***
title: 'Lab #0: Setup Lab Environments'
position: 1
deprecated: false
hidden: false
metadata:
robots: index
-------------
## Overview
* **Learning Objectives:** Configure the foundational environments required for the Moveworks implementation. By the end of this lab, you will have a functional Okta tenant, access to Moveworks Setup, and a secured Single Sign-On (SSO) connection between the two.
* **Recommendations:**
* Leverage two monitors — there will be a lot of copy + pasting from disparate systems in this lab
* Open a Notes or Spreadsheet doc
* Maintain access to the following pages (keep them open in separate browser tabs):
* ServiceNow PDI Landing Page
* Okta Dashboard
* My Moveworks portal
* **Estimated Time:** 60 minutes
* **Prerequisites:**
* Work email address
* Access to Moveworks Tenant URL (provided by instructor)
* Access to a ServiceNow PDI (provided by instructor)
* Okta Verify Application installed on your mobile device
***
## 🛠️ 1: Walkthrough
### 1.1: Access Moveworks & Moveworks Setup
*Goal: Use the "side-door" entry to gain initial administrative access.*
Temporary access links are only valid for 15 minutes. If you need to login to the environment again, send yourself an activation email via [my.moveworks.com/welcome](http://my.moveworks.com/welcome)
1. **Log in** to the Moveworks portal using your assigned lab credentials:
[my.moveworks.com/welcome](https://my.moveworks.com/welcome)
2. **Work Email:** Enter the **work email address** you used during the Okta PDI step.
3. **Org Name:** In the **Org Name** field, enter your specific organization name.
* *Example:* If your organization is `labsandbox-1-partner`, your **Org Name** is **`labsandbox-1-partner`**
**Note: Retain your org name, you will need it for a later step**
4\. Upon clicking the link, you will be redirected to an assistant window within My Moveworks
1. Say `Hi` to start interacting with Moveworks
1. Moveworks won't be able to do much yet, since this instance still needs to be configured!
2. Click the **`Manage apps`** in the lower left to be redirected to the **`My Moveworks Product Page`**
3. On this screen we can see all of the available products within this Moveworks instance. To start implementing Moveworks, we will use Moveworks Setup, which is how the base functionality of Moveworks is configured.
1. Select `Moveworks Setup`
4. You will be redirected to the **`Moveworks Setup Overview Page`** & be able to see all of the available configuration modules for this Moveworks instance. Next we will set up SSO so you can log back in without a temporary link.
### 1.2: Setting up The Okta Trial Environment & Moveworks Application
*Goal: Establish a sandbox Identity Provider (IdP) to simulate enterprise authentication.*
**Keep these tabs open throughout the lab:**
* Okta Admin Console
* Moveworks Setup
* ServiceNow PDI Landing Page (magic link page)
**Keep this information on hand (Notes doc or spreadsheet recommended):**
* Moveworks Instance Name (e.g. `labsandbox-1-partner`)
* Okta Client ID & Client Secret (saved in step 9 below)
* ServiceNow Admin `sys_id` (saved in Lab 0 step 1.5)
1. **Sign Up:** Go to [Okta](https://www.okta.com/free-trial/workforce-identity/) & get a free trial of the Okta platform
2. **Register:** Fill out the form using your work email address if possible.
3. **Activate:** Check your email for the activation link. Your Okta Tenant URL will look like: `https://trial-#######.okta.com`.
**Note:** You will need to configure a password & set up the Okta Verify app using your mobile device. Keep your mobile device handy, as you will need to use Okta verify again to login to the Okta Admin Dashboard
4\. **Admin Console:** Log in and ensure you are in the **Admin Console** (click "Admin" in the top-right if you are on the user dashboard).
**Note:** If you are prompted to import apps, select the **`skip`** button and continue
5\. **Add User:** Navigate to **`Directory > People > Add Person`**
1. Create your own user account (if not already listed).
* Fill in your details and click **`Save`**. After adding your own user account if should look like this:
6. **Find the Moveworks App:** Navigate to **`Applications > Applications > Browse App Integration Catalog`**
* Search for **`Moveworks`** and select **`Moveworks OIDC`**
7. **Configure the Moveworks App.**
1. **Application Label:** **`Moveworks`**
2. **Subdomain:** **`[moveworks-instance-name]`**
3. **Data Center: moveworks.com**
8. **Assign your user to the application:**
* Go to the **`Assignments`** tab.
* Click **`Assign > Assign to People`** and select your user.
9. **Save your Credentials:**
1. Navigate to the `Sign On` tab & save your **`Client ID & Client Secret`**
1. These credentials are required later when setting up **My Moveworks SSO Access in Step 1.4!**
**Note: While going through the rest of the Moveworks Labs, we recommend keeping your Okta session opened in a tab on your browser, for ease of navigation**
### 1.3: \[OPTIONAL] Simplifying the Okta Login
You will always need to enter an Okta Verify code to get into the `Admin` panel within your Okta trial instance, but you can take the following steps so that your end-user okta session persists longer & no longer prompts Okta Verify
1. Within the Okta Admin Console, navigate to `Global Session Policy`
2. Edit the Default Policy
3. Allow users to set **Establish the user session with:** **`A password`**
4. Set the `Maxmimum Okta global session lifetime` & `Maximum Okta global session idle time`to the desired length. We recommend 2 days for each.
