Generally Available Features

New Features

Email notifications for Factor Enrollment and Factor Reset Admins can enable two new settings for email notifications that are sent to end users. When enabled, end users will receive an email confirmation if the end user or an admin enrolls in a new factor or resets an existing factor for their account. For more information on end user email notifications, see General Security.

Automatically send an email to locked-out end users You can automatically send your users an email if their account becomes locked due to too many failed sign-in attempts. You can insert a link in the email to let users unlock their account. For details, see Configure lockout settings.

Group Push enhancements Group Push now supports the ability to link to existing groups in the following application integrations: Slack

Dropbox for Business

ServiceNow UD You can centrally manage these apps in Okta. For details, see About Group Push.

Extended Client Access policy capability for apps When you create App Sign on Policy rules, you can now specify platform types with greater granularity. For details, see Add Sign On policies for applications.

Additional Custom Attributes for DocuSign integration Our DocuSign integration is enhanced by adding support several new custom attributes. Okta imports these attributes that you can then map as additional custom properties. For details, see the DocuSign Provisioning Guide.

System Log save and reuse searches After performing a System Log search, a Save button now appears next to the query. Click Save and you are prompted to name your search. Once saved, your named search appears on the main Reports page. You can reuse your saved search, modify it, or delete it. Note that saved searches can only be seen by the user who created them. A maximum of 20 searches can be saved at any time.

LDAP Interface, query performance improvement LDAP Interface queries will no longer return the memberOf attribute unless requested specifically, or when all operational attributes are queried using “+”. This change brings performance improvement to searches that did not require this attribute. Improvements were also made to return additional operational attributes that were part of LDAP core schema. This list includes hasSubordinates, structuralObjectClass, entryDN, subschemaSubentry, and numSubordinates. Note that numSubordinates is not calculated for users and groups containers. For details, see Connecting to Okta using the LDAP Interface.

XFF Evaluation for Dynamic Zones and Behavior Detection As part of Dynamic Zone and Behavior Detection evaluation, the client IP is now validated using the trusted proxies that have been configured for that org. In the admin System Log, this IP appears as the Client IP. For more information, see Dynamic Zone Evaluation.

New Windows Device Trust Registration Task, version 1.3.0 This release includes the following: Improved support for organizations that route internet traffic through a proxy server.

Fixes an issue in which some Device Trust System Log events reported the Windows operating system version inaccurately on Windows desktops running Windows 8.1 or higher. For version history, see Device Trust for Windows Desktop Registration Task Version History.

Support for Vietnamese language Support for the Vietnamese language for the end user experience is now available to all customers. You can select the default language preference for your entire org, and your end users can select a different language preference for their own experience. For more information, see Configure the Display Language.

JIRA On-Prem Authenticator, version 3.0.7 This release includes enhanced SP-initiated SAML flow and support for spUsers and spGroups to handle JIRA only users. For version history, see JIRA Authenticator Version History.

Okta Browser Plug-in, version 5.25.0 Okta Browser Plug-in has been updated to version 5.25.0 for Chrome, Edge, Firefox, and Internet Explorer. This version contains security enhancements in addition to enhanced end user settings. For version history, see Okta Plug-in Version History. (Version history/browser ver history).

Enforce Device Trust for managed Windows computers Okta Device Trust for Windows allows you to prevent unmanaged Windows computers from accessing enterprise services through browsers and native applications. For details, see Enforce Device Trust for managed Windows computers.

Generally Available Enhancements

EA Feature Manager To provide more information about self-serviceable EA Features, links to help or developer documentation are now available for select features in the EA Feature Manager. For details, see Manage Early Access features.

New device notification enhancement The setting for end users to receive a new device notification email when signing in to Okta from a new or unrecognized device is now enabled by default for all orgs. For more information about email notification settings, refer to New or Unknown Device Notification Emails.

Username passes to IdP when using identity-first IdP Discovery flow When using an identifier-first IdP discovery flow and the user is redirected to the Identity Provider, such as SAML, Google, Microsoft, or Generic OIDC, the username value is passed on to the Identity Provider so the user does not have to type it in again.

API Token size increased for OAuth We have increased the API token size when configuring OAuth 2.0 based authentication from 2 kB to 64 kB. For more information about OAuth, see OpenID Connect & OAuth 2.0 API.

Logos available for all Social Identity Providers All social identity providers have the default logos shown below:

LDAP Interface, increased page size The LDAP page size is increased from 200 to 1001, allowing LDAP clients to use a multiple page size of 1000. For details, see Connecting to Okta using the LDAP Interface.

Search range for group membership The Okta LDAP Interface previously limited membership searches to the first 200 users for a group. This restriction has been removed and the LDAP Interface will iterate through all pages before returning membership response back to the client. This applies to LDAP searches that query uniquemember and ismemberOf attributes. For details, see Connecting to Okta using the LDAP Interface.

Temporary Passwords for Pending Users Temporary passwords can now be created for users who are in the Pending user action state and cannot access their activation email. Creating a temporary password for a user in this way will activate the user and require them to change the password during their next successful sign-in attempt. For more information see Manage users.