For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Logo
DeveloperAcademyCommunityStatus
  • Getting Started
    • Welcome to Moveworks
    • Roadmap & Release Notes
    • Moveworks Best Practices
    • Labs
    • Professional Services
    • Support
  • AI Assistant
    • AI Assistant Overview
    • Capabilities
    • Web Experiences
      • AI Assistant on Web
      • Embedded AI Assistant (formerly, Moveworks for Web)
        • Embedded AI Assistant - Browser Compatibility
        • Embedded AI Assistant Installation Guide
        • Adding Embedded AI Assistant to ServiceNow
        • Adding Embedded AI Assistant to SharePoint Online (Cloud)
        • Adding Embedded AI Assistant to Google Sites
        • Adding Embedded AI Assistant to Unily
        • Embedded AI Assistant SSO Configuration - Okta OIDC
        • Embedded AI Assistant SSO Configuration - OneLogin (OIDC)
        • Embedded AI Assistant SSO Configuration - Okta SAML SSO
        • Embedded AI Assistant SSO Configuration - Azure OIDC
        • Embedded AI Assistant SSO Configuration (General SAML) + ADFS Configuration
        • Embedded AI Assistant: Multi-SSO Configuration Guide
        • Embedded AI Assistant Troubleshooting Guide
    • Analytics & Performance
  • Enterprise Search
    • Overview
    • Agentic RAG Overview
    • Content Ingestion Platform
    • Profile Boosting
    • Retrieval
    • Permissions Platform
    • Built-in Content Connectors
    • Build your own Content Connectors
    • Configure Search
    • Configure Enterprise Search
    • Vetted Content
    • Writing AI-Ready KB Articles
    • Document Chunking and Snippetization Overview
  • Productivity Boost
    • Overview
    • Configure Productivity Boost
    • Quick GPT
    • Calendar Management
    • Brief Me
DeveloperAcademyCommunityStatus
On this page
  • Installing Embedded AI Assistant with a Code Snippet and Okta SAML SSO
  • Installation Participants
  • Installation Overview
  • Moveworks will provide the following:
  • Step 1: Review Security Overview document and Verify Okta tenant is configured to support iFrames
  • Step 2: Okta App Setup Instructions
  • Step 3: Record configuration info about your app
  • Step 4: Complete your Configuration in Moveworks Setup
  • Create Moveworks Setup Authentication Configuration
  • Configure the Embedded AI Assistant
AI AssistantWeb ExperiencesEmbedded AI Assistant (formerly, Moveworks for Web)

Embedded AI Assistant SSO Configuration - Okta SAML SSO

||View as Markdown|
Was this page helpful?
Edit this page
Previous

Embedded AI Assistant SSO Configuration - Azure OIDC

Next
Built with

Installing Embedded AI Assistant with a Code Snippet and Okta SAML SSO

This method of installation allows you to embed Embedded AI Assistant on any webpage governed by Okta Single Sign-On (SSO), as long as the page supports HTML/JavaScript editing. It simply requires setting up an Okta application and then pasting a code snippet onto your target pages.

Installation Participants

On the day of installation, we need these individuals from your team on the call:

  • Okta super admin
    • Must be able to add a new application and make tenant-level configuration changes.
  • Target host admin(s)
    • Must be able to paste an HTML/JavaScript code snippet onto the target page or site.

Installation Overview

Moveworks can walk you through the Okta application installation on a call in about 15 minutes.

Setting up the Okta application is a one-time activity and from then on you are free to paste the code snippet onto any other site governed by your Okta SSO at your convenience.

Moveworks will provide the following:

  • Unique Customer Identifier String
  • Unique Customer Code Snippet

Step 1: Review Security Overview document and Verify Okta tenant is configured to support iFrames

Embedded AI Assistant is an iframe-based application since the entire chat is hosted on Moveworks’ domain. Okta allows these kinds of applications to be installed by enabling a tenant-wide configuration (see screenshot below).

Enabling this feature is necessary for Embedded AI Assistant to function, however, it does allow other Okta applications to utilize iFrames as well. By enabling this feature within the Okta tenant, customer’s security posture may be weakened since this may enable attackers to perform a clickjacking attack against end users. Customers may sign up for Okta’s beta program feature for trusted origins which only allows explicitly specified domains to be displayed in iFrames, such as Moveworks. We highly recommend customers review this with their security team (or an equivalent) before enabling this feature.

For further information about this feature please see:

  • Okta iFrame solution: https://support.okta.com/help/s/article/Okta-in-IFrame-is-not-working?language=en_US
  • Trusted Origins for iFrame embedding (beta feature): https://help.okta.com/en-us/Content/Topics/API/trusted-origins-iframe.htm

Step 2: Okta App Setup Instructions

Go to the screen that lets you create Applications.

Click on Create App Integration.

Select SAML 2.0 in the next screen.

Specify a name for the application. Moveworks recommends using your bot’s name.

Check the box to not display the AI Assistant as an application among your users’ Okta chiclets.

Click next to configure the application.

Based on your AI Assistant environment, set the Single sign on URL as one of the following:

Commercial Environment: https://webchat-kprod.moveworks.io/login/sso/saml GovCloud Environment: https://webchat.moveworksgov.com/login/sso/saml EU Environment: https://webchat.prod.am-euc1.moveworks.io/login/sso/saml Canada Environment: https://webchat.prod.am-cac1.moveworks.io/login/sso/saml

Specify https://www.moveworks.com/ as the Audience URI.

In Default Relay State: Add the unique customer identifier string provided by Moveworks.

Select email address as the Name ID format.

On the Feedback panel, select the following options.

Step 3: Record configuration info about your app

  1. Go the Sign On tab and click on View Setup Instructions.

  1. Note down the following:

    1. Identity Provider Single Sign-On URL
    2. Identity Provider Issuer
    3. X.509 Certificate

  2. Embed Link:

Step 4: Complete your Configuration in Moveworks Setup

After setup is complete, login to Moveworks Setup to add the SSO application details.

  1. Within Moveworks Setup, navigate to Single Sign-on (SSO)
  2. Click create to create a new SSO configuration
  3. Input the following details:
    1. Moveworks Product: Movewebchat
    2. Select Connector: Okta
    3. Authentication Protocol: SAML
    4. IDP Sign On/ SSO URL
    5. IDP Issuer/Identifier ID
    6. IDP Public Certificate

Create Moveworks Setup Authentication Configuration

  1. Within Moveworks Setup, Navigate to Web Chatbot > Authentication and click create to create a new authentication record
  2. Set Auth Config to Generic SSO
  3. Set SSO Config to the SSO configuration record you created in the previous section of this guide.
  4. Set Auth Key to defaultfor single SSO authentication setups. For setups where you have multiple SSO systems users use to authenticate, follow the Multi SSO Configuration Guide

Configure the Embedded AI Assistant

You will need to follow the Embedded AI Assistant Configuration Guide to complete the remaining setup steps if you have not done so already.