memberships into Okta Universal Directory from any identity source using the Identity Source APIs. See Identity Sources (opens new window).
Anything-as-a-Source for groups and group memberships API is GA in Production
Anything-as-a-Source (XaaS) capabilities allow customers to use a custom identity source with Okta. With XaaS, customers can source entities such as users into Okta Universal Directory by connecting a custom HR app or a custom database. This release offers XaaS capabilities with groups and group memberships, allowing customers to start sourcing groups with XaaS. Okta now enables creating and updating users, creating and updating groups, and managing group memberships into Okta Universal Directory from any identity source using the Identity Source APIs. See Identity Sources (opens new window).
Developer documentation updates in 2026.01.0
- The rate limits documentation has been revised and updated on the References tab. New updates include detailed explanations on rate limit buckets, as well as more information on how to increase your rate limits. See the Rate Limits overview.
- The Okta API release notes now provide an RSS feed for each API release note category: Classic Engine, Identity Engine, Identity Governance, Privileged Access, Access Gateway, and Aerial. Click the RSS icon to subscribe.
Bugs fixed in 2026.01.0
The following attributes weren't properly being gated as reserved attributes:
orgid,activationstatus,apistatus,logintype,initialreconcilecomplete,activationdate,statuschangeddate,apilastupdate,passwordexpirationguess,passwordexpirationcursor,numunlocks,changedstatus. See Review reserved attributes (opens new window). (OKTA-1049339)An error sometimes occurred when an admin attempted to update the username for an app user. (OKTA-1047716)
