diff --git a/packages/@okta/vuepress-site/.vuepress/public/img/icons/Feed-icon.svg b/packages/@okta/vuepress-site/.vuepress/public/img/icons/Feed-icon.svg new file mode 100644 index 00000000000..98dc7b20cb9 --- /dev/null +++ b/packages/@okta/vuepress-site/.vuepress/public/img/icons/Feed-icon.svg @@ -0,0 +1,18 @@ + + + + + + + + + + + + + + + + + + diff --git a/packages/@okta/vuepress-site/data/error-codes.json b/packages/@okta/vuepress-site/data/error-codes.json index 21ff268b40b..7bf7f9ffe4b 100644 --- a/packages/@okta/vuepress-site/data/error-codes.json +++ b/packages/@okta/vuepress-site/data/error-codes.json @@ -1,6 +1,6 @@ { - "release" : "2025.12.1", - "build" : "2025.12.1-begin-363-g0c38ff666b0f", + "release" : "2026.01.1", + "build" : "2026.01.1-begin-91-gb3781c3067c5", "errors" : [ { "title" : "API validation exception", "includesExceptionMessage" : true, @@ -1961,5 +1961,21 @@ "errorCode" : "E0000263", "errorSummary" : "Attempted to assign a duplicate standard role assignment to an admin", "errorDescription" : null + }, { + "title" : "Required active custom telephony provider credential for phone authenticator exception", + "includesExceptionMessage" : true, + "statusCode" : 400, + "statusReasonPhrase" : "Bad Request", + "errorCode" : "E0000264", + "errorSummary" : "You must have an active telephony inline hook or at least one active custom telephony provider credential to activate and use the Phone authenticator.", + "errorDescription" : null + }, { + "title" : "Device registration already in progress exception", + "includesExceptionMessage" : false, + "statusCode" : 409, + "statusReasonPhrase" : "Conflict", + "errorCode" : "E0000265", + "errorSummary" : "Device registration is already in progress for this device.", + "errorDescription" : null } ] } \ No newline at end of file diff --git a/packages/@okta/vuepress-site/data/event-types.json b/packages/@okta/vuepress-site/data/event-types.json index 6c29d284294..174890b57ed 100644 --- a/packages/@okta/vuepress-site/data/event-types.json +++ b/packages/@okta/vuepress-site/data/event-types.json @@ -1,6 +1,6 @@ { - "release" : "2026.01.0", - "build" : "2026.01.0-begin-151-gd582b8e92fbf", + "release" : "2026.01.1", + "build" : "2026.01.1-begin-91-gb3781c3067c5", "categories" : [ { "id" : "access-gateway", "name" : "Access Gateway" @@ -19183,7 +19183,7 @@ "schema" : { "debugData" : "UserAccessDebugData", "actor" : null, - "targets" : [ "UserAccessResourceDetails" ], + "targets" : [ "UserAccessResourceDetails", "BotProtectionConfigurationResourceDetails" ], "changeDetails" : [ ] } }, { @@ -19975,7 +19975,7 @@ "schema" : { "debugData" : "UserLifecycleDebugData", "actor" : null, - "targets" : [ "ResourceDetails" ], + "targets" : [ "BotProtectionConfigurationResourceDetails" ], "changeDetails" : [ ] } }, { @@ -20605,7 +20605,7 @@ "schema" : { "debugData" : "UserAuthenticationDebugData", "actor" : "UserAuthenticationResourceDetails", - "targets" : [ "UserAuthenticationResourceDetails", "CaptchaVerifyResourceDetails", "UserIdentifierResourceDetails" ], + "targets" : [ "UserAuthenticationResourceDetails", "CaptchaVerifyResourceDetails", "UserIdentifierResourceDetails", "BotProtectionConfigurationResourceDetails" ], "changeDetails" : [ ] } }, { @@ -48821,6 +48821,35 @@ } } }, + "BotProtectionConfigurationResourceDetails" : { + "name" : "BotProtectionConfigurationResourceDetails", + "properties" : { + "enforcement_type" : { + "type" : "String", + "sensitive" : false, + "personal" : false, + "customer" : false, + "format" : "enum", + "examples" : [ "OKTA_CHALLENGE" ] + }, + "mode_type" : { + "type" : "String", + "sensitive" : false, + "personal" : false, + "customer" : false, + "format" : "enum", + "examples" : [ "DISABLED", "LOG_ONLY", "ENFORCED" ] + }, + "level" : { + "type" : "String", + "sensitive" : false, + "personal" : false, + "customer" : false, + "format" : "enum", + "examples" : [ "LOW", "MEDIUM", "HIGH", "ANY" ] + } + } + }, "BrandResourceDetails" : { "name" : "BrandResourceDetails", "properties" : { @@ -52625,7 +52654,7 @@ "personal" : false, "customer" : false, "format" : "enum", - "examples" : [ "CAPTCHA" ] + "examples" : [ "OKTA_CHALLENGE" ] }, "mode" : { "type" : "String", diff --git a/packages/@okta/vuepress-site/data/oauth2-error-codes.json b/packages/@okta/vuepress-site/data/oauth2-error-codes.json index e54d702296c..ffac4801331 100644 --- a/packages/@okta/vuepress-site/data/oauth2-error-codes.json +++ b/packages/@okta/vuepress-site/data/oauth2-error-codes.json @@ -1,6 +1,6 @@ { - "release" : "2025.12.1", - "build" : "2025.12.1-begin-363-g0c38ff666b0f", + "release" : "2026.01.1", + "build" : "2026.01.1-begin-91-gb3781c3067c5", "errors" : [ { "title" : "Access denied", "statusCode" : 403, @@ -141,6 +141,13 @@ "internalErrorCode" : "access_denied_by_aerial", "errorCode" : "access_denied", "errorDescription" : "The Aerial service denied the request." + }, { + "title" : "Aerial admin access denied", + "statusCode" : 403, + "statusReasonPhrase" : "Forbidden", + "internalErrorCode" : "aerial_admin_access_denied", + "errorCode" : "access_denied", + "errorDescription" : "The authentication policy on your Aerial org must meet or exceed the authentication policy on the org you're accessing." }, { "title" : "Disallowed network zone", "statusCode" : 403, diff --git a/packages/@okta/vuepress-site/docs/concepts/policies/index.md b/packages/@okta/vuepress-site/docs/concepts/policies/index.md index cf6ba76d11b..c6369da80a9 100644 --- a/packages/@okta/vuepress-site/docs/concepts/policies/index.md +++ b/packages/@okta/vuepress-site/docs/concepts/policies/index.md @@ -201,6 +201,19 @@ Identity Threat Protection with Okta AI is an identity threat solution that comb * [Session violation enforcement policy](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/createPolicy) (`POST_AUTH_SESSION`): This policy defines the enforcement actions that Okta takes after it detects a session violation. For Admin Console tasks and further information, see [Session protection](https://help.okta.com/okta_help.htm?type=oie&id=csh-continuous-access-evaluation). +### Client update policies + +The client update policy allows admins to manage the delivery and acceptance of updates for specific client apps, such as Okta Verify. + +Use this policy to define rules that control how the end user gets updates across different device platforms. For example, you can define rules for the following use cases: + +* Enforce immediate updates to address critical security vulnerabilities +* Defer non-critical updates for a specified period to align with internal change management processes + +For details on the object model and configuring rules programmatically, see the [Policies API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/listPolicies). + +To learn more about implementing and managing this feature in the Admin Console, see [Release controls policy](https://help.okta.com/okta_help.htm?type=oie&id=ext-ov-release-controls). + ### API access policies An [OAuth Authorization Policy](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/AuthorizationServerPolicies/) manages