Production release notes

Help us improve our release notes by filling out this short survey.

Current release status

Current Upcoming
Production 2023.08.2 2023.08.3 Production release is scheduled to begin deployment on September 5
Preview 2023.08.2

2023.08.3 Preview release is scheduled to begin deployment on August 30

August 2023

2023.08.0: Monthly Production release began deployment on August 14

* Features may not be available in all Okta Product SKUs.

Content

Generally Available Features

Okta AD agent, version 3.16.0

When the executor.log and coordinator.log files exceed 5 MB in size, the contents roll over into executor.log.old and coordinator.log.old files.

Okta Active Directory Federation Services Plugin, version 1.7.13

Version 1.7.13 of the Okta Active Directory Federation Services (ADFS) Plugin is now available for download. It includes support for Microsoft Windows Server 2022 and includes bug fixes and security hardening. See Okta ADFS Plugin version history.

Telephony inline hook required for phone authenticator

New orgs now require a Telephony inline hook to use the phone authenticator. You can connect an external telephony provider with Okta using the inline hook. See Phone authenticator. Alternatively, you can acquire the Okta SMS/Voice SKU.

Redesigned resource set pages

The Create new resource set and Edit resource set pages that are displayed when an admin creates or edit a resource set now provide a simpler, more intuitive user experience. See Create a resource set.

Hardware-protected FIDO2 WebAuthn available

Hardware-protected FIDO2 WebAuthn as defined by the FIDO Metadata Service is now available in authentication policies when the Hardware-protected checkbox is selected. See About MFA authenticators.

Integrate with any identity source

To get Okta's full HR-driven provisioning and LCM functionality for an HR integration, customers previously had to use one of five pre-integrated HR systems or build complex custom code with the Okta Users API to replicate some of Okta’s LCM functionality for other identity sources.

With Anything-as-a-Source (XaaS), customers now have the flexibility to connect any identity source to Okta and realize the full benefits of HR-driven provisioning with a simpler solution. See Anything-as-a-Source.

Smart Card authenticator available

You can add a new Smart Card authenticator that enables PIV to be used in authentication policies. You can also restrict the authentication policies to use only Smart Card Authenticator as MFA. See Configure the Smart Card authenticator.

Getting Started video for new orgs

The Getting Started page now displays an introductory video. The video provides a quick overview of the common tasks and functions for new orgs, and helps admins familiarize themselves with the Admin Console. See Get started with Okta.

API service integration client secret rotation in the Admin Console

New in this release is the ability to rotate client secrets for an API service integration through the Admin Console. Previously, if a customer wanted to update the client secret for an API service integration, they had to reinstall the integration to obtain a new client ID and secret. There was no option to revoke the client secret while maintaining the client ID and API service integration instance in Okta. With this new feature, customers can generate a new secret, deactivate an old secret, and remove a deactivated secret from the API service integration instance. These functionalities help customers implement security best practices without service downtime. See API Service Integrations.

New event hooks for User Auth Events

Two additional event hooks are now available under User Auth Events:

  • User's session was cleared
  • User's MFA factor was updated

New application lifecycle event hook

An event hook to deny user access due to a condition in an authentication policy is now available to admins. See Create an event hook .

Polling enhancements for Agentless DSSO

When the server is in SAFE_MODE, Agentless DSSO polling signs in a user if they are in ACTIVE state in Okta.

Early Access Features

Configure management attestation for mobile devices with pre-existing security key

You can now use a pre-existing secret key when you configure Device Management for mobile devices. If you upgrade from Classic Engine, you can reuse your secret key in Identity Engine. See Configure Device Management for mobile devices.

Fixes

  • OKTA-575884

    The Okta Active Directory Federation Services (ADFS) Plugin wrote errors to the plugin log when users attempted to sign in.

  • OKTA-595086

    The display of the authorization server Access Policies page froze with large numbers of policies.

  • OKTA-596293

    After upgrades to Identity Engine, users were sometimes asked to re-authenticate when refreshing their Okta dashboards even though the sessions were still valid.

  • OKTA-606898

    Some users got stuck in a password expiration warning loop when they signed in with AD delegated authentication and updated their password.

  • OKTA-610347

    Some orgs couldn't add more than 50 global session policies.

  • OKTA-617816

    After orgs upgraded to Identity Engine, the application name in OV Push disappeared.

  • OKTA-626699

    On the Administrator assignment by admin page, the Role dropdown list sometimes displayed duplicate admin roles.

