Okta Classic Engine release notes (Production)

Version: 2026.05.0

Workday entitlement management

Admins can now manage entitlements for Workday app instances on Okta. This feature allows for the discovery and governance of user-based security groups to enable automated access requests and certifications.

Report exports

You can now choose between CSV and GZIP export formats when generating the following reports:

• Okta usage
• Application usage
• MFA usage

Add access request condition descriptions

You can now add descriptions to access request conditions for apps, collections, and Okta admin role bundles. These descriptions appear alongside the condition's name on the Access Requests tab, making it easier for you to understand the specific purpose of each condition. See Create access request conditions.

System Log event for unconfigured identifiers

When JIT is enabled for Active Directory and a user authenticates with an unconfigured identifier, the event now appears in the System Log.

System Log event for DirSync imports

When Active Directory agent compatibility is verified for DirSync-based imports, the event now appears in the System Log.

Network zone residential proxy detection

This feature adds new zones associated with Enhanced Dynamic Network Zones beyond anonymous proxies and VPNs. Customers can use service categories such as ZSCALER_PROXY, PERIMETER_81, and more. See Supported IP service categories.

• After deactivating an AD Agent, an incorrect format of the version for the agent was displayed. (OKTA-1117122)

• The Sign-In Widget displayed an error after users completed a self-service password reset when the app authentication policy had the Keep Me Signed In prompt enabled. (OKTA-1152243)

• AMR claim updates weren't applied to the Salesforce (Federated ID) app integration. (OKTA-1164030)

• On the Administrator assignment by role page, the Preview role pane displayed "L10N_ERROR[okta.apps.clientCredentials.read.name.code]" instead of the View client credentials permission. (OKTA-1166616)

• Manual remediation was required when reviewers revoked a user’s access to Active Directory-source groups in a campaign. (OKTA-1167090)

• TOPdesk Operator by FuseLogic (SCIM) was updated.

• Magnite Streamr (OIDC) is now available. Learn more.

• Matik (Basic Auth) was updated.

• Console (OIDC) has a new app description.

• Sastrufy has a new app name and a new configuration guide.

• WideField Security - Detect and Remediate (API integration) is now available. Learn more.

• Console (API Service) has a new icon and description.

• Yunu (OIDC) is now available. Learn more.

• YipitData Agent (OIDC) is now available. Learn more.

• Software Analytics (OIDC) has a new app name (Antenna), icon, description, new Redirect URIs, and integration guide. Learn more.

• Ternary (OIDC) is now available. Learn more.

• Syndio (OIDC) is now available. Learn more.

• Form (OIDC) is now available. Learn more.

• Truepic Vision (OIDC) is now available. Learn more.

• Tandem Health (OIDC) is now available. Learn more.

• CJ Affiliate (OIDC) is now available. Learn more.

• Asset Integrity for Pipelines (OIDC) is now available. Learn more.

• Metlife MyBenefits (SWA) was updated.

• Conduit Security (OIDC) is now available. Learn more.

• Harmony (SCIM) is now available. Learn more.

• Harmony (SAML) is now available. Learn more.

• LinkedIn Sales Navigator (SCIM) is now available. Learn more.

• Haystack (SCIM) is now available. Learn more.

• Suger (OIDC) has a new Redirect URI.

• ThoughtSpot (OIDC) is now available. See Create ThoughtSpot OIDC integration.

• Matik (SCIM) is now available. Learn more.

• Matik (SAML) is now available. Learn more.

• JumpCloud (OIDC) is now available. See JumpCloud.

• TOPdesk Operator by FuseLogic (Entitlements Management) is now available. Learn more.

• When a refresh token failure or revocation event was logged in the System Log, an incomplete version of the refresh token hash appeared in the event's target.detailEntry. (OKTA-1145851)

• The List all profile mappings API sometimes returned an error if the request didn't include the sourceId or targetID parameters. (OKTA-1153229)

• In the Admin Console, status site links for some cells pointed to an incorrect status page. (OKTA-1158204)

• The Manage Event Hooks permission didn't allow an admin or service app to create an event hook. (OKTA-1162004)

• The debugContext.isSelfInitiated field was missing from System Log entries for user.account.update_password events. (OKTA-1166403)

• When an authentication error occurred, the Sign-In Widget displayed an SQL error message instead of a helpful one. (OKTA-1168939)

• When an admin viewed the Preview pane for Custom Admin Roles, some labels for identity permissions were displayed incorrectly. (OKTA-1168945)

• Augment Code (OIDC) was updated.

• Harmony SASE (SAML) has a new icon, display name, and description. Learn more.

• Redblock AI (SAML) is now available. Learn more.

• Dokio (SCIM) has a new API and configuration guide.

• Common Room (SCIM) now supports Group Push.

• Rubrik Security Cloud now supports the following scopes:

  • okta.authorizationServers.manage
  • okta.authorizationServers.read
  • okta.idps.manage
  • okta.idps.read
  • okta.networkZones.manage
  • okta.networkZones.read

• Check Point SASE (SCIM) has been updated with new regions.

• Stripe has a new configuration guide. Learn more.

• Stripe (SCIM) is now available. Learn more.

• Butterfly Security (OIDC) is now available. Learn more.

• Butterfly Security (SCIM) is now available. Learn more.

• Wrike (SCIM) now supports Group Push.

• Scribble Maps (SCIM) is now available. Learn more.

• Scribble Maps (OIDC) is now available. Learn more.

• Scribble Maps (SAML) is now available. Learn more.

• Cimento AI (SCIM) is now available. Learn more.

• Cimento AI (SAML) is now available. Learn more.