Okta (Read Only) Access Requirements

Why do we need access to your Okta instance?

The Moveworks service interacts with your Okta instance to carry out one or more of the following:

  • Identify employees
  • Notify employees of account lockout events
  • Notify employees of upcoming password expirations

Note that in a read only environment, Moveworks will not attempt to take an action directly for the user. In that case, the bot will provide instructions to the user, or direct the user to a preferred portal to execute the action of resetting a password or unlocking an account.

Service Account Permissions Needed:

The service account in Okta allows the Moveworks bot to read user profile information, account lockout events, and password expiration information. Create a bot service account dedicated to Moveworks and share the API token of this account with your Moveworks Customer Success team. Moveworks does not need the credentials of this service account, the token is sufficient.

The following role will be needed for the service account.

  • Read-only Admin

What is the account used for:

  • This account will be used to ingest user profile attributes to build out a profile of the user in the Moveworks system, and to monitor for events such as an account lock-out.

Providing the Credentials

Once you have obtained the credentials, please notify your customer success team. They will provide an encrypted method of transferring the information. You may also opt for your preferred method if necessary.