  • OKTA-626968

    The error message that appeared when the admin attempted to add an inactive Smart Card IdP to the authenticator didn't mention the name of the IdP.

  • OKTA-631657

    Users were sometimes improperly redirected to a device-posture provider when none was configured in the authentication policy.

  • OKTA-631752

    Adding some IdPs as Factor only caused errors.

  • OKTA-632786

    Admins could require Smart Card in an authentication policy even when it wasn't set up as an authenticator.

Applications

New Integrations

New SCIM Integration applications

The following partner-built provisioning integration apps are now Generally Available in the OIN:

SAML for the following Okta Verified applications

OIDC for the following Okta Verified applications

Weekly Updates

Fixes

  • OKTA-619028

    Read-only admins received user reports of suspicious activity email notifications in error.

  • OKTA-624193

    The Access Testing Tool results showed an incorrect value for the profile enrollment self-service registration option.

  • OKTA-627533

    Removing the emailAuthenticationLink variable from the email template didn't update the Sign-In Widget.

  • OKTA-631142

    Orgs using a custom client_id in their OAuth2 client apps were unable to delete enrolled users.

  • OKTA-632131

    OpenID Connect /token requests using the SAML 2.0 Assertion grant type flow failed if the SAML assertion expiry was greater than 30 days.

  • OKTA-632850

    Slack provisioning didn't automatically retry after exceeding rate limits.

  • OKTA-633585

    The on-demand auto-update banners for the Active Directory agent displayed updates in a random order.

  • OKTA-634923

    Users weren't present in the import queue after being unassigned from an app.

  • OKTA-635579

    When a super admin went to the Groups Admin Roles tab, the Edit group assignments button was mislabeled.

  • OKTA-636652

    The Administrators page wasn’t translated to Japanese.

Applications

Application Update

  • Group push and group import is now available for the Smartsheet SCIM integration.

New Integrations

New SCIM Integration applications

The following partner-built provisioning integration apps are now Generally Available in the OIN Catalog as partner-built:

SAML for the following Okta Verified applications:

OIDC for the following Okta Verified applications:

Fixes

  • OKTA-621214

    Long custom label text was sometimes truncated on the Sign-In Widget during enrollment.

  • OKTA-621253

    Email Change Confirmed Notification messages weren't sent if the audience was set to Admin only.

  • OKTA-627175

    Some tasks displayed a greater-than sign (>) instead of the date.

  • OKTA-630368

    RADIUS logs showed multiple, repetitious Invalid cookie header warning messages.

  • OKTA-634010

    Users who were locked out of Okta but not Active Directory could receive Okta Verify push prompts and sign in to Okta.

  • OKTA-637641

    Some users received a Bad Request error when they signed in with Okta FastPass.

  • OKTA-639427

    When admins added a new user in Preview orgs, the Realm attribute appeared on the dialog.

Applications

New API Service Integration applications:

OIDC for the following Okta Verified applications:

July 2023

2023.07.0: Monthly Production release began deployment on July 17

* Features may not be available in all Okta Product SKUs.

Content

Generally Available Features

Sign-In Widget, version 7.8.0

For details about this release, see the Sign-In Widget Release Notes.

For more information about the Widget, see the Okta Sign-In Widget Guide.

Okta LDAP agent, version 5.17.0

This version of the agent contains:

  • Migration of the Windows installer from Internet Explorer to Edge
  • The service OktaLDAPAgent stop command now correctly terminates agents installed on Red Hat and CentOS platforms
  • Security enhancements

See Okta LDAP Agent version history.

System Log time zone formats updated

In the System Log, the time zone dropdown menu now provides additional information about each available time zone. See System Log.

App Password Health report uses browser time zone

On the App Password Health report, last-reset request dates and times are now based on the browser’s time zone settings. See App Password Health report.

Okta-generated client secret length increase

The length of Okta-generated client secrets is increased from 40 to 64 characters.

Updated Okta logo

A branding update to the Okta groups logo is now available in the Admin Console.

RADIUS sign-in error prevention

For orgs that upgraded from Classic Engine, if the Okta Verify authenticator is configured with number challenge, the challenge may be presented unexpectedly to RADIUS users. This can prevent users from using RADIUS with Okta Verify because RADIUS doesn't support the number challenge today. For upgraded orgs, a new feature is enabled that prevents any such errors. See RADIUS applications in Okta.

