Azure OIDC SSO Setup Guide for EXI

Azure App Setup Instructions

  1. Go to the to create an Applications.

  2. Click on App registrations.

  3. Select New Registration in the next screen.

Configure the application

  1. Specify a name for the application. We recommend using your Employee Experience Insights.
  2. Configure the application.
    1. Choose Accounts in this organizational directory only.
    2. Select Web.
    3. Use as the Sign-in redirect URL.
      1. For Govcloud implementations, use:

Select options as shown below.

Generate idp_secret

  1. Go to Certificates & secrets on the left.
  2. Click New client secret.
  3. Add Description and Expires. 24 months is our recommended option to go with as it is the longest time possible. You can have multiple secrets at once, so before one expires you can create another for a seamless cutover.

    Can we replace this image with one that says "Moveworks Experience Insights" instead of "mw4web"

Once the secret is created, copy the value and send it to your Moveworks Customer Success team. Note that this value is only accessible at the time of creation. You will need to create a new one if the previous one isn’t saved before leaving the page.

Grant tenant level user consent to the app

  1. Go to Azure Active Directory.
  2. Go to Enterprise Application under Manage.
  3. Find the application just created and open.
  4. Go to Permissions and click Grant admin consent for .

Send information back to your Moveworks Customer Success team

  1. Your Moveworks Customer Success team should send you an encrypted email to obtain the following information:
    1. IDP Client ID
    2. IDP Issuer
    3. IDP Secret (saved locally in the previous steps)
  2. Obtain this information via the following methods:
    1. IDP Client ID
    2. IDP issuer

    3. IDP Secret (saved locally in the previous step)
  3. Obtain this information and reply to the encrypted email from your Customer Support team.