Configure Access Account
What is Access Account?
Moveworks Account Access provides users with a secure channel to self-service their login issues.
Access Account is composed of these key features:
- Unlock Account — Alert users when they’re locked out of their accounts and help them regain access.
- Password Reset — Help users with self-service password resets.
- MFA Reset — Help users initiate MFA resets when a mobile device is lost or replaced.
- Password Expiry — Notify users when their passwords are about to expire, and when their passwords have already expired.
- Contractor Expiry — Remind managers when contingent workers need to renew or extend their contracts.
Some of the above features can only be activated by a user messaging the bot (MFA Reset) or by a system event occurring (Contractor Expiry), while others can be activated by both (Unlock Account).
Setup Access Account
Account Unlock
Proactive Reachout Filter
Defines rules for notifying a user if their account is detected as locked.
Default Poller Interval Seconds
Represents the minimum wait time (in seconds) before the system polls again.
Account Unlock Poll Grace Period Seconds - [Advanced]
Sets the 'current' time value, this allows running the poller back in time for accommodating delayed records in the system.
Account Unlock Poller Maximum Look Back Seconds - [Advanced]
Determines how far back the system can check before proceeding, ensuring a balance between missing records and long response times.
MFA Reset
Knowledge Article Link
A link directing users to a detailed resource on setting up a new MFA factor, shown after completing the MFA reset sequence.
Login Path (full URL or a relative path)
A link for users to follow to establish a new MFA factor. This can be a complete URL or a relative one.
Reset Mode
Creates a possibility for users to reset their MFA factors, either all together or one by one.
Factor Support Filter
A DSL rule to decide whether to support specific factors within the context of 'factor'.
Forgot Password
Time Waited Before Delivering Link
Specifies the time delay (in seconds) between generating the password link and delivering it to the user.
Time Waited Before Closing the Ticket
Indicates the duration post-generation of a password link, after which the corresponding ticket is closed.
Change Password
Confirm User OS
Before initiating the 'change password' API action, the User Operating System is asked for verification.
Expired Password
Password Lifespan
Shows the duration (in seconds) a user's password remains valid before it necessitates changing.
Change Password Notification Settings
Time Before Sending Password Reset Notifications
Sets the time duration before the user starts receiving password reset reminders. Notifications are sent as per a predefined schedule.
Portal URL
If enabled, users are redirected to this URL.
Redirect User to Portal for These Requests
Offers an option to redirect users to an external portal for self-service on requests. Dialogues can be customized.
Bidding
Account Bidding Config
This setting manages the bidding rules for utterances related to forgotten passwords and locked accounts.
Integration Id
Defines the Identity Management (IDM) system to execute necessary API actions.
Example: "okta", "onelogin" or "active_directory" can be selected as per the system in use.
Controlled Entities
A collection of entity names that help in understanding the ownership of systems. If the same entity is controlled by two systems, it is assigned to the system that references it first. An empty field renders standard entities based on the type of system selected.
Example: If "okta" controls the "slack_password" entity and a user requests a password reset for Slack, the access account flow initiates based on the Okta integration.
Controlled Entity Sets
A list of Entity sets which serve as shortcuts for standard groupings of entities.
Example: An entity set could be "Employee_Entities" which includes entities like "employee_id", "employee_role", "employee_name", etc.
MFA Bidding Config
This setting controls the bidding rules for utterances related to Multi-Factor Authentication (MFA).
Integration Id
Specifies the IDM system to perform necessary API actions for MFA related utterances.
Example: "okta", "duo", "onelogin", or "ping" can be chosen depending on the system in place.
Controlled Entities
Lists entity names to identify what system a particular entity belongs to. If an entity is controlled by two systems, it is assigned to the system that references it first. Leaving this field blank prompts us to use the standard set of entities for the selected system.
Example: If an entity like "slack_mfa" is controlled by "okta", any MFA issues in slack would trigger the relevant flow within the Okta system.
Controlled Entity Sets
These are pre-defined groups of entities that act as shortcuts for commonly grouped entities.
Example: An entity set could be "Security_Entities" bundling together entities like 'security_question', 'security_answer', 'security_code' etc.
Updated 4 months ago