Okta (MFA, Unlock, Identity) Access Requirements

Why do we need access to your Okta instance?

The Moveworks service interacts with your Okta instance to carry out one or more of the following:

  • Identify employees
  • Help employees reset passwords
  • Unlock locked accounts
  • Help employees reset their multi-factor authentication
  • Warn employees when their password is about to expire

Note that not all Moveworks+Okta deployments handle all of the tasks mentioned above. In some deployments, password and account issues are handled through Moveworks' direct interaction with Active Directory.

Service Account Permissions Needed:

The service account in Okta allows the Moveworks service to fulfill provisioning requests by adding users to groups in Okta. Create a bot service account dedicated to Moveworks and save the API token of this account for Moveworks configuration. Note: Moveworks does not need the credentials of this service account, the token is sufficient for integration.

  • Help Desk Admin (Required to Unlock User Account and/or Reset MFA)
  • Reports Admin (Required for Account Unlock Detection)

What is the account used for

  • This account is used for the bot to be able to add users to Okta groups for app provisioning and identifying user attributes when interacting with the bot.

Providing the Credentials

Once you have obtained the credentials, please notify your Customer Success team. They will provide an encrypted method of transferring the information. You may also opt for your preferred method if necessary.