authorization between clients and Okta. The access policy is specific to a particular client app. The rules it contains define particular token lifetimes for a given combination of grant type, user, and scope. diff --git a/packages/@okta/vuepress-site/docs/guides/index.md b/packages/@okta/vuepress-site/docs/guides/index.md index 2f197f098dc..607842d121b 100644 --- a/packages/@okta/vuepress-site/docs/guides/index.md +++ b/packages/@okta/vuepress-site/docs/guides/index.md @@ -71,6 +71,7 @@ guides: - mobile-idx-sdk-overview - multiple-identifiers - mobile-swift-configure-redirect + - native-to-web-sso - scim-provisioning-integration-overview - scim-provisioning-integration-prepare - scim-provisioning-integration-connect diff --git a/packages/@okta/vuepress-site/docs/guides/native-to-web-sso/index.md b/packages/@okta/vuepress-site/docs/guides/native-to-web-sso/index.md new file mode 100644 index 00000000000..1a130851844 --- /dev/null +++ b/packages/@okta/vuepress-site/docs/guides/native-to-web-sso/index.md @@ -0,0 +1,7 @@ +--- +title: Configure Native to Web SSO +excerpt: Learn what Native to Web SSO is and how to use it +layout: Guides +sections: + - main +--- \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/native-to-web-sso/main/index.md b/packages/@okta/vuepress-site/docs/guides/native-to-web-sso/main/index.md new file mode 100644 index 00000000000..7b0c1131bb4 --- /dev/null +++ b/packages/@okta/vuepress-site/docs/guides/native-to-web-sso/main/index.md @@ -0,0 +1,273 @@ +--- +title: Configure Native to Web SSO +excerpt: Learn what Native to Web SSO is and how to use it +layout: Guides +--- + + + +Learn what Native to Web SSO is, why it matters, and how it actually connects your OpenID Connect (OIDC) apps to your web-based services. + +--- + +#### Learning outcomes + +* Understand the native to web SSO flow. +* Set up your allowlist for token exchange. +* Manage your allowlist. + +#### What you need + +* [Okta Integrator Free Plan org](https://developer.okta.com/signup) +* An OIDC app that you want to use as the origin app. Okta supports web, SPA, and native OIDC apps. +* An OIDC or SAML app that you want to use as the target web app + +--- + +## Overview + +Native to Web SSO creates a seamless, unified authentication experience when a user transitions from an OIDC origin app (like a native app) to a web app (either OIDC or SAML). It’s a one-way trust from the origin app to the target. + +Native to Web SSO achieves this by exchanging a token with the `interclient_access` scope for a one-time token. This token is used to bootstrap an authentication into the target OIDC or SAML app using authentication information such as previous factor verifications from a session created when obtaining the original token. This eliminates repeated sign-in prompts and simplifies development by reducing authentication complexity. + +### Handle different assurance levels and remediation + +Sometimes the target web app has stricter security needs than the requesting app. For instance, the original app may have only required a username and password, but the target web app requires a second factor, like a one-time passcode (OTP). + +Okta handles that during the transition by prompting the user to satisfy the missing requirement. The user sees a single prompt for the complimentary factor (OTP), not a full authentication restart. + +### Common use cases + +* **Incorporating SaaS**: You have an app, and you want to seamlessly incorporate a third-party SaaS app into it. +* **The application dashboard**: Your app acts as an "application dashboard" with links to multiple web apps. +* **Modernization**: You’re going through a large modernization project. This pattern lets your legacy apps continue to operate unmodified while you update the new parts of the system. This is especially helpful when you want to move towards a modern native app and incorporate the legacy web (hybrid native/web) app. +* **Integration limitations**: It’s critical when you can’t modify the target app integration to accommodate a special connection. The target source code isn’t accessible, but it already supports federation. + +In all these cases, the Identity and Access Management (IAM) platform becomes the secure fabric that seamlessly weaves all of your apps together into one low-friction experience. + +## Native to Web SSO flow + +
+ + ![Sequence diagram that displays the interaction between the user, OIDC origin app, authorization server, and target web app for Native to Web SSO](/img/native-to-web-sso.png) + +
+ + + +The flow steps: + +1. The user signs in to an OpenID Connect (OIDC) origin app. +2. The app obtains tokens through a request to the `/token` endpoint. The request includes the `interclient_access` and `offline_access` (optional) scopes. +3. Okta checks that the app is an admin-configured trusted app that’s allowed to use this flow. Then, it creates a special backend-only session. This session tracks the user’s authentication level and security assurances, such as, "This user verified their identity with a strong factor on a trusted device." +4. Okta sends back the access token, the session-bound ID token, and a refresh token if `offline_access` was requested. +5. The user requests access to a resource from the target web app (client app). +6. The OIDC origin app now needs to launch the other app. It makes a request to [refresh the access token](/docs/guides/refresh-tokens/main/#use-a-refresh-token), if necessary. +7. Okta sends back the new tokens, and the refresh token (if requested). +8. The app then makes a request to the `/token` endpoint to exchange the access and ID tokens for a single-use `interclient_token`. This token is requested using the `requested_token_type` (`urn:okta:params:oauth:token-type:interclient_token`) and the Token Exchange grant type (`urn:ietf:params:oauth:grant-type:token-exchange`). +9. Okta validates the trust relationship and user assignment of the target web app, and returns the single-use `interclient_token` that’s bound to the assurance of the `id_token` and target app. This single-use token is the user’s ticket to the target web app. +10. The OIDC app launches the authorization server URI with intent for the target web app, securely passing the `interclient_token` to it. +11. The web app receives the token and sends it to Okta in an authentication request (`/authorize` or `/sso/saml`). +12. Okta validates the `interclient_token`, `audience`, target app ID, issuer, and so on. + + * **Look up context**: Okta looks up the associated backend session. + * **Loads the state**: Okta then reconstructs the user’s state. This tells Okta who the user is and what security assurances (MFA, Device Trust, and so on) were already satisfied when they signed in to the OIDC origin app. + * **Bootstraps the state token to the flow**: Rather than making the user start from a blank sign-in page, Okta uses this loaded context to bootstrap a new state token for the web app's policy evaluation. + +13. Okta checks if the user has satisfied all of the target web app’s policy