### 1.4: Setup My Moveworks Okta SSO
*Goal: Bridge Moveworks and Okta using OIDC.*
**Note:** You will need the idp Client ID, Client Secret, and URL from your Okta instance to complete this step
1. In the upper left hand search bar, type in `SSO` and navigate to **`Organizational Details > Tenant Settings > Single Sign-On (SSO)`**,
2. Select **`Create`**
3. Add the configuration details
* **Moveworks Product:** `Studio`
* **Connector:** **`moveworks`**
* **Authentication Protocol:** `OIDC`
* **IDP Redirect URL:**
* `https://[moveworks-instance-name].moveworks.com/login/sso/oidc`
* **IDP Issuer**: Your Okta Trial Instance URL
* `https://trial-[your_number].okta.com`
* **IDP Client ID + Secret**
* Retrieved these values from the SSO tab in the Moveworks App created in Okta
**Do NOT append `-admin` to your Okta URL.** Using `https://trial-[your_number]-admin.okta.com` will cause SSO to fail. The correct issuer URL ends in `.okta.com` only.
4\. The other information can be left blank. After you are finished **`Submit`** your configuration
5\. Every time you save a configuration within Moveworks, you will leave a change history. This will appear in the `Configuration Logs` module.
**Note:** Always describe what you did in your change summary. Your future self will thank you!
### 1.5: Logging into the ServiceNow PDI
1. Your instructor will provide a Student instance sign-up URL & Reservation Code
2. Navigate to the URL, and enter your name (first, last) and your work email
3. After claiming the instance, enter the reservation code provided by your instructor
4. You will be redirected to a page where you can leverage the magic link to login to your instance
**Note:** We recommend keeping this tab open for the duration of your lab work. This will allow you to have quick access to logging back into your lab instance, as well as your admin username & password
5\. After clicking the Magic Link, you will be redirected to your ServiceNow instance as an admin
6\. Go to **User Administration > Users**
1. You can find it by searching for "**Users**" in the menu and scrolling to the **User Administration** section
2. Add a new user with your email address. `This is user account will be leveraged for your Moveworks <> ServiceNow Connection`
1. Set your `Department` to `IT`
3. Search for the Admin account, and copy the sys\_id into your notes (you will need it later)
1. Search by `User ID`
2. Enter `admin`
3. Right click the `admin` profile and select `Copy sys_id`
### 1.6: If Working with a Partner — Sharing a Moveworks Instance
*If you are sharing a Moveworks instance with a lab partner, complete the following steps to grant them access.*
**Step 1 — Okta: Add your partner as a user**
1. In the Okta Admin Console, go to **`Directory > People > Add Person`**
2. Fill in your partner's name and work email, then click **`Save`**
3. Go to **`Applications > Applications`**, open the **`Moveworks`** app, and go to the **`Assignments`** tab
4. Click **`Assign > Assign to People`** and assign your partner
**Step 2 — ServiceNow: Add your partner as a user**
1. In your ServiceNow PDI, go to **`User Administration > Users`**
2. Click **`New`** and fill in your partner's name and work email
3. Set their **`Department`** to `IT`
4. Click **`Save`**
**Step 3 — Moveworks: Grant your partner admin access** *(complete after Lab 2)*
Your partner must be ingested into the Moveworks roster (Lab 2) before you can assign them roles.
1. In My Moveworks, click the **grid icon** in the upper right corner
2. Select **`Roles and Permissions`**
3. Find your partner's name and assign them **all roles**
***
## ✅ 2: Verification & Next Steps
1. **Check Success:** Go to your Okta instance, and click the Moveworks application to confirm it redirects you to Moveworks on Web
***
## 🪞 3: Reflecting on This Configuration
Through this guide, you've learned the following:
* The difference between Moveworks **Temporary Access Links** (One-time) and **SSO Access** (Enterprise).
* One-Time → [my.moveworks.com/welcome](http://my.moveworks.com/welcome)
* SSO → Configured via an IDAM provider, such as Okta, Microsoft, or Google
* How to connect an IdP provider to Moveworks for SSO
* The importance of **User Assignments** within the IdP to grant platform access.
***
## ⚙️ 4: Configuration Details
Use the table below to fill in the required fields accurately.
| **Field Name** | **Action / Value to Enter** |
| --------------------------- | --------------------------------------------------------------------- |
| **Section 1.1:** | **Access Moveworks & Moveworks Setup** |
| **Work Email ID** | Your Work Email that you used to register for this lab |
| **Org Name** | `[moveworks-instance-name]` provisioned to you for this lab |
| **Section 1.2:** | **Setting up The Okta Trial Environment & Moveworks Application** |
| **Okta → Add Person** | Enter your Name + Email Address used to register for this lab session |
| **Application** | **Moveworks OIDC** |
| **Application Label** | Moveworks |
| **Subdomain** | `[moveworks-instance-name]` provisioned to you for this lab |
| **Data\_Center** | moveworks.com |
| **Assignment** | Ensure you have assigned your user to the application |
| **Section 1.4:** | **Setup My Moveworks Okta SSO** |
| **Moveworks Product** | studio |
| **Connector** | okta |
| **Authentication Protocol** | OIDC |
| **IDP redirect URL** | `https://[moveworks-instance-url].moveworks.com/login/sso/oidc` |
| **IDP Client ID** | The Client ID field from your Okta environment in step 1.2 |
| **IDP Client Secret** | The Client Secret field from your Okta environment in step 1.2 |