New authenticator management functionality

Okta now enables you to manage which authenticators are allowed in your org for new enrollments, authentication enrollment policies, and user verification. You can view a list of all Okta-recognized authenticators, create authenticator groups, and use them in policies. This allows admins to have greater control over which authenticators may be used in their orgs and determine which users may access them in a granular way. See Configure the FIDO2 (WebAuthn) authenticator.

Google Authenticator available for account recovery

Admins may now allow their users to initiate account recovery scenarios with Google Authenticator, Email, Phone, or Okta Verify. Increasing the number of options available for recovery enhances the user experience. See Configure the Password authenticator.

Early Access Features

Desktop MFA

Desktop MFA allows you to secure users' desktops with MFA. With this solution, you can customize the sign-in flow so that users are prompted for MFA methods after they enter a Windows password. See Desktop MFA for Windows.

IdP permissions for custom admin roles

Admins can now leverage new Identity Provider management permissions when creating custom admin roles. These permissions allow more precise access control and reinforce the principle of least privilege. See About role permissions.

Redesigned admin role pages

The Create a role and Edit role pages for custom admin-role configuration now provide a simpler, more intuitive user experience. See Create a role.

Admin Console Japanese translation

When you set your display language to Japanese, the Admin Console is now translated. See Supported display languages.

IME support for international characters

Admins can now use an Input Method Editor (IME) to type international characters into the Admin Console.

Front-channel Single Logout

Front-channel Single Logout (SLO) allows a user to sign out of an SLO-participating app on their device and end their Okta session. Okta then automatically sends a sign-out request to all other participating apps that the user accessed during their session. See Configure Single Logout in app integrations.

Fixes

  • OKTA-556787

    During step-up verification, multiple indistinguishable enrollments for the smart card authenticator were displayed. Now only one smart card authenticator enrollment is displayed.

  • OKTA-602939

    The Admin role assignments report email wasn’t translated.

  • OKTA-615453

    Some text strings were incorrect on the End-User Dashboard layout page.

  • OKTA-623542

    The link to the Access Policy Simulation help topic on the Features page was incorrect.

Applications

Application Updates

  • The Rybbon app integration has been rebranded as BHN Rewards.

New Integrations

New SCIM Integration applications

The following partner-built provisioning integration apps are now Generally Available in the OIN:

  • Apono: For configuration information, see Okta SCIM.

SAML for the following Okta Verified applications

App Integration Fixes

The following SWA app was not working correctly and is now fixed:

  • BlueHost (OKTA-620224)

Weekly Updates

Fixes

  • OKTA-457661

    Testing the Agentless Desktop Single Sign-on configuration with an active Okta session failed with an error.

  • OKTA-599540

    HTTP replies to SP-initated SAML requests contained two session IDs, which sometimes caused user sessions to expire unexpectedly.

  • OKTA-605041

    An unclear error message appeared when an admin created a role or resource set with a long name.

  • OKTA-606195

    Some users couldn't access Okta on a shared workstation until they cleared cookies from the browser.

  • OKTA-606938

    Log streaming apps were incorrectly included in the number of assigned apps shown for the default policy on the Authentication policies page.

  • OKTA-612727

    The Admin Dashboard Tasks table displayed an incorrect amount of provisioning capable apps.

  • OKTA-612875

    After managerId was removed from the Salesforce schema in Okta, it couldn't be added again.

  • OKTA-613076

    In the Sign On tab of Office 365, the Okta MFA from Azure AD option appeared disabled. When the option was switched to edit mode, it was enabled.

  • OKTA-613162

    Admin couldn't manually create a new user with a password when password was configured as an optional authenticator.

  • OKTA-613394

    Users couldn't sign in with a PIV in an Org2Org flow.

  • OKTA-615345

    Some admins couldn't view the password for SWA applications that were assigned a common username and password.

  • OKTA-615407

    For custom SAML apps, the last-selected authenticator wasn't saved and reused for subsequent admin sign-in events.

  • OKTA-615441

    Some users couldn't sign in with Agentless Desktop Single Sign-on because routing rules were re-evaluated during the sign-on process.

  • OKTA-615457

    The Edit resources to a standard role page didn’t display apps that had the same name.

  • OKTA-617528

    The auto-update schedules for the Active Directory and LDAP agents were incorrectly shown as up-to-date, even when a new version was released.

  • OKTA-617817

    Admins were sometimes unable to access the Admin Console from a custom domain.

  • OKTA-618825

    The Okta-hosted Sign-In Widget displayed the wrong error message to users who were locked out.