requirements. If all checks pass, the user is immediately signed in, otherwise the user is prompted to satisfy all policy requirements. + + > **Note**: The user isn’t allowed to cancel and switch users. + +## Configure the app + +The OIDC origin app exchanges access and ID tokens for a single-use interclient token from the target web app. To do this, use the Token Exchange grant type in the exchange request. + +To update the app that you want to request single-use interclient tokens, use the [Replace an app](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Application/#tag/Application/operation/replaceApplication!path=4/settings/oauthClient&t=request) method. + +In the `oauthClient` object of your PUT request, add the `urn:ietf:params:oauth:grant-type:token-exchange` value to the `grant_types` array. + +**Request example** + +This example request is truncated for brevity. + +```JSON +{ + "oauthClient": { + . . . + "grant_types": [ + "authorization_code," + "urn:ietf:params:oauth:grant-type:token-exchange" + ], + . . . + } +} +``` + +## Configure the trust map + +Define a list of apps that are allowed to request the single-use interclient token on the target web app. This allowlist is a trust map between the origin app and the target web app. It ensures that the SSO flow only happens between apps that you explicitly trust. You can define up to five trusted apps per target web app. + +Okta checks this trusted relationship at two critical points in the flow: + +* **During authentication**: The OIDC origin app can only request the special `interclient_access` scope if it has a trust relationship set up. + +* **During token exchange**: When the OIDC origin app asks for the `interclient_token`, Okta explicitly checks to ensure that the app is on the target app's allowed list. If it's not there, the token exchange is denied. + +To create an allowlist of apps, use the [Create an allowed app mapping for a target app](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationInterclientTrustMappings/#tag/ApplicationInterclientTrustMappings/operation/createInterclientTrustMapping) method (`POST /api/v1/apps/{appId}/interclient-allowed-apps`). The `appID` is the target app’s ID. + +> **Note**: You can also use the [Admin Console](https://help.okta.com/okta_help.htm?type=oie&id=apps-native-to-web) to configure the trust mapping. + +In the body of the request, include the [app ID](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Application/#tag/Application/operation/listApplications!c=200&path=4/id&t=response) of the app that you want to add to the allowlist: + +```JSON +{ + "id": "{appId}" +} +``` + +**Response example** + +```JSON +{ + "id": "itm8vef5ul1nLwiJe0g7", + "orgId": "00o47ijbqfgnq5gj00g7", + "appInstanceId": "{targetwebappID}", + "trustedAppInstanceId": "{OIDCappID}", + "created": "2025-11-12T23:17:09.000Z", + "lastUpdated": "2025-11-12T23:17:09.000Z", + "lastUpdatedBy": "00u47ijy7sRLaeSdC0g7" +} +``` + +### Application Interclient Trust Mappings API + +See the following new [Application Interclient Trust Mappings API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationInterclientTrustMappings/) endpoints to perform other Native to Web SSO tasks: + +* To get a list of allowed apps for a target app, use the [List all allowed apps for a target app](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationInterclientTrustMappings/#tag/ApplicationInterclientTrustMappings/operation/listInterclientAllowedApplications) method (`GET https://{yourOktaDomain}/api/v1/apps/{appId}/interclient-allowed-apps`). The `appId` is the ID of the target web app (the one allowing the SSO). + +* To get a list of target apps that allow an app to SSO, use the [List all target apps for an allowed app](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationInterclientTrustMappings/#tag/ApplicationInterclientTrustMappings/operation/listInterclientTargetApplications) method (`GET https://{yourOktaDomain}/api/v1/apps/{appId}/interclient-target-apps`). The `appId` is the ID of the requesting OIDC origin app (the one allowed to request the SSO). + +* To delete a trust mapping, use the [Delete an interclient trust mapping](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationInterclientTrustMappings/#tag/ApplicationInterclientTrustMappings/operation/deleteInterclientTrustMapping) method. + +### Scopes + +There are two new OAuth 2.0 scopes available for the interclient endpoints: + +* `okta.apps.interclientTrust.manage`: Use to create a resource, manage a resource, or delete a resource +* `okta.apps.interclientTrust.read`: Use to read information about a resource + +## Flow specifics + +The following section outlines the requests required to perform Native to Web SSO. These example requests use a native app as the origin app. You can obtain a token with the `interclient_access` scope using your preferred [authentication method](/docs/guides/implement-grant-type/authcode/main/). The examples below use Resource Owner Password as the authentication flow for simplicity. + +### Request for initial tokens + +Before you can begin this flow, collect the required credentials from the user in a manner of your choosing. Then, make a single API call to the Okta authorization server `/token` endpoint. Your request should look something like the following example: + +```BASH +curl --request POST \ + --url https://{yourOktaDomain}/oauth2/v1/token \ + --header 'accept: application/json' \ + --header 'authorization: Basic MG9hYn...' \ + --header 'content-type: application/x-www-form-urlencoded' \ + --data 'grant_type=password + &client_id={client_id} + &username=testuser1%40example.com + &password=%7CmCovrlnU9oZU4qWGrhQSM%3Dyd + &scope=openid%20offline_access%20interclient_access' +``` + +Note the parameters that are passed: + +* `client_id`: Matches the client ID of the OIDC origin app. You can find it at the top of your app's **General** tab +* `scope`: Must be `openid`, `interclient_access`, and optionally `offline_access` +* `grant_type`: `password`, which indicates that you're using the Resource Owner Password grant type. +* `username`: The username of a user registered with Okta. +* `password`: The password of a user registered with Okta. + +> **Note**: For more information on these parameters, see the `/token` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/token). + +**Response example** + +If the credentials are valid, Okta responds with the required tokens. This example response is truncated for brevity. + +```JSON +{ + "token_type": "Bearer", + "expires_in": 3600, + "access_token": "eyJraWQiOiItbkk . . . aIRQ", + "scope": "openid offline_access interclient_access", + "refresh_token": "DnZ77s5coFFJsj7CBO5NJU_wlZs0SZ0euCeiKXrN8T4", + "id_token": "eyJraWQi . . . AHlwNmdw" +} +``` + +### Request to initialize Native to Web SSO + +When the user requests access to a resource from the target web app, the native app needs to launch a trusted target web app. It makes a request to refresh the access token, if necessary, and gets back refreshed tokens from Okta. Then, the OIDC origin app needs to