Prerequisites

SSO Prerequisites

• Have sufficient privileges to create & configure an OIDC application.

Moveworks SSO Prerequisites

• Your Moveworks organization should be initialized (verify with your account team)

• Note the following values.

  • data_center_domain - the data center where your organization is hosted (see table below).

  • subdomain - your organization's login subdomain. This will generally match your customer_id, but you can verify or customize it in General Information.

    🚧

    Warning

    Make sure you ONLY note your unique subdomain. For example, if you're organization's login subdomain is acme.moveworks.com, then your subdomain is acme and your data_center_domain is moveworks.com

  • [Optional] customer_id - unique identifier for your organization (can not be changed). This is stored as Org Name under Organization Details > General Information

    

    
    

Configuration Steps

Create OIDC Application

Go to your SSO Admin Portal & create a new OpenID Connect (OIDC) application. Please configure your redirect and login urls based on your Moveworks SSO properties.

1. App Name: Moveworks.

2. Sign-in Method: OpenID Connect as the sign in method.

3. Login URL (aka Home Page URL): https://{{subdomain}}.{{data_center_domain}}

4. Redirect URL: https://{{subdomain}}.{{data_center_domain}}/login/sso/oidc

5. Application Icon:

   
   

Add OIDC Configuration in MyMoveworks

1. Note your OIDC Configuration variables from your SSO platform

   • Issuer URL: (called idp_issuer)
   • Client ID: (called idp_client_id)
   • Client Secret (called idp_client_secret)

2. Navigate to SSO Settings in MyMoveworks

   

3. If you already see a studio config, edit it. Otherwise, choose Create.

4. Add your configuration using the values you've noted above

   • Moveworks Product: studio
   • Select Connector: moveworks or {{your_idp}}
   • Authentication Protocol: OIDC
   • IDP Redirect URL: https://{{subdomain}}.{{data_center_domain}}/login/sso/oidc
     • e.g. https://acme.am-eu-central.moveworks.com/login/sso/oidc
   • IDP Issuer: idp_issuer(from Step 1)
     • e.g. https://login.microsoftonline.com/9ed5798c-9bbe-471c-8005-7658c9846400/v2.0
   • IDP Client Id: idp_client_id (from Step 1)
   • IDP Client Secret: idp_client_secret (from Step 1)

5. Click Submit.

6. Wait a few minutes, then attempt to log into your instance at https://{{subdomain}}.{{data_center_domain}}