OIDC Setup (General)

Prerequisites

🚧
Making edits?
Before you edit your SSO configuration, make sure you are logged into MyMoveworks. Otherwise, you will not be able to log in and update your SSO configuration details.

SSO Prerequisites

Have sufficient privileges to create & configure an OIDC application.

Moveworks SSO Prerequisites

Your Moveworks organization should be initialized (verify with your account team)
Note the following values.
- data_center_domain - the data center where your organization is hosted (see table below).
- subdomain - your organization's login subdomain. This will generally match your customer_id, but you can verify or customize it in General Information.
  
  🚧
  Warning
  Make sure you ONLY note your unique subdomain. For example, if you're organization's login subdomain is acme.moveworks.com, then your subdomain is acme and your data_center_domain is moveworks.com
- [Optional] customer_id - unique identifier for your organization (can not be changed). This is stored as Org Name under Organization Details > General Information

Data Center	data_center_domain
United States (default)	moveworks.com
Canada	am-ca-central.moveworks.com
EU	am-eu-central.moveworks.com
Australia / Asia Pacific	am-ap-southeast.moveworks.com
Government Secure Cloud	moveworksgov.com

Configuration Steps

Create OIDC Application

Go to your SSO Admin Portal & create a new OpenID Connect (OIDC) application. Please configure your redirect and login urls based on your Moveworks SSO properties.

App Name: Moveworks.
Sign-in Method: OpenID Connect as the sign in method.
Login URL (aka Home Page URL): https://{{subdomain}}.{{data_center_domain}}
Redirect URL: https://{{subdomain}}.{{data_center_domain}}/login/sso/oidc
Application Icon:

Add OIDC Configuration in MyMoveworks

Note your OIDC Configuration variables from your SSO platform
- Issuer URL: (called idp_issuer)
- Client ID: (called idp_client_id)
- Client Secret (called idp_client_secret)
Navigate to SSO Settings in MyMoveworks
If you already see a studio config, edit it. Otherwise, choose Create.
Add your configuration using the values you've noted above
- Moveworks Product: studio
- Select Connector: moveworks or {{your_idp}}
- Authentication Protocol: OIDC
- IDP Redirect URL: https://{{subdomain}}.{{data_center_domain}}/login/sso/oidc
  - e.g. https://acme.am-eu-central.moveworks.com/login/sso/oidc
- IDP Issuer: idp_issuer(from Step 1)
  - e.g. https://login.microsoftonline.com/9ed5798c-9bbe-471c-8005-7658c9846400/v2.0
- IDP Client Id: idp_client_id (from Step 1)
- IDP Client Secret: idp_client_secret (from Step 1)
Click Submit.
Wait a few minutes, then attempt to log into your instance at https://{{subdomain}}.{{data_center_domain}}

Updated 3 months ago

Did this page help you?

Prerequisites

🚧Making edits?

🚧Warning

Configuration Steps

Create OIDC Application

Add OIDC Configuration in MyMoveworks

🚧
Making edits?

🚧
Warning