exchange the tokens for a single-use interclient token. Your request should look something like this example. The tokens are truncated for brevity. + +**Request example** + +```BASH +curl --request POST + --url https://{yourOktaDomain}/oauth2/v1/token \ + --header 'content-type: application/x-www-form-urlencoded' \ + --header 'accept: application/json' \ + --data 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange + &client_id={client_id} + &actor_token=eyJra. . . tSXL-HCA + &actor_token_type=urn:ietf:params:oauth:token-type:access_token + &subject_token=eyJr. . .cbYGw + &subject_token_type=urn:ietf:params:oauth:token-type:id_token + &requested_token_type=urn:okta:params:oauth:token-type:interclient_token + &audience=urn:okta:apps:0oa8vcy7h1eyj7wLL0g7' +``` + +Note the parameters that are passed: + +* `client_id`: Matches the client ID of the OIDC origin app. You can find it at the top of your app's **General** tab +* `actor_token`: The value of the access token that you obtained in the last request +* `actor_token_type`: `urn:ietf:params:oauth:token-type:access_token` +* `subject_token`: A security token that represents the identity of the party on behalf of whom the request is being made, which is the value of the ID token that you obtained in the last request. +* `subject_token_type`: `urn:ietf:params:oauth:token-type:id_token` +* `requested_token_type`: The type of token that you’re requesting in exchange for the `actor_token` and `subject_token`. (`urn:okta:params:oauth:token-type:interclient_token`) +* `audience`: The target audience for the requested token bound to the target app using the IdP/Okta application/client ID (`urn:okta:apps:{target web app client_id}`) +* `grant_type`: `urn:ietf:params:oauth:grant-type:token-exchange` + +**Response example** + +This example response is truncated for brevity. + +```JSON +{ + "token_type": "N_A", + "expires_in": 300, + "access_token": "eyJraWQiOiJNTG. . .GubhhEsg", + "issued_token_type": "urn:okta:params:oauth:token-type:interclient_token" +} +``` diff --git a/packages/@okta/vuepress-site/docs/release-notes/2026-okta-access-gateway/index.md b/packages/@okta/vuepress-site/docs/release-notes/2026-okta-access-gateway/index.md new file mode 100644 index 00000000000..2d107a63b80 --- /dev/null +++ b/packages/@okta/vuepress-site/docs/release-notes/2026-okta-access-gateway/index.md @@ -0,0 +1,26 @@ +--- +title: Okta Access Gateway API release notes 2026 + +--- + +# Okta Access Gateway API release notes (2026) + + + RSS + Subscribe to RSS +

+ +Access Gateway is available for both Okta Classic Engine and Okta Identity Engine. + +## January + +### Monthly release 2026.01.0 + + +| Change | Expected in Preview Orgs | +|--------|--------------------------| +| [Developer documentation update in 2026.01.0](#developer-documentation-update-in-2026-01-0) | January 7, 2026 | + +#### Developer documentation update in 2026.01.0 + +The Okta API release notes now provide an RSS feed for each API release note category: [Classic Engine](/docs/release-notes/2026/), [Identity Engine](/docs/release-notes/2026-okta-identity-engine/), [Identity Governance](/docs/release-notes/2026-okta-identity-governance/), [Privileged Access](/docs/release-notes/2026-okta-privileged-access/), [Access Gateway](/docs/release-notes/2026-okta-access-gateway/), and [Aerial](/docs/release-notes/2026-okta-aerial/). Click the RSS icon to subscribe. diff --git a/packages/@okta/vuepress-site/docs/release-notes/2026-okta-aerial/index.md b/packages/@okta/vuepress-site/docs/release-notes/2026-okta-aerial/index.md new file mode 100644 index 00000000000..8081bb9e7ac --- /dev/null +++ b/packages/@okta/vuepress-site/docs/release-notes/2026-okta-aerial/index.md @@ -0,0 +1,18 @@ +--- +title: Okta Aerial API release notes 2026 +--- + +# Okta Aerial API release notes (2026) + + + RSS + Subscribe to RSS +

+ +These release notes list customer-visible changes to the Okta Aerial API. Okta Aerial aligns with the Okta Classic Engine and Okta Identity Engine release, but updates to the Aerial service deploy from outside their release dates. + +* The Aerial services preview date represents expected updates to the preview environment (`https://aerial-sandbox.okta.com`). + +* The Aerial services production date represents expected updates to the production environment (`https://aerial-apac.okta.com`). + +See also [Introduction to the Okta Aerial API](https://developer.okta.com/docs/api/openapi/aerial/guides/overview/). diff --git a/packages/@okta/vuepress-site/docs/release-notes/2026-okta-identity-engine/index.md b/packages/@okta/vuepress-site/docs/release-notes/2026-okta-identity-engine/index.md new file mode 100644 index 00000000000..c703ddf9abc --- /dev/null +++ b/packages/@okta/vuepress-site/docs/release-notes/2026-okta-identity-engine/index.md @@ -0,0 +1,108 @@ +--- +title: Okta Identity Engine API release notes 2026 +--- + + + +# Okta Identity Engine API release notes (2026) + + + RSS + Subscribe to RSS + + +## January + +### Monthly release 2026.01.0 + + +| Change | Expected in Preview Orgs | +|--------|--------------------------| +| [Native to Web SSO is self-service EA in Preview](#native-to-web-sso-is-self-service-ea-in-preview) | January 7, 2026 | +| [Bring your own telephony credentials is self-service EA in Preview](#bring-your-own-telephony-credentials-is-self-service-ea-in-preview) | January 7, 2026 | +| [Client update policy is EA in Preview](#client-update-policy-is-ea-in-preview) | January 7, 2026 | +| [Encryption of ID tokens and access tokens is GA in Production](#encryption-of-id-tokens-and-access-tokens-is-ga-in-production) | August 7, 2025 | +| [Unified claims generation for custom apps is GA in Production](#unified-claims-generation-for-custom-apps-is-ga-in-production) | July 30, 2025 | +| [Custom FIDO2 AAGUID is GA in Preview](#custom-fido2-aaguid-is-ga-in-preview) | July 16, 2025 | +| [Improvements to the global session policy MFA requirements is GA in Production](#improvements-to-the-global-session-policy-mfa-requirements-is-ga-in-production) | December 10, 2025 | +| [Additional Anything-as-a-Source API endpoints is GA in Production](#additional-anything-as-a-source-api-endpoints-is-ga-in-production) | December 10, 2025 | +| [Anything-as-a-Source for groups and group memberships API is GA in Production](#anything-as-a-source-for-groups-and-group-memberships-api-is-ga-in-production) | December 10, 2025 | +| [Okta account management policy protection for password expiry flows is GA in Production](#okta-account-management-policy-protection-for-password-expiry-flows-is-ga-in-production) | July 2, 2025 | +| [New password complexity property is GA in Preview](#new-password-complexity-property-is-ga-in-preview) | June 4, 2025 | +| [Developer documentation updates in 2026.01.0](#developer-documentation-updates-in-2026-01-0) | January 7, 2026 | +| [Bugs fixed in 2026.01.0](#bugs-fixed-in-2026-01-0)| January 7, 2026 | + +#### Native to Web SSO is self-service EA in Preview + +Native to Web SSO creates a seamless, unified authentication experience when a user transitions