Moveworks for Web Installation - Okta OIDC
Installing Moveworks for Web with a Code Snippet and Okta OIDC
This method of installation allows you to embed Moveworks for Web on any webpage governed by Okta Single Sign-On (SSO), as long as the page supports HTML/JavaScript editing. This will create an Okta application that will allow you to copy a code snippet of the bot and paste it onto any page governed by Okta , and Moveworks for Web will just work, automatic authentication and all.
Prerequisite Questions
- Does the site/page you want to include Moveworks for Web on allow for HTML/JavaScript editing?
- If you want it to be everywhere on the site, does it support site templates, master pages, headers, footers, or other similar global page elements that support HTML/JavaScript editing?
- Is the site/page governed by Okta SSO?
- Ensure there is a tool owner with Super Admin access in your Okta instance
Installation Participants
On the day of installation, we need these individuals from your team on the call:
- Okta super admin
- Must be able to add a new application and make tenant-level configuration changes.
- Target host admin(s)
- Must be able to paste an HTML/JavaScript code snippet onto the target page or site.
Installation Overview
Moveworks can walk you through the Okta application installation on a call in about 15 minutes.
Setting up the Okta application is a one-time activity and from then on you are free to paste the code snippet onto any other site governed by your Okta OIDC at your convenience.
Moveworks will Provide the Following:
- Unique Customer Bot ID
Okta App Setup Instructions
Go to the screen that lets you create Applications.
Click on Create App Integration
Select OIDC - OpenID Connect in the next screen.
- Fill out the Settings page
- Specify a name for the application. We recommend using your bot’s name.
- Use as the Sign-in redirect URL:
Commercial Environment:https://webchat-kprod.moveworks.io/login/sso/oidc
GovCloud Environment:https://webchat.prod.am-usge1.moveworks.io/login/sso/oidc
EU Environment:https://webchat.prod.am-euc1.moveworks.io/login/sso/oidc
Canada Environment:https://webchat.prod.am-cac1.moveworks.io/login/sso/oidc - Specify as the Trusted Origin.
Commercial Environment:https://webchat-kprod.moveworks.io
GovCloud Environment:https://webchat.prod.am-usge1.moveworks.io
EU Environment:https://webchat.prod.am-euc1.moveworks.io
Canada Environment:https://webchat.prod.am-cac1.moveworks.io - Configure to be one of the following options:
Allow everyone in you organization to accessLimit access to selected groups
Select options as shown below.
Go back to General Settings and uncheck Require consent. Since the bot is doing silent authentication, the Require consent will block the bot auth flow and leave the bot invisible.
Finish the Moveworks side of the integration
After setup is complete, provide the following information to your CS team.
- The domains and URLs that will host the web bot (e.g.
www.moveworks.ai/*) - Client ID (idp_client_id)
- Client Secret (idp_secret)
- Okta Domain (idp_issuer)
- To get these information, Go to the General tab
Prepare code snippet
You will need to paste the following code snippet in your web page html body.
The highlighted red areas are provided based on your settings. bot_id is the unique bot ID provided by your CS team.
If your installation does not require any style overrides then use the following:
<script src="https://webchat-kprod.moveworks.io/script/<bot_id>" />
<script src="https://webchat.prod.am-usge1.moveworks.io/script/<bot_id>" />
<script src="https://webchat.prod.am-euc1.moveworks.io/script/<bot_id>" />
<script src="https://webchat.prod.am-cac1.moveworks.io/script/<bot_id>" />
Otherwise use the following:
<div id="webchat">
<script>
var script = document.createElement('script');
script.type = "text/javascript";
script.onload = function () {
window.mwwebchat.openMWWebChat(
'', <!--Leave this blank; this is for token-based deploys. -->
'<bot_id>',
{
serverUrl: 'https://webchat-kprod.moveworks.io/login/<bot_id>',
styles: '<optional, see below>'
},
);
};
script.src = 'https://webchat-kprod.moveworks.io/movewebchat-client-script.js';
document.getElementById('webchat').appendChild(script);
</script>
</div>
<div id="webchat">
<script>
var script = document.createElement('script');
script.type = "text/javascript";
script.onload = function () {
window.mwwebchat.openMWWebChat(
'', <!--Leave this blank; this is for token-based deploys. -->
'<bot_id>',
{
serverUrl: 'https://webchat.prod.am-usge1.moveworks.io/login/<bot_id>',
styles: '<optional, see below>'
},
);
};
script.src = 'https://webchat.prod.am-usge1.moveworks.io/movewebchat-client-script.js';
document.getElementById('webchat').appendChild(script);
</script>
</div>
<div id="webchat">
<script>
var script = document.createElement('script');
script.type = "text/javascript";
script.onload = function () {
window.mwwebchat.openMWWebChat(
'', <!--Leave this blank; this is for token-based deploys. -->
'<bot_id>',
{
serverUrl: 'https://webchat.prod.am-euc1.moveworks.io/login/<bot_id>',
styles: '<optional, see below>'
},
);
};
script.src = 'https://webchat.prod.am-euc1.moveworks.io/movewebchat-client-script.js';
document.getElementById('webchat').appendChild(script);
</script>
</div>
<div id="webchat">
<script>
var script = document.createElement('script');
script.type = "text/javascript";
script.onload = function () {
window.mwwebchat.openMWWebChat(
'', <!--Leave this blank; this is for token-based deploys. -->
'<bot_id>',
{
serverUrl: 'https://webchat.prod.am-cac1.moveworks.io/login/<bot_id>',
styles: '<optional, see below>'
},
);
};
script.src = 'https://webchat.prod.am-cac1.moveworks.io/movewebchat-client-script.js';
document.getElementById('webchat').appendChild(script);
</script>
</div>
- You can also added these optional parameters along with the serverURL. See below.
stylescontrols the position of the avatar
{
serverUrl: 'https://webchat-kprod.moveworks.io/login/<bot_id>',
styles: {
bottom: '0px',
right: '10px',
zIndex: 999,
},
},
{
serverUrl: 'https://webchat.prod.am-usge1.moveworks.io/login/<bot_id>',
styles: {
bottom: '0px',
right: '10px',
zIndex: 999,
},
},
{
serverUrl: 'https://webchat.prod.am-euc1.moveworks.io/login/<bot_id>',
styles: {
bottom: '0px',
right: '10px',
zIndex: 999,
},
},
{
serverUrl: 'https://webchat.prod.am-cac1.moveworks.io/login/<bot_id>',
styles: {
bottom: '0px',
right: '10px',
zIndex: 999,
},
},
Congrats! You did it! By pasting this onto a given page, or template for a page, the bot will appear if the user successfully authenticates. Authentication is seamless, and no login prompt will ever be seen by the user. If the user is not authenticated, the bot will simply not appear. This is true for all websites governed by Azure OIDC SSO, thus you are now free to paste this snippet anywhere that supports it.
By default, this behavior is NOT enabled for all users. Work with your CS team to first create an allowlist of users who can test the web bot before having them enable it to all users.
Updated about 2 months ago