Okta January 2025 Release: New Identity Features

Name: Okta January 2025 Release: New Identity Features
Uploaded: 2026-06-28T12:39:12-04:00
Duration: 4 min 40 s
Description: Check out the monthly highlights from Okta’s Production release for January 2025. Find more details on this and other releases here: https://help.okta.com/en-us/Content/Topics/ReleaseNotes/production.htm Got questions? Submit them from the Okta Help Ce...

Okta

06/28/2026

0 (0%)

Report Like Favorite

Transcript

Welcome to the monthly release highlights for Okta's Workforce Identity Cloud. We'll go over new generally available features and early access new features. Let's get started. Generally available features. Multiple identifiers. Enhancements to the profile enrollment policy. Allow configuration of identifiers that can be leveraged for Okta's sign-in flows using custom profile attributes. Today, end-users must sign in to Okta with a username or email address only. With the multiple identifiers feature, admins can configure identifiers or user attributes from Universal Directory that an end-user can enter to authenticate. Multiple identifiers work in sign-on, recovery, self-service registration, and unlock flows. Admins can configure up to three identifiers, including email, which is still a required identifier. With multiple identifiers, admins can streamline the sign-in experience by giving users more options to identify themselves with. Admins can also specify which identifiers can be used across various applications. OAuth 2.0 security for invoking API endpoints. Okta Workflows users can now securely invoke API endpoints using OAuth 2.0 protocols and their Okta org authorization server. Compared with the existing token authorization option, this feature is more secure while also being easier to implement. Add the Okta Workflows Invoke Managed Scope to any new or existing app integration to make it eligible to invoke your API endpoint. Just-in-time local account creation for macOS. Just-in-time local account creation is available for Okta device access. Okta admins can allow macOS users to create a local account by entering their Okta username and Okta password in the macOS sign-in dialog. This feature enables easier account management for admins and streamlines the user account creation process for end-users. This is especially beneficial for devices or workstations that support multiple users. Identity verification with third-party identity verification providers. When users take certain actions, identity verification enables you to use a third-party identity verification provider to verify the identity of your users. Verification requirements and the identity verification provider are based on your authentication policies and configurations within your Okta org. Okta supports Persona as a third-party identity verification provider. Benefits include reducing social engineering attacks using document and liveness verification and enhancing protection and trust across onboarding, authentication, account recovery, and help desk support. Block syncable passkeys. You can now block syncable passkeys during authentication. Previously, you could only block them during enrollment. This enhances the security of your org by preventing users from presenting such passkeys to attempt to enroll new, unmanaged devices. Authentication method chain. With this feature, you can require users to verify with multiple authentication methods in a specified sequence. You can create multiple authentication method chains in an authentication policy rule to cater to different use cases and scenarios. This feature is now also supported in the Okta account management policy. Additional use case selection in the OIN wizard. Independent software vendors can select the following additional use case categories when they submit their integration to the OIN. Automation, centralized logging, directory and HR sync, and multi-factor authentication. Let's wrap up with a look at early access features. Multi-factor authentication for secure partner access admin portal. MFA is required for accessing the partner admin portal app. Entitlement claims. You can now enrich tokens with app entitlements that produce deeper integrations. After you configure this feature for your app integrations, use the Okta expression language and identity engine to add entitlements at runtime as OIDC claims and SAML assertions. Thanks for viewing the release highlights for Okta's Workforce Identity Cloud. For additional details, please visit the Okta release notes and help article links which can be found in the video description.

TL;DR

Multiple identifier support now allows users to authenticate with custom profile attributes from Universal Directory, not just username or email, streamlining sign-in across authentication, recovery, and self-service registration flows.
Security enhancements include OAuth 2.0 for Workflows API endpoints, third-party identity verification with Persona for document and liveness checks, and the ability to block syncable passkeys during authentication to prevent unmanaged device enrollment.
Operational improvements feature just-in-time local account creation for macOS users, authentication method chaining for sequential multi-factor verification, and expanded OIN wizard categories including automation, centralized logging, and directory sync use cases.