from an OIDC app (like a native or web app) to a web app (either OIDC or SAML). This feature uses standard, web-based federation protocols like SAML and OpenID Connect that help bridge the gap between two different application environments, using a single-use, one-way interclient trust SSO token. This eliminates repeating already provided sign-on assurances, and simplifies development by reducing authentication complexity. + +#### Bring your own telephony credentials is self-service EA in Preview + +You can now connect your own telephony provider using a new simplified setup that doesn’t require you to use a telephony inline hook. You can handle usage billing directly with your provider. Okta currently supports Twilio and Telesign. + +To configure your own telephony credentials, you can use the [Custom Telephony Provider API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/CustomTelephonyProvider/) or you can use the [Admin Console](https://help.okta.com/okta_help.htm?type=oie&id=configure-telephony-providers). + + +#### Client update policy is EA in Preview + +The Policies API now supports the `CLIENT_POLICY` type, enabling you to enforce or defer app updates across different device platforms. This lets you programmatically align app versions with internal change management processes. See the [Policies API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/listPolicies) and [Release controls policy](https://help.okta.com/okta_help.htm?type=oie&id=ext-ov-release-controls). + +#### Encryption of ID tokens and access tokens is GA in Production + +You can now encrypt OIDC ID tokens for Okta-protected custom app integrations using JSON Web Encryption. You can also now encrypt access tokens minted by a custom authorization server. See [Key management](/docs/guides/key-management/main/). + +#### Unified claims generation for custom apps is GA in Production + +Unified claims generation is a new streamlined interface for managing claims (OIDC) and attribute statements (SAML) for Okta-protected custom app integrations. In addition to group and user profile claims, the following new claim types are available: `entitlements` (required OIG), `device.profile`, `session.id`, and `session.amr`. See [Okta Expression Language in Identity Engine](/docs/reference/okta-expression-language-in-identity-engine/). + + + +#### Custom FIDO2 AAGUID is GA in Preview + +You can now use the [Authenticators API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Authenticator/) to create, view, and update custom Authenticator Attestation Global Unique Identifiers (AAGUIDs). + +Admins can add non-FIDO Metadata Service (MDS) security keys and other authenticators and have more granular control over them. This extends FIDO2 (WebAuthn) authenticator support to a wider range of security keys and other authenticators, which gives admins greater flexibility and control over the security in their environment. + +#### Improvements to the global session policy MFA requirements is GA in Production + +The Policy API now correctly enforces MFA requirements for every sign-in attempt when **New Device** is included as a behavior and MFA is required in a global session policy. See the [Policy API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/createPolicyRule!path=3/actions/signon/factorPromptMode&t=request). + + + +#### Additional Anything-as-a-Source API endpoints is GA in Production + +Anything-as-a-Source (XaaS) capabilities allow customers to use a custom identity source with Okta. With XaaS, customers can source entities such as users into Okta Universal Directory by connecting a custom HR app or a custom database. This release offers Anything-as-a-Source APIs for both individual operations and bulk operations on groups, group memberships, and users. Okta now enables creating and updating users, creating and updating groups, and managing group memberships into Okta Universal Directory from any identity source using the Identity Source APIs. See [Identity Sources](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentitySource/). + + + +#### Anything-as-a-Source for groups and group memberships API is GA in Production + +Anything-as-a-Source (XaaS) capabilities allow customers to use a custom identity source with Okta. With XaaS, customers can source entities such as users into Okta Universal Directory by connecting a custom HR app or a custom database. This release offers XaaS capabilities with groups and group memberships, allowing customers to start sourcing groups with XaaS. Okta now enables creating and updating users, creating and updating groups, and managing group memberships into Okta Universal Directory from any identity source using the Identity Source APIs. See [Identity Sources](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentitySource/). + + + +#### Okta account management policy protection for password expiry flows is GA in Production + +This feature improves the security posture of customer orgs by protecting the password expiry flow with the Okta account management policy. Password expiry flows now require the assurance defined in an org's Okta account management policy. + +You can now use the [`metadata`](/docs/reference/okta-expression-language-in-identity-engine/#okta-account-management) component in an Expression Language condition for an Okta account management policy. You can only use `metadata` in an expression that’s related to password expiry. See [Enable password expiry](https://help.okta.com/okta_help.htm?type=oie&id=oamp-enable-password-expiry) + + + +#### New password complexity property is GA in Preview + +You can now use the `oelStatement` property to block words from being used in passwords. This feature enhances security by allowing you to customize your password strength requirements. See the [Policy API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/createPolicy!path=3/settings/password/complexity/oelStatement&t=request). + + + +#### Developer documentation updates in 2026.01.0 + +* The new [Express Configuration customer configuration guide template](/docs/guides/express-config-guide-template/main/) is available to help Express Configuration partners create accurate configuration guides for their customers. This resource provides standardized instructions for setting up apps that use Express Configuration, covering functionalities such as SSO, Universal Logout, and SCIM provisioning. +* The rate limits documentation has been revised and updated on the References tab. New updates include detailed explanations on rate limit buckets, as well as more information on how to increase your rate limits. See the [Rate Limits overview](/docs/reference/rate-limits/). +* The Okta API release notes now provide an RSS feed for each API release note category: [Classic Engine](/docs/release-notes/2026/), [Identity Engine](/docs/release-notes/2026-okta-identity-engine/), [Identity Governance](/docs/release-notes/2026-okta-identity-governance/), [Privileged Access](/docs/release-notes/2026-okta-privileged-access/), [Access Gateway](/docs/release-notes/2026-okta-access-gateway/), and [Aerial](/docs/release-notes/2026-okta-aerial/). Click the RSS icon to subscribe. + +#### Bugs fixed in 2026.01.0 + +* The following attributes weren't properly being gated as reserved attributes: `orgid`, `activationstatus`, `apistatus`, `logintype`, `initialreconcilecomplete`, `activationdate`, `statuschangeddate`, `apilastupdate`, `passwordexpirationguess`, `passwordexpirationcursor`, `numunlocks`, `changedstatus`. See [Review reserved attributes](https://help.okta.com/okta_help.htm?type=oie&id=reserved-attributes). (OKTA-1049339) + +* An error sometimes occurred when an admin attempted to update the username for an app user. (OKTA-1047716) diff --git a/packages/@okta/vuepress-site/docs/release-notes/2026-okta-identity-governance/index.md b/packages/@okta/vuepress-site/docs/release-notes/2026-okta-identity-governance/index.md new file mode 100644 index 00000000000..71785ffb56b --- /dev/null +++ b/packages/@okta/vuepress-site/docs/release-notes/2026-okta-identity-governance/index.md @@ -0,0 +1,62 @@ +--- +title: Okta Identity Governance API release notes 2026 +--- + +# Okta Identity Governance API release notes (2026) + + + RSS + Subscribe to RSS +

+ +Okta Identity Governance is available for both Okta Classic Engine and Okta Identity Engine. + +## January + +### Monthly release 2026.01.0 + + +| Change | Expected in Preview Orgs | +|--------|--------------------------| +| [Security access reviews API is GA in Production](#security-access-reviews-api-is-ga-in-production) | September 10, 2025 | +| [Permalink ID in V1 access request is Beta](#permalink-id-in-v1-access-request-is-beta) | January 8, 2026 | +| [AD group support in Access Requests is GA in Production](#ad-group-support-in-access-requests-is-ga-in-production) | December 10, 2025 | +| [My Access Certification Reviews API is Beta](#my-access-certification-reviews-api-is-beta) | January 8, 2026 | +| [Developer documentation updates in 2026.01.0](#developer-documentation-update-in-2026-01-0) | January 7, 2026 | + +#### Security access reviews API is GA in Production + +Security access reviews are a new, security-focused type of access review that can be automatically triggered by events. These reviews provide a unified view of a user's access and contextual information about their access history. Also included is an AI-generated access summary, allowing you to investigate and take immediate remediation actions, such as revoking access. +See [Security Access Reviews](https://help.okta.com/okta_help.htm?type=oie&id=csh-sar) in the product documentation. + +See the [Security Access Reviews](https://developer.okta.com/docs/api/iga/openapi/governance.api/tag/Security-Access-Reviews/) API and [Launch a security access review](/docs/guides/iga-security-access-review/main/) guide for details on how to trigger security access reviews through the API. + + + +#### Permalink ID in V1 access request is Beta + + + +A new `permalinkId` property is returned in [V1 access request](https://developer.okta.com/docs/api/iga/openapi/governance.requests.admin.v1/tag/Requests/) responses. This property is a user-friendly, immutable identifier that resolves to the request. Users can use this identifier (in the form of a permalink) to navigate back to the request on the web page. See [`permalinkId`](https://developer.okta.com/docs/api/iga/openapi/governance.requests.admin.v1/tag/Requests/#tag/Requests/operation/getRequest!c=200&path=0/permalinkId&t=response). + + +#### AD group support in Access Requests is GA in Production + +Users can now request access to Active Directory (AD)-sourced groups directly within Access Requests. This enhancement enables seamless governance and automatically fulfills and revokes (if time-bound) access in AD, strengthening your security posture and eliminating the need for duplicate groups or custom Workflows. + +You must have [Bidirectional Group Management with Active Directory](https://help.okta.com/okta_help.htm?type=oie&id=ad-bidirectional-group-mgmt) configured in your org to have governance AD group support. See [Access governance for AD groups](https://help.okta.com/okta_help.htm?type=oie&id=ad-bidirectional-group-mgt-configure). + +For users to request access to AD groups, admins must first create a request condition with an AD-sourced group access scope. Use the [Create a request condition](https://developer.okta.com/docs/api/iga/openapi/governance.requests.admin.v2/tag/Request-Conditions/#tag/Request-Conditions/operation/createResourceRequestConditionV2) request and set `accessScopeSettings.type` to `GROUP`. In the `accessScopeSettings.group` list, specify your AD-sourced group IDs that are requestable. + + +#### My Access Certification Reviews API is Beta + + + +The [My Access Certification Reviews](https://developer.okta.com/docs/api/iga/openapi/governance.requests.enduser.v2/tag/My-Access-Certification-Reviews/#tag/My-Access-Certification-Reviews) API enables end users to retrieve reviews and associated details assigned to them. The responses from this API are specifically for the authenticated user (the end user) making the request. See [List all managed connections for my review](https://developer.okta.com/docs/api/iga/openapi/governance.requests.enduser.v2/tag/My-Access-Certification-Reviews/#tag/My-Access-Certification-Reviews/operation/listMyManagedConnections). + + +#### Developer documentation updates in 2026.01.0 + +* The new [Manage Okta Identity Governance resources using Terraform](/docs/guides/terraform-oig-resources/main/) guide explains how to manage Okta Identity Governance (OIG) resources with Terraform. It details how to create, import, and modify OIG resources using your Terraform configuration. +* The Okta API release notes now provide an RSS feed for each API release note category: [Classic Engine](/docs/release-notes/2026/), [Identity Engine](/docs/release-notes/2026-okta-identity-engine/), [Identity Governance](/docs/release-notes/2026-okta-identity-governance/), [Privileged Access](/docs/release-notes/2026-okta-privileged-access/), [Access Gateway](/docs/release-notes/2026-okta-access-gateway/), and [Aerial](/docs/release-notes/2026-okta-aerial/). Click the RSS icon to subscribe. diff --git a/packages/@okta/vuepress-site/docs/release-notes/2026-okta-privileged-access/index.md b/packages/@okta/vuepress-site/docs/release-notes/2026-okta-privileged-access/index.md new file mode 100644 index 00000000000..35b67ce3e4b --- /dev/null +++ b/packages/@okta/vuepress-site/docs/release-notes/2026-okta-privileged-access/index.md @@ -0,0 +1,25 @@ +--- +title: Okta Privileged Access API release notes 2026 +--- + +# Okta Privileged Access API release notes (2026) + + + RSS + Subscribe to RSS +

