Okta Installation Guide (OIDC)
Prerequisites
Okta SSO Prerequisites
- Have access to an Okta tenant
- Be an Okta administrator to that tenant
Moveworks SSO Prerequisites
-
Your Moveworks organization should be initialized (verify with your account team)
-
Note the following values.
-
data_center_domain
- the data center where your organization is hosted (see table below). -
subdomain
- your organization's login subdomain. This will generally match yourcustomer_id
, but you can verify or customize it in General Information.Warning
Make sure you ONLY note your unique subdomain. For example, if you're organization's login subdomain is acme.moveworks.com, then your
subdomain
is acme and yourdata_center_domain
is moveworks.com -
[Optional]
customer_id
- unique identifier for your organization (can not be changed). This is stored as Org Name under Organization Details > General Information
-
Data Center | data_center_domain |
---|---|
United States (default) | moveworks.com |
Canada | am-ca-central.moveworks.com |
EU | am-eu-central.moveworks.com |
Australia / Asia Pacific | am-ap-southeast.moveworks.com |
Government Secure Cloud | moveworksgov.com |
Configuration Steps
Install Application
-
Go to the Okta Admin screen that lets you create Applications.
-
Click on Browse App Catalog.
-
Search and select Moveworks.
-
Add a logo for the Moveworks application:
-
Click Add integration.
-
Set the Application Label as Moveworks and click Done.
Note: Make sure you get your
Customer ID
from your Customer Success Team before this next step.
Configure Moveworks Settings
-
On the General tab., add your
subdomain
,data_center_domain
, and optionally yourcustomer_id
Tip
You can leave
data_center_domain
blank if it is justmoveworks.com
In this example, my
data_center_domain
was am-eu-central.moveworks.com and mysubdomain
was acme.
Add OIDC Configuration in MyMoveworks
-
Copy the
Client ID
,Client secret
from the Sign On tab -
Copy the
idp_issuer
. This is not in the Okta settings, but it should be based on your Okta instance name (e.g. If you login athttps://acme.okta.com
, then youridp_issuer
ishttps://acme.okta.com
-
Navigate to SSO Settings in MyMoveworks
-
If you already see a
studio
config, edit it. Otherwise, choose Create. -
Add your configuration using the values you've noted above
- Moveworks Product:
studio
- Select Connector:
okta
ormoveworks
- Authentication Protocol:
OIDC
- IDP Redirect URL:
https://{{subdomain}}.{{data_center_domain}}/login/sso/oidc
- e.g.
https://acme.am-eu-central.moveworks.com/login/sso/oidc
- e.g.
- IDP Issuer:
idp_issuer
- e.g.
https://acme.okta.com
- e.g.
- IDP Client Id:
idp_client_id
(from Step 1) - IDP Client Secret:
idp_client_secret
(from Step 1)
- Moveworks Product:
-
Click Submit.
-
Wait a few minutes, then attempt to log into your instance at
https://{{subdomain}}.{{data_center_domain}}
Updated about 2 months ago