DocumentationDeveloperAcademyCommunitySupportLogin

Control Center Azure SAML-based SSO Access Requirements

Suggest Edits

Prerequisites

  1. Access to Azure Admin Portal
  2. Appropriate IAM permissions in Azure to create new Enterprise Application.

Instructions

  1. Navigate to Enterprise Applications in Azure AD (https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps) and select Select New Application.
  2. Select Create your own Application
  3. Select Non-gallery application
  4. After the resource finishes deploying (it may take a few seconds), then select Configure single sign-on
  5. Select SAML as the single sign-on method.
  6. Then enter the following SAML configuration, based on your environment, you will need to use the appropriate url for the environment you org is in.
    1. Entity ID: www.moveworks.ai
    2. Reply URL:
      1. Commercial Environment: https://admin.moveworks.com/login/sso/saml
        GovCloud Environment: https://admin.moveworksgov.com/login/sso/saml
        EU Environment: https://admin.prod.am-euc1.moveworks.io/login/sso/saml
        Canada Environment: https://admin.prod.am-cac1.moveworks.io/login/sso/saml
    3. Sign on URL: leave blank
    4. Relay State: {moveworks_org_name}
    5. Logout URL: leave blank
  7. Ensure the configuration was saved successfully, you should see this green icon on the top right, indicating it is successfully saved:
  8. Confirm the Unique User Identifier (name ID) is set. By default, this should be mail.
    1. Clarify with your Moveworks Customer Success team whether the identifier should be mail or userPrincipalName.
  9. Download the Base 64 Certificate and provide it to your Moveworks Customer Success team. The certificate file will look something like:
  10. Provide the following attributes to your Moveworks Customer Success team:
    1. Login URL
    2. Base 64 Certificate
    3. Screenshot of the SAML Configuration from the step above e.g:
  11. Assign users who should have access to the Moveworks Control Center application. Typically this is done using an Azure AD Security Group, but users can be assigned individually as well.

    1. 📘

      Note: Roles within the Control Center (e.g. users who have permission to send
      Employee Communications vs. draft-only users) must be set by your Moveworks
      Customer Success team.

Completion and Verification

Once the information collected above (downloaded certificate and Login URL) is provided, Moveworks will configure your organization’s SSO settings to re-route your organization’s SAML based SSO.

This will take 24-48 hours to take effect, upon which Moveworks will notify you and ask you to verify that you can successfully log into the Control Center interface. To login simply navigate to the relevant URL below, and then type in your email address:

Commercial Environment: https://admin.moveworks.com/sso
GovCloud Environment: https://admin.moveworksgov.com/sso
EU Environment: https://admin.prod.am-euc1.moveworks.io/sso
Canada Environment: https://admin.prod.am-cac1.moveworks.io/sso

Updated about 1 month ago