Microsoft Entra (Azure AD) SSO Configuration Guide – OIDC

Before you start

  1. Ensure you have Access to the Azure Admin Portal with the appropriate IAM permissions in Azure to register a new Enterprise Application.

  2. Identify the appropriate Sign-in Redirect URI and Login URI for your data center from the table below, replacing the CUSTOMER_ID with the value for your org as provided by your CS Team.

Azure App Setup Instructions

  1. Go to the https://portal.azure.com/ where you can create new Applications.

  2. Click on App registrations.

  3. Select New Registration in the next screen.

Configure the application

  1. Specify a name for the application. We recommend using Moveworks.

  2. Add a logo for the Moveworks application

  3. Configure the application.

    1. Choose Accounts in this organizational directory only.

    2. Select Web.

    3. Specify the appropriate Sign-in redirect URL for your region

      1. Find your sign-in redirect URL here.

Setup Customer ID

⚠️

Make sure to get your Customer ID from your Customer Success Team before this step.

Click on the Branding & Properties tab, and set the Home page URL for your region

Generate idp_secret

  1. Go to Certificates & secrets on the left.

  2. Click New client secret.

  3. Add Description and Expires. 24 months is our recommended option to go with as it is the longest time possible. You can have multiple secrets at once, so before one expires you can create another for a seamless cutover.

  4. Once the secret is created, copy the value and send it to your Moveworks Customer Success team. Note that this value is only accessible at the time of creation. You will need to create a new one if the previous one isn’t saved before leaving the page.

Grant tenant level user consent to the app

  1. Go to Azure Active Directory.

  2. Go to Enterprise Application under Manage.

  3. Find the application just created and open.

  4. Go to Permissions and click Grant admin consent for Moveworks, Inc.

(Optional) Assign the app to employees in the Azure MyApps portal

  1. Navigate to the Creator Studio Prod Enterprise Application.

  2. From the Overview page, click on the Creator Studio Managed Application as shown below.

  3. From there, click Properties as shown below.

  4. From the Properties page, toggle the Assignment required field to Yes, and Visible to users field to Yes as shown below.

  5. Navigate to the Users and groups section and assign the app to all users that need access to it either directly or via a group.

  6. When your users navigate to the MyApps Portal after a few minutes, they should be able to see the app and login directly from there.

Finish Moveworks' side of the integration

After the above setup is complete, provide the following information to your Moveworks Customer Success team.

  1. Go the Overview in App registrations and then go the app you just created.

  2. Share the idp_client_id , idp_secret , and idp_issuer with your Customer Success team.

    1. idp_client_id

    2. idp_issuer

    3. idp_secret (saved locally in the previous step)