Moveworks Setup - Access Account

What is Access Account?

Moveworks Account Access provides users with a secure channel to self-service their login issues.

Access Account is composed of these key features:

  • Unlock Account — Alert users when they’re locked out of their accounts and help them regain access.
  • Password Reset — Help users with self-service password resets.
  • MFA Reset — Help users initiate MFA resets when a mobile device is lost or replaced.
  • Password Expiry — Notify users when their passwords are about to expire, and when their passwords have already expired.
  • Contractor Expiry — Remind managers when contingent workers need to renew or extend their contracts.

Some of the above features can only be activated by a user messaging the bot (MFA Reset) or by a system event occurring (Contractor Expiry), while others can be activated by both (Unlock Account).

Setup Access Account

Account Unlock

Proactive Reachout Filter

Defines rules for notifying a user if their account is detected as locked.

Default Poller Interval Seconds

Represents the minimum wait time (in seconds) before the system polls again.

Account Unlock Poll Grace Period Seconds - [Advanced]

Sets the 'current' time value, this allows running the poller back in time for accommodating delayed records in the system.

Account Unlock Poller Maximum Look Back Seconds - [Advanced]

Determines how far back the system can check before proceeding, ensuring a balance between missing records and long response times.

MFA Reset

Knowledge Article Link

A link directing users to a detailed resource on setting up a new MFA factor, shown after completing the MFA reset sequence.

Login Path (full URL or a relative path)

A link for users to follow to establish a new MFA factor. This can be a complete URL or a relative one.

Reset Mode

Creates a possibility for users to reset their MFA factors, either all together or one by one.

Factor Support Filter

A DSL rule to decide whether to support specific factors within the context of 'factor'.

Forgot Password

Time Waited Before Delivering Link

Specifies the time delay (in seconds) between generating the password link and delivering it to the user.

Time Waited Before Closing the Ticket

Indicates the duration post-generation of a password link, after which the corresponding ticket is closed.

Change Password

Confirm User OS

Before initiating the 'change password' API action, the User Operating System is asked for verification.

Expired Password

Password Lifespan

Shows the duration (in seconds) a user's password remains valid before it necessitates changing.

Change Password Notification Settings

Time Before Sending Password Reset Notifications

Sets the time duration before the user starts receiving password reset reminders. Notifications are sent as per a predefined schedule.

Portal URL

If enabled, users are redirected to this URL.

Redirect User to Portal for These Requests

Offers an option to redirect users to an external portal for self-service on requests. Dialogues can be customized.


Account Bidding Config

This setting manages the bidding rules for utterances related to forgotten passwords and locked accounts.

Integration Id

Defines the Identity Management (IDM) system to execute necessary API actions.
Example: "okta", "onelogin" or "active_directory" can be selected as per the system in use.

Controlled Entities

A collection of entity names that help in understanding the ownership of systems. If the same entity is controlled by two systems, it is assigned to the system that references it first. An empty field renders standard entities based on the type of system selected.
Example: If "okta" controls the "slack_password" entity and a user requests a password reset for Slack, the access account flow initiates based on the Okta integration.

Controlled Entity Sets

A list of Entity sets which serve as shortcuts for standard groupings of entities.
Example: An entity set could be "Employee_Entities" which includes entities like "employee_id", "employee_role", "employee_name", etc.

MFA Bidding Config

This setting controls the bidding rules for utterances related to Multi-Factor Authentication (MFA).

Integration Id

Specifies the IDM system to perform necessary API actions for MFA related utterances.
Example: "okta", "duo", "onelogin", or "ping" can be chosen depending on the system in place.

Controlled Entities

Lists entity names to identify what system a particular entity belongs to. If an entity is controlled by two systems, it is assigned to the system that references it first. Leaving this field blank prompts us to use the standard set of entities for the selected system.
Example: If an entity like "slack_mfa" is controlled by "okta", any MFA issues in slack would trigger the relevant flow within the Okta system.

Controlled Entity Sets

These are pre-defined groups of entities that act as shortcuts for commonly grouped entities.
Example: An entity set could be "Security_Entities" bundling together entities like 'security_question', 'security_answer', 'security_code' etc.