Control Center Okta SAML-based SSO Access Requirements

ℹ️

Control Center should now be accessed through My Moveworks

Please set up the My Moveworks SSO app instead.

See here for more details: https://help.moveworks.com/docs/my-moveworks-overview.

This document describes the steps required to set up the Moveworks Control Center as a SAML application in Okta. Doing this will allow employees in your organization to access the Moveworks Control Center through their Okta dashboard, in the same way as they use single sign-on to access other apps they use.

Benefits

Currently, to use the Moveworks Control Center, users must log in through the Moveworks Customer Portal, a standalone Okta instance for Moveworks customers (https://trust-mw.okta.com). This requires users to manage an additional set of credentials (username/password), separate from those they use for their organization’s single sign-on system. This can lead to problems and lost productivity due to forgotten or expired passwords. By setting up the Control Center as a SAML application, users no longer need to manage another set of credentials - they can simply log in through their organization’s Okta instance.

Prerequisite

  • Super Admin access to Okta instance is required to complete the instructions below

Instructions

  1. Log in to your Okta org and navigate to the Admin user interface
  2. Navigate to Applications > Applications.
  3. Navigate to the Applications section of Okta, and click on Create App Integration.
  4. Select SAML 2.0 in the next screen.
  5. On the next screen, enter a name for the application (whatever you think will make sense to your organization’s users) and upload an image (Moveworks will provide a standard logo image to use, but you can use any image you like). You can ignore the App visibility checkboxes. After you’re done, click Next.
  6. Configure the following details under SAML:
    1. Single sign on URL: https://admin.moveworks.com/login/sso/saml
    2. Audience URI: http://www.moveworks.ai
    3. Default Relay State: This will be provided by your Moveworks team, and should be the name of your organization.
    4. Name ID format: Select “EmailAddress”
    5. Application username: Select “Okta username”
    6. Update application username on: Select “Create and update”
  7. On the Feedback screen, make the following selections before clicking Finish:
    1. Are you a customer or partner? Select “I’m an Okta customer adding an internal app”.
    2. App type: Select “This is an internal app that we have created”.
  8. After clicking Finish, go to the Sign On tab and click on View SAML setup instructions.
  9. The details on the subsequent page shown will need to be sent to your Moveworks team in order to complete the configuration. Please copy each of the following 3 pieces of information and send them together in an encrypted email to your Moveworks team. If your organization does not have the capability to send encrypted emails, your Customer Success team can send you an encrypted email (using Virtru) to which you can respond with the information:
    1. Identity Provider Single Sign-On URL
    2. Identity Provider Issuer
    3. X.509 Certificate

Completion and Verification

Once the above information is provided to the Moveworks team, they will apply it into your organization’s Moveworks configurations. This will take 24-48 hours to take effect. After that, the Moveworks will officially re-route your organization’s authentication pathway for the Control Center to SAML, upon which they will notify you and ask you to verify that you can successfully log in through your organization’s Okta instance

(Optional) Customize the Chiclet Image

You can use the following image if you would like to customize the Control Center Chiclet image

Chiclet Image Link: https://res.cloudinary.com/dgkewixz2/image/upload/v1669914878/Documentation/Control_Center_SSO_Image.png