Documentation
DocumentationDeveloperAcademyCommunitySupportLogin

Okta SSO Configuration Guide for Non-US Commercial Regions (OIDC)

Suggest Edits

🚧

This guide is deprecated

Please see our updated Okta Installation Guide (🔗)

Before you begin

  • Ensure you have Admin Access to your Okta instance.

  • You have collected the CUSTOMER_ID under Organization Details > General Information.

    • This is the unique identifier for your organization . This is stored as Org Name

      ❗️

      The Org name cannot be changed. Once set, the same value should be used in all cases.

      In exceptional cases where you would like Moveworks to support your organisation with a different subdomain value. Please reach out to Moveworks Support.

Okta App Setup Instructions

  1. Go to the screen in Okta that allows you to create Applications.
  2. Click on Create App Integration.
  1. Select OIDC - OpenID Connect in the next screen.

  1. Specify a name for the application.

  2. Add the logo for Moveworks application

  3. Identify the appropriate Sign-in Redirect URI and Login URI for your environment from the table below, replacing the CUSTOMER_ID with the value for your org which was collected as part of the Prerequisites.

RegionSign-in Redirect URILogin URI
United States (default)https://CUSTOMER_ID.moveworks.com/login/sso/oidchttps://CUSTOMER_ID.moveworks.com
Canadahttps://CUSTOMER_ID.am-ca-central.moveworks.com/login/sso/oidchttps://CUSTOMER_ID.am-ca-central.moveworks.com
EUhttps://CUSTOMER_ID.am-eu-central.moveworks.com/login/sso/oidchttps://CUSTOMER_ID.am-eu-central.moveworks.com
Australia / Asia Pacifichttps://CUSTOMER_ID.am-ap-southeast.moveworks.com/login/sso/oidchttps://CUSTOMER_ID.am-ap-southeast.moveworks.com
Government Secure Cloudhttps://CUSTOMER_ID.moveworksgov.com/login/sso/oidchttps://CUSTOMER_ID.moveworksgov.com
  1. Enter the values as shown below and hit Save.
  1. Go back to General Settings and uncheck Require consent.
  1. In order to allow customer users to login without manually inputting email, set a Initiate login URI from the table below based on the Region you are setup in. Replacing the CUSTOMER_ID with the value for your org which was collected as part of the Prerequisites.
RegionSign-in Redirect URILogin URI
United States (default)https://CUSTOMER_ID.moveworks.com/login/sso/oidchttps://CUSTOMER_ID.moveworks.com
Canadahttps://CUSTOMER_ID.am-ca-central.moveworks.com/login/sso/oidchttps://CUSTOMER_ID.am-ca-central.moveworks.com
EUhttps://CUSTOMER_ID.am-eu-central.moveworks.com/login/sso/oidchttps://CUSTOMER_ID.am-eu-central.moveworks.com
Australia / Asia Pacifichttps://CUSTOMER_ID.am-ap-southeast.moveworks.com/login/sso/oidchttps://CUSTOMER_ID.am-