+ +Okta Privileged Access (OPA) is available for both Okta Classic Engine and Okta Identity Engine. + +## January + +### Monthly release 2026.01.0 + + +| Change | Expected in Preview Orgs | +|--------|--------------------------| +| [Developer documentation update in 2026.01.0](#developer-documentation-update-in-2026-01-0) | January 7, 2026 | + +#### Developer documentation update in 2026.01.0 + +The Okta API release notes now provide an RSS feed for each API release note category: [Classic Engine](/docs/release-notes/2026/), [Identity Engine](/docs/release-notes/2026-okta-identity-engine/), [Identity Governance](/docs/release-notes/2026-okta-identity-governance/), [Privileged Access](/docs/release-notes/2026-okta-privileged-access/), [Access Gateway](/docs/release-notes/2026-okta-access-gateway/), and [Aerial](/docs/release-notes/2026-okta-aerial/). Click the RSS icon to subscribe. \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/release-notes/2026/index.md b/packages/@okta/vuepress-site/docs/release-notes/2026/index.md new file mode 100644 index 00000000000..2df7088b13d --- /dev/null +++ b/packages/@okta/vuepress-site/docs/release-notes/2026/index.md @@ -0,0 +1,55 @@ +--- +title: Okta Classic Engine API release notes 20256 +--- + +# Okta Classic Engine API release notes (2026) + + + RSS + Subscribe to RSS + + +## January + +### Monthly release 2026.01.0 + + +| Change | Expected in Preview Orgs | +|--------|--------------------------| +| [Encryption of ID tokens and access tokens is GA in Production](#encryption-of-id-tokens-and-access-tokens-is-ga-in-production) | August 7, 2025 | +| [Unified claims generation for custom apps is GA in Production](#unified-claims-generation-for-custom-apps-is-ga-in-production) | July 30, 2025 | +| [Additional Anything-as-a-Source API endpoints is GA in Production](#additional-anything-as-a-source-api-endpoints-is-ga-in-production) | December 10, 2025 | +| [Anything-as-a-Source for groups and group memberships API is GA in Production](#anything-as-a-source-for-groups-and-group-memberships-api-is-ga-in-production) | December 10, 2025 | +| [Developer documentation updates in 2026.01.0](#developer-documentation-updates-in-2026-01-0) | January 7, 2026 | +| [Bugs fixed in 2026.01.0](#bugs-fixed-in-2026-01-0)| January 8, 2025 | + +#### Encryption of ID tokens and access tokens is GA in Production + +You can now encrypt OIDC ID tokens for Okta-protected custom app integrations using JSON Web Encryption. You can also now encrypt access tokens minted by a custom authorization server. See [Key management](/docs/guides/key-management/main/). + +#### Unified claims generation for custom apps is GA in Production + +Unified claims generation is a new streamlined interface for managing claims (OIDC) and attribute statements (SAML) for Okta-protected custom app integrations. In addition to group and user profile claims, the following new claim types are available: `entitlements` (required OIG), `device.profile`, `session.id`, and `session.amr`. See [Okta Expression Language in Identity Engine](/docs/reference/okta-expression-language-in-identity-engine/). + +#### Additional Anything-as-a-Source API endpoints is GA in Production + +Anything-as-a-Source (XaaS) capabilities allow customers to use a custom identity source with Okta. With XaaS, customers can source entities such as users into Okta Universal Directory by connecting a custom HR app or a custom database. This release offers Anything-as-a-Source APIs for both individual operations and bulk operations on groups, group memberships, and users. Okta now enables creating and updating users, creating and updating groups, and managing group memberships into Okta Universal Directory from any identity source using the Identity Source APIs. See [Identity Sources](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentitySource/). + + + +#### Anything-as-a-Source for groups and group memberships API is GA in Production + +Anything-as-a-Source (XaaS) capabilities allow customers to use a custom identity source with Okta. With XaaS, customers can source entities such as users into Okta Universal Directory by connecting a custom HR app or a custom database. This release offers XaaS capabilities with groups and group memberships, allowing customers to start sourcing groups with XaaS. Okta now enables creating and updating users, creating and updating groups, and managing group memberships into Okta Universal Directory from any identity source using the Identity Source APIs. See [Identity Sources](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentitySource/). + + + +#### Developer documentation updates in 2026.01.0 + +* The rate limits documentation has been revised and updated on the References tab. New updates include detailed explanations on rate limit buckets, as well as more information on how to increase your rate limits. See the [Rate Limits overview](/docs/reference/rate-limits/). +* The Okta API release notes now provide an RSS feed for each API release note category: [Classic Engine](/docs/release-notes/2026/), [Identity Engine](/docs/release-notes/2026-okta-identity-engine/), [Identity Governance](/docs/release-notes/2026-okta-identity-governance/), [Privileged Access](/docs/release-notes/2026-okta-privileged-access/), [Access Gateway](/docs/release-notes/2026-okta-access-gateway/), and [Aerial](/docs/release-notes/2026-okta-aerial/). Click the RSS icon to subscribe. + +#### Bugs fixed in 2026.01.0 + +* The following attributes weren't properly being gated as reserved attributes: `orgid`, `activationstatus`, `apistatus`, `logintype`, `initialreconcilecomplete`, `activationdate`, `statuschangeddate`, `apilastupdate`, `passwordexpirationguess`, `passwordexpirationcursor`, `numunlocks`, `changedstatus`. See [Review reserved attributes](https://help.okta.com/okta_help.htm?type=oie&id=reserved-attributes). (OKTA-1049339) + +* An error sometimes occurred when an admin attempted to update the username for an app user. (OKTA-1047716) diff --git a/packages/@okta/vuepress-site/docs/release-notes/archive/index.md b/packages/@okta/vuepress-site/docs/release-notes/archive/index.md index c3d79cb6f4f..bcf2a384ee7 100644 --- a/packages/@okta/vuepress-site/docs/release-notes/archive/index.md +++ b/packages/@okta/vuepress-site/docs/release-notes/archive/index.md @@ -11,18 +11,26 @@ This section contains release notes from previous years. > **Note:** Changes to Okta unrelated to API Products are published in the [Okta Release Notes](https://help.okta.com/okta_help.htm?id=ext_okta_relnotes) for admins. See [Okta Identity Engine Release Notes](https://help.okta.com/okta_help.htm?type=oie&id=csh-oie-rn) for changes to the Identity Engine that are unrelated to Identity Engine API Products. -[Identity Engine 2024](/docs/release-notes/2024-okta-identity-engine/) +[Identity Engine 2025](/docs/release-notes/2025-okta-identity-engine/) -Learn about features and fixes deployed to Okta Identity Engine in 2024. +Learn about features and fixes deployed to Okta Identity Engine in 2025. -[Classic Engine 2024](/docs/release-notes/2024/) +[Classic Engine 2025](/docs/release-notes/2025/) -Learn about features and fixes deployed to Okta Classic Engine in 2024. +Learn about features and fixes deployed to Okta Classic Engine in 2025. -[Identity Engine 2023](/docs/release-notes/2023-okta-identity-engine/) +[Okta Identity Governance API release notes (2025)](/docs/release-notes/2025-okta-identity-governance) -Learn