Summary

This monthly release overview covers Okta's January 2025 platform updates for Workforce Identity Cloud, highlighting both generally available and early access features. The release introduces significant enhancements to authentication flexibility, including multiple identifier support that allows users to sign in with custom profile attributes beyond traditional username or email. Security improvements include OAuth 2.0 protocols for Workflows API endpoints, third-party identity verification integration with Persona, and enhanced passkey management with the ability to block syncable passkeys during authentication. The update also addresses operational efficiency with just-in-time local account creation for macOS devices, authentication method chaining for multi-step verification requirements, and expanded use case categories in the Okta Integration Network wizard. Early access features preview upcoming capabilities around multi-factor authentication for partner portals and entitlement claims for deeper application integrations using Okta Expression Language.

Chapters

0:00 - Introduction
0:10 - Multiple Identifiers
1:17 - OAuth 2.0 Security
1:41 - macOS Account Creation
2:13 - Identity Verification
2:56 - Passkeys & Authentication
3:50 - Early Access Features

Key Quotes

0:30 "Today, end-users must sign in to Okta with a username or email address only. With the multiple identifiers feature, admins can configure identifiers or user attributes from Universal Directory that an end-user can enter to authenticate."
1:17 "Okta Workflows users can now securely invoke API endpoints using OAuth 2.0 protocols and their Okta org authorization server. Compared with the existing token authorization option, this feature is more secure while also being easier to implement."
2:44 "Benefits include reducing social engineering attacks using document and liveness verification and enhancing protection and trust across onboarding, authentication, account recovery, and help desk support."

FAQ

What authentication methods can users now use with multiple identifiers?

Admins can configure up to three identifiers including email (which remains required) using custom profile attributes from Universal Directory. These identifiers work across sign-on, recovery, self-service registration, and unlock flows, and can be specified per application.

How does the new OAuth 2.0 security for Workflows improve upon existing token authorization?

OAuth 2.0 protocols using the Okta org authorization server provide more secure authentication while being easier to implement. Admins simply add the Okta Workflows Invoke Managed Scope to any app integration to enable secure API endpoint invocation.

Categories:

» Cybersecurity » Identity & Access Management (IAM)
» Data Protection

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

06/30/2026

01:00 PM

06/30/2026

Master Active Directory Certificate Services and Maintain Your Edge

https://www.truthinit.com/index.php/channel/2018/master-active-directory-certificate-services-and-maintain-your-edge/
07/01/2026

04:00 AM

07/01/2026

Integrating Security in AI: Automated Red Teaming Strategies for Private Models

https://www.truthinit.com/index.php/channel/1969/integrating-security-in-ai-automated-red-teaming-strategies-for-private-models/
07/01/2026

04:00 AM

07/01/2026

Schutz von KI in Anwendungen, Agenten und APIs.

https://www.truthinit.com/index.php/channel/2008/schutz-von-ki-in-anwendungen-agenten-und-apis/
07/01/2026

01:00 PM

07/01/2026

How to Prevent Your AI from Outsmarting You

https://www.truthinit.com/index.php/channel/2021/how-to-prevent-your-ai-from-outsmarting-you/
07/02/2026

10:00 AM

07/02/2026

Resilience Insights from Hybrid Threats in a Dark Cloud Environment

https://www.truthinit.com/index.php/channel/2011/resilience-insights-from-hybrid-threats-in-a-dark-cloud-environment/
07/08/2026

02:00 PM

07/08/2026

Understanding the Crucial Role of Context in AI Data

https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
07/09/2026

01:00 PM

07/09/2026

The HUMAN Experience: Empowering Agentic Trust in Practice

https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
07/14/2026

01:00 PM

07/14/2026

Crafting a Championship-Worthy Security Team for Maximum Defense Effectiveness

https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-maximum-defense-effectiveness/
07/21/2026

04:00 AM

07/21/2026

Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
07/21/2026

01:00 PM

07/21/2026

HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
07/22/2026

06:30 AM

07/22/2026

Insights and Strategies from the DPDP Webinar

https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-from-the-dpdp-webinar/
07/28/2026

01:00 PM

07/28/2026

Illumio + Netskope: Zero Trust in the Age of AI Autonomy

https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
07/29/2026

04:00 AM

07/29/2026

Real-Time Strategies for Safeguarding Against Prompt Injections

https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
08/19/2026

12:00 PM

08/19/2026

Get Prepared to Thrive as an Agent in Just 30 Days

https://www.truthinit.com/index.php/channel/2036/get-prepared-to-thrive-as-an-agent-in-just-30-days/
09/30/2026

04:00 AM

09/30/2026

AI Command Center: Optimizing Visibility and Control in Your Operations

https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/