OIDC Setup (General)
Prerequisites
Making edits?
Before you edit your SSO configuration, make sure you are logged into MyMoveworks. Otherwise, you will not be able to log in and update your SSO configuration details.
SSO Prerequisites
- Have sufficient privileges to create & configure an OIDC application.
Moveworks SSO Prerequisites
-
Your Moveworks organization should be initialized (verify with your account team)
-
Note the following values.
-
data_center_domain- the data center where your organization is hosted (see table below). -
subdomain- your organization's login subdomain. This will generally match yourcustomer_id, but you can verify or customize it in General Information.Warning
Make sure you ONLY note your unique subdomain. For example, if you're organization's login subdomain is acme.moveworks.com, then your
subdomainis acme and yourdata_center_domainis moveworks.com -
[Optional]
customer_id- unique identifier for your organization (can not be changed). This is stored as Org Name under Organization Details > General Information
-
| Data Center | data_center_domain |
|---|---|
| United States (default) | moveworks.com |
| Canada | am-ca-central.moveworks.com |
| EU | am-eu-central.moveworks.com |
| Australia / Asia Pacific | am-ap-southeast.moveworks.com |
| Government Secure Cloud | moveworksgov.com |
Configuration Steps
Create OIDC Application
Go to your SSO Admin Portal & create a new OpenID Connect (OIDC) application. Please configure your redirect and login urls based on your Moveworks SSO properties.
-
App Name:
Moveworks. -
Sign-in Method:
OpenID Connectas the sign in method. -
Login URL (aka Home Page URL):
https://{{subdomain}}.{{data_center_domain}} -
Redirect URL:
https://{{subdomain}}.{{data_center_domain}}/login/sso/oidc -
Application Icon:
Add OIDC Configuration in MyMoveworks
-
Note your OIDC Configuration variables from your SSO platform
- Issuer URL: (called
idp_issuer) - Client ID: (called
idp_client_id) - Client Secret (called
idp_client_secret)
- Issuer URL: (called
-
Navigate to SSO Settings in MyMoveworks
-
If you already see a
studioconfig, edit it. Otherwise, choose Create. -
Add your configuration using the values you've noted above
- Moveworks Product:
studio - Select Connector:
moveworksor{{your_idp}} - Authentication Protocol:
OIDC - IDP Redirect URL:
https://{{subdomain}}.{{data_center_domain}}/login/sso/oidc - IDP Issuer:
idp_issuer(from Step 1) - IDP Client Id:
idp_client_id(from Step 1) - IDP Client Secret:
idp_client_secret(from Step 1)
- Moveworks Product:
-
Click Submit.
-
Wait a few minutes, then attempt to log into your instance at
https://{{subdomain}}.{{data_center_domain}}
Updated 11 days ago