  • OKTA-619704

    Newly provisioned users who signed in with a PIV prior to setting a password couldn't set a password later without admin intervention.

  • OKTA-620153

    ACS URL validation failed for orgs that used SAML SSO with Okta-to-Okta IdP configurations and had subdomain names that weren't all lowercase characters.

  • OKTA-620651

    Validation messages that appeared during a self-service upgrade to Identity Engine incorrectly stated that a configuration change was required.

  • OKTA-622541

    In the Self-Service Unlock when Account is not Locked email template, the base URL variable wasn’t replaced with the Okta tenant URL.

  • OKTA-626022

    Some Active Directory agents that had previously failed to auto-update were incorrectly marked as Queued for update, despite being updated to the latest version.

  • OKTA-627415

    On the Features page, the link to access the LDAP Agent Auto-update documentation was broken.

  • OKTA-628522

    RADIUS agent libraries contained internal security issues. Fixes require upgrading to agent version 2.19.0 and using Microsoft Edge as the browser.

Applications

Application Update

  • The OpenPath app integration has been rebranded as Avigilon Alta.

New Integrations

New SCIM Integration applications

The following partner-built provisioning integration apps are now Generally Available in the OIN Catalog:

SAML for the following Okta Verified applications

OIDC for the following Okta Verified applications

Generally Available

Sign-In Widget, version 7.8.2

For details about this release, see the Sign-In Widget Release Notes.

For more information about the Widget, see the Sign-In Widget Guide.

Fixes

  • OKTA-604448

    Some text on the Groups page wasn't translated.

  • OKTA-613162

    Admin couldn't manually create a user with password when password was configured as an optional authenticator.

  • OKTA-618825

    The Okta-hosted Sign-In Widget displayed the wrong error message to users who were locked out.

  • OKTA-620583

    On the Add Resource dialog, the list of search results was misaligned.

  • OKTA-620873

    Admins couldn't upload PEM-formatted certificates containing encrypted private keys for RADIUS apps.

  • OKTA-622783

    The initial expiresIn date for the Salesforce authentication token wasn't set from the API.

  • OKTA-626593

    Admins couldn’t access the Create new resource set page directly from a URL.

  • OKTA-631303

    Admins couldn't access the Administrator assignment by role page. This occurred when a public client app with a custom client ID was assigned a standard admin role.

Applications

New Integrations

SAML for the following Okta Verified applications:

OIDC for the following Okta Verified applications:

App Integration Fixes

The following SWA apps were not working correctly and are now fixed:

  • E-OSCAR (OKTA-624390)

  • UPS (OKTA-625886)

  • UPS CampusShip (OKTA-624286)

June 2023

2023.06.0: Monthly Production release began deployment on June 20

* Features may not be available in all Okta Product SKUs.

Content

Generally Available Features

Okta Provisioning agent, version 2.0.15

This release of the Okta Provisioning agent contains vulnerability fixes. See Okta Provisioning agent and SDK version history.

Multibrand customizations

Multibrand customizations allow customers to use one org to manage multiple brands and multiple custom domains. This drastically simplifies multi-tenant architectures where customers create multiple orgs to satisfy branding requirements. Multibrand customizations allow orgs to create up to three custom domains (more upon request), which can be mapped to multiple sign-in pages, multiple sets of emails, error pages, and multiple versions of the End-User Dashboard. See Branding.

Device assurance remediation instructions in the sign-in widget

When users try to access Okta-protected resources from devices that don’t meet device assurance policies, access is denied. To help users troubleshoot, you can now enable remediation messages in the Sign-In Widget. This helps users learn why they can’t access an app and how to fix the problem. The messages also include links to more troubleshooting instructions. See Add user help for device assurance.

Smart Card IdP with Agentless DSSO

Okta can now be configured to allow users to use Agentless DSSO without being prompted when Smart Card IdP is configured.

Facebook at Work integration enhancement

Facebook at Work uses the Okta Expression Language to map the manager attribute. This allows admins to adjust how the manager attribute is stored in the user profile so they can choose between an id field or a name.

Transactional verification with CIBA

Organizations are constantly looking for ways to offer a frictionless user experience without compromising security. It becomes even more challenging when the users try to perform sensitive transactions. Okta uses Client-initiated Backchannel Authentication (CIBA) to provide customers with a simple and secure transaction verification solution.