about features and fixes deployed to Okta Identity Engine in 2023. +Learn about features and fixes deployed to Okta Identity Governance APIs in 2025. -[Classic Engine 2023](/docs/release-notes/2023/) +[Okta Privileged Access API release notes (2025)](/docs/release-notes/2025-okta-privileged-access) -Learn about features and fixes deployed to Okta Classic Engine in 2023. +Learn about features and fixes deployed to Okta Identity Governance APIs in 2025. + +[Okta Access Gateway API release notes (2025)](/docs/release-notes/2025-okta-privileged-access) + +Learn about features and fixes deployed to Okta Access Gateway APIs in 2025. + +[Okta Aerial API release notes (2025)](/docs/release-notes/2025-okta-aerial) + +Learn about features and fixes deployed to Okta Aerial APIs in 2025. diff --git a/packages/@okta/vuepress-site/docs/release-notes/index.md b/packages/@okta/vuepress-site/docs/release-notes/index.md index 03990ebfbfe..30659e1447d 100755 --- a/packages/@okta/vuepress-site/docs/release-notes/index.md +++ b/packages/@okta/vuepress-site/docs/release-notes/index.md @@ -13,16 +13,20 @@ You can identify your product type and release version from the Admin Console. T Learn about features and fixes deployed to the following Okta products: -* [Identity Engine 2025](/docs/release-notes/2025-okta-identity-engine/) +* [Identity Engine 2026](/docs/release-notes/2026-okta-identity-engine/) -* [Classic Engine 2025](/docs/release-notes/2025/) +* [Classic Engine 2026](/docs/release-notes/2026/) -* [Okta Identity Governance 2025](/docs/release-notes/2025-okta-identity-governance/) +* [Okta Identity Governance 2026](/docs/release-notes/2026-okta-identity-governance/) -* [Okta Privileged Access 2025](/docs/release-notes/2025-okta-privileged-access/) +* [Okta Privileged Access 2026](/docs/release-notes/2026-okta-privileged-access/) -* [Okta Access Gateway 2025](/docs/release-notes/2025-okta-access-gateway/) +* [Okta Access Gateway 2026](/docs/release-notes/2026-okta-access-gateway/) + +* [Okta Aerial 2026](/docs/release-notes/2026-okta-aerial) You can find older release notes in the [Archive](/docs/release-notes/archive) section. +The Okta API release notes also provide an RSS feed for each API release note category. Click the RSS icon to subscribe. + > **Note:** Changes to Okta unrelated to API Products are published in the [Okta Release Notes](https://help.okta.com/okta_help.htm?id=ext_okta_relnotes) for admins. See [Okta Identity Engine Release Notes](https://help.okta.com/okta_help.htm?type=oie&id=csh-oie-rn) for changes to the Identity Engine that are unrelated to Identity Engine API Products. diff --git a/packages/@okta/vuepress-theme-prose/const/navbar.const.js b/packages/@okta/vuepress-theme-prose/const/navbar.const.js index 2bbf5c4d446..154b3ba3f6c 100644 --- a/packages/@okta/vuepress-theme-prose/const/navbar.const.js +++ b/packages/@okta/vuepress-theme-prose/const/navbar.const.js @@ -55,7 +55,7 @@ export const concepts = [ title: "Manage user credentials", path: "/docs/concepts/manage-user-creds/", }, - { + { title: "Monitor Okta", path: "/docs/concepts/monitor/", }, @@ -410,7 +410,8 @@ export const guides = [ } ] }, - { title: "Set up your org", + { + title: "Set up your org", guideName: "set-up-org", }, { @@ -476,8 +477,10 @@ export const guides = [ { title: "Sign users out", guideName: "oie-embedded-sdk-use-case-basic-sign-out" }, { title: "Delete all Stay signed in sessions", guideName: "delete-all-stay-signed-in-sessions" }, { title: "Single Logout", guideName: "single-logout" }, - {title: "Validate SSO federation", - guideName: "validate-federation"}, + { + title: "Validate SSO federation", + guideName: "validate-federation" + }, { title: "Basics", subLinks: [ @@ -583,6 +586,10 @@ export const guides = [ title: "Configure SSO for native apps", guideName: "configure-native-sso", }, + { + title: "Configure Native to Web SSO", + guideName: "native-to-web-sso", + }, { title: "Manage credentials using the Okta Client SDK", guideName: "manage-user-creds", @@ -1083,26 +1090,29 @@ export const guides = [ ]; export const journeys = [ - { - title: "Journeys", - path: "/docs/journeys/", - subLinks: [ - { - title: "Secure my customer portal", - subLinks: [ - { title: "Secure your first web app", - journeyName: "OCI-secure-your-first-web-app" - }, - { title: "Sign users in through your web app", - journeyName: "OCI-web-sign-in" - }, - { title: "Apply your brand to the Okta user experience", - journeyName: "OCI-branding" - }, - ] - }, - ], - } + { + title: "Journeys", + path: "/docs/journeys/", + subLinks: [ + { + title: "Secure my customer portal", + subLinks: [ + { + title: "Secure your first web app", + journeyName: "OCI-secure-your-first-web-app" + }, + { + title: "Sign users in through your web app", + journeyName: "OCI-web-sign-in" + }, + { + title: "Apply your brand to the Okta user experience", + journeyName: "OCI-branding" + }, + ] + }, + ], + } ]; export const languagesSdk = [ @@ -1200,48 +1210,55 @@ export const releaseNotes = [ path: "/docs/release-notes/", subLinks: [ { - title: "2025 - Classic Engine", - path: "/docs/release-notes/2025/" + title: "2026 - Classic Engine", + path: "/docs/release-notes/2026/" }, { - title: "2025 - Identity Engine", - path: "/docs/release-notes/2025-okta-identity-engine/", + title: "2026 - Identity Engine", + path: "/docs/release-notes/2026-okta-identity-engine/", }, { - title: "2025 - Identity Governance", - path: "/docs/release-notes/2025-okta-identity-governance/", + title: "2026 - Identity Governance", + path: "/docs/release-notes/2026-okta-identity-governance/", }, { - title: "2025 - Privileged Access", - path: "/docs/release-notes/2025-okta-privileged-access/", + title: "2026 - Privileged Access", + path: "/docs/release-notes/2026-okta-privileged-access/", }, { - title: "2025 - Access Gateway", - path: "/docs/release-notes/2025-okta-access-gateway/", + title: "2026 - Access Gateway", + path: "/docs/release-notes/2026-okta-access-gateway/", }, { - title: "2025 - Aerial", - path: "/docs/release-notes/2025-okta-aerial/", + title: "2026 - Aerial", + path: "/docs/release-notes/2026-okta-aerial/", }, { title: "Archive", path: "/docs/release-notes/archive", subLinks: [ { - title: "2024 - Classic Engine", - path: "/docs/release-notes/2024/" + title: "2025 - Classic Engine", + path: "/docs/release-notes/2025/" + }, + { + title: "2025 - Identity Engine", + path: "/docs/release-notes/2025-okta-identity-engine/", }, { - title: "2024 - Identity Engine", - path: "/docs/release-notes/2024-okta-identity-engine/", + title: "2025 - Identity Governance", + path: "/docs/release-notes/2025-okta-identity-governance/" }, { - title: "2023 - Classic Engine", - path: "/docs/release-notes/2023/" + title: "2025 - Privileged Access", + path: "/docs/release-notes/2025-okta-privileged-access/", }, { - title: "2023 - Identity Engine", - path: "/docs/release-notes/2023-okta-identity-engine/", + title: "2025 - Access Gateway", + path: "/docs/release-notes/2025-okta-access-gateway/", + }, { + title: "2025 - Aerial", + path: "/docs/release-notes/2025-okta-aerial/", }, ] },