Content Gateway

Connecting Your Gateway to Moveworks

View as Markdown

Overview

Once your Content Gateway server is deployed and reachable over HTTPS, follow these steps to connect it to Moveworks, verify ingestion, and configure access control.

If you haven’t deployed your gateway yet, start with the Starter Code guide.

Step 1 — Create the connector

  1. In Moveworks Setup, navigate to Core Platform > Connectors > Built-in Connectors.
  2. Select Content Gateway System.

Select Content Gateway System under Built-in Connectors

  1. Enter your gateway’s public base URL, set the authentication type to API Key, and paste the value of your GATEWAY_API_KEY. Save.

Step 2 — Configure ingestion

  1. Navigate to Enterprise Search > Configure Search > Classic Ingestion > Files.
  2. Click Create to configure a new ingestion using the connector you just created.

Files Settings — configure a new Content Gateway ingestion

  1. Save and trigger an initial sync.

To verify, navigate to Enterprise Search > Indexed Content > Files. Your documents should appear with Content Status and Permission Status of Indexed.

Indexed Content view showing crawled and indexed file counts

Initial ingestion typically completes within 30 minutes depending on document volume.

Step 3 — Configure resource permissions

Create a permission rule to tell Moveworks how to enforce access control on the ingested content.

  1. Navigate to Enterprise Search > Resource Permissions > Permission Rules.
  2. Click Create.

Permission Rules list

  1. Set Integration Id to your Content Gateway connector and Resource Type to file.
  2. Choose a Strategy Config based on your access requirements:
StrategyWhen to use
Rebac ConfigYour gateway returns per-document permissions and you want Moveworks to enforce them at query time. Requires your gateway to implement /v1/users, /v1/groups, and /v1/files/{id}/permissions.
Public to all members of the organizationAll ingested content should be accessible to every user — no per-document access control needed.

Strategy Config set to Rebac Config

Strategy Config set to Public to all members

  1. Save.

Step 4 — Add your gateway to the User Identity flow

If you chose ReBAC in Step 3, Moveworks needs to map the user identities in your gateway’s permission entries to authenticated Moveworks users.

  1. In Moveworks Setup, go to User Identity.
  2. Add your Content Gateway as an identity source.
  3. Save and trigger a sync.

Once configured, Moveworks will use the primary_email_addr field from your gateway’s /v1/users endpoint to resolve identities when checking document permissions.