CIBA extends OIDC to define a decoupled flow where the authentication or transaction flow is initiated on one device and verified on another. The device in which the transaction is initiated by the OIDC application is called the consumption device and the device where the user verifies the transaction is called the authentication device. See Create OIDC app integrations.

Flexible deny enrollment options for SSO and recovery scenarios

Admins now have the option to deny enrollment to any authenticator for both SSO and recovery scenarios. Previously, admins could only deny authenticator enrollment to users signing in with SSO. This enhancement gives granular control to admins when configuring authenticator enrollment policies for either scenario. See Configure an authenticator enrollment policy rule.

Enhancement to the Remember Last-Used Factor feature

On the Sign-In Widget, if a user clicks Verify with something else and then selects a new authentication method, the Remember Last-Used Factor feature no longer retains the user's previously selected factor. This helps streamline the sign-in and authentication flow.

Device probing enhancement

You can now collect device signals from every authentication with Okta FastPass. By collecting fresh device signals, you enhance the overall security of your org. Note that users might receive additional verification prompts. See About MFA authenticators.

New System Log events for Workflows subfolders

The System Log now displays the following subfolders events for Okta Workflows:

  • workflows.user.folder.create

  • workflows.user.folder.rename

  • workflows.user.folder.export

  • workflows.user.folder.import

  • workflows.user.table.schema.import

  • workflows.user.table.schema.export

New event for hooks

The user.authentication.sso event is now eligible for use in event hooks.

Enhanced reports value selection

The following reports provide improved selectors for Users, Groups, and Apps in the filters configuration:

  • Telephony Usage
  • User App Access
  • Group Membership
  • User Accounts
  • Past Access Requests
  • Past Campaign Summary
  • Past Campaign Details
  • MFA Enrollment by User

Universal Directory attribute and enum limits

Universal Directory now has limits to the number of attributes per org and the number of enums that can be defined for a single attribute.

Smart Card authenticator available for more orgs

Smart Card authenticator is now available for orgs using Customer Identity Cloud with MFA or Adaptive MFA.

Early Access Features

Phishing-resistant authentication with Okta FastPass on unmanaged iOS devices

While Okta FastPass can protect users against phishing attacks in most cases, it can’t secure authentication on unmanaged iOS devices. To close this gap, Okta is rolling out phishing resistance for Okta FastPass on unmanaged iOS devices. With this change, users who authenticate with Okta FastPass on their personal or unmanaged iOS devices are protected from phishing attacks. See About MFA authenticators.

This feature requires Okta Verify version 8.2.1.

Fixes

  • OKTA-508715

    The System Log recorded events for inactive Okta FastPass users.

  • OKTA-516348

    Clicking the help link on the Sign-In Widget opened the URL in the same tab.

  • OKTA-520205

    Apple product names were used in place of platform names in the Admin Console.

  • OKTA-543277

    Admins couldn't change the labels of base attributes in profile enrollment policies.

  • OKTA-558186

    Pushing new users to the Genesys app with the Sync Password option disabled failed with a bad request error message.

  • OKTA-588559

    The max_age=0 property wasn't treated the same as prompt=login for OAuth 2.0 /authorize requests.

  • OKTA-592400

    Invalid attributes in the UISchema prevented admins from adding attributes to the default profile enrollment policy.

  • OKTA-597490

    Searches in the LDAP interface didn't return results for a deactivated user when the common name (cn) value was combined with other filters.

  • OKTA-600091

    The email change notification triggered from the Admin Dashboard sometimes displayed an Okta subdomain instead of the org's custom domain.

  • OKTA-603669

    The network zone fields on the Add Rule and Edit Rule pages for authentication and global session policies didn't display special characters correctly.

  • OKTA-607434

    Unhelpful error messages appeared when the NameIdPolicy was unspecified in SAML client requests that required signed requests.

  • OKTA-611709

    On the Administrators page, the Resource set, Role, and Admin icon labels weren’t translated.

  • OKTA-615063

    After upgrading to Identity Engine, orgs with Okta Verify enrollments encountered an error when they added an active Custom Push Authenticator.

  • OKTA-615404

    When an admin searched for a group with more than 1000 members, the Top results tab displayed 1001 instead of 1000+.

  • OKTA-615412

    The Identity Provider (IdP) AMR claims mapping feature ignored the IdP admin configuration for trusting AMR claims.

  • OKTA-616169

    When the Assign admin roles to public client app feature was enabled, admins couldn’t assign roles to groups.

Applications

New Integrations

New SCIM Integration applications

The following partner-built provisioning integration app is now Generally Available in the OIN:

SAML for the following Okta Verified applications

OIDC for the following Okta Verified application

Weekly Updates

Generally Available

Sign-In Widget, version 7.7.2

For details about this release, see the Sign-In Widget Release Notes.

For more information about the Widget, see the Sign-In Widget Guide.

Fixes

  • OKTA-549617

    The Application Usage report didn't include SSO events for RADIUS-enabled apps.

  • OKTA-551193

    Some users encountered a server error during inbound SAML authentication.

  • OKTA-557618

    Some end users encountered a server error when completing an Okta Verify challenge.

  • OKTA-570405

    User activation email templates for Okta trial orgs didn't have a current legal disclaimer in the footer.

  • OKTA-596780

    When a user's OIDC IdP authentication factor enrollment failed, no System Log event was recorded.

  • OKTA-599156

    In some orgs, the access denied error message didn’t display custom URLs correctly.

  • OKTA-605001

    Admins could edit profile attributes that they didn't have permission to edit, which caused errors.

  • OKTA-605968

    Some orgs couldn't change the default email template variant for a custom brand.

  • OKTA-607193

    HealthInsight didn’t include admins with custom roles when it evaluated the percentage of admins with super admin privileges.

  • OKTA-610007

    Customers that used the Zoom Identity Attestation feature without API Access Management enabled couldn't complete the sign-in flow.

  • OKTA-614168

    The YubiKey report incorrectly showed that a revoked key was last used instead of the current key.

  • OKTA-616067

    Users could access the End-User Dashboard after Okta Verify enrollment even though the Global Session Policy disallowed access.

  • OKTA-618295

    The Smart Card authenticator was incorrectly named the Smart Card IdP.

  • OKTA-618732

    The SMS authentication factor couldn't always be set up for Australian phone numbers.

Applications

New Integrations

New SCIM Integration applications

The following partner-built provisioning integration apps are now Generally Available in the OIN Catalog:

OIDC for the following Okta Verified applications

Fixes

  • OKTA-564847

    Sign-out errors sometimes appeared as raw JSON text rather than triggering an Okta error page.

  • OKTA-579735

    When a user account was unenrolled in Okta Verify, the linked device remained active.

  • OKTA-581496

    Some apps that had provisioning enabled appeared on the Provisioning Capable Apps reports.

  • OKTA-588414

    Users who were removed from an Okta group using an API call were added back to the group because of the group rules.

  • OKTA-588559

    The max_age=0 property wasn't treated the same as prompt=login for OAuth 2.0 /authorize requests.

  • OKTA-602343

    The System Log didn't display client details for user_claim_evaluation_failure events if a token inline hook was enabled.

  • OKTA-602566

    Apps using a custom identity source displayed user and group assignments in the General tab.

  • OKTA-603563

    Custom authenticator allowed multiple enrollments on the same device for the same user.

  • OKTA-604491

    Users were sometimes unable to display authorization server access policies in the Admin Console.

  • OKTA-612193

    The System Log for Okta FastPass didn't include authNRequestId.

  • OKTA-613164

    Some admins could access IdP configuration editing pages without sufficient permissions.

  • OKTA-617952

    When the Redesigned Resource Editor feature was enabled, super admins couldn’t preview the resource set assignments for the access requests and access certifications admin roles.

  • OKTA-619651

    My Okta didn’t load when the Enable Sync Account Information setting wasn’t selected.

  • OKTA-621542

    For SAML IdP configurations, searches for a user group to assign to the app sometimes failed to stop.

  • OKTA-627295

    NetSuite couldn't be provisioned to new users.

Applications

Application Updates

The following SCIM integrations now support group push:

  • Rootly

  • Zerotek

New Integrations

New SCIM Integration applications

The following partner-built provisioning integration apps are now Generally Available in the OIN Catalog:

SAML for the following Okta Verified applications

OIDC for the following Okta Verified applications

App Integration Fixes

The following SWA apps weren't working correctly and are now fixed:

  • Bill.com (OKTA-617155)

  • Chatwork (OKTA-612555)

  • CrowdStrike Falcon (OKTA-606550)

  • EmblemHealth (OKTA-616627)

  • HelloSign (OKTA-606499)

  • MYOB Essentials (OKTA-611408)

  • NearMap.com (OKTA-619941)

The following SAML app wasn't working correctly and is now fixed:

  • ManageEngine (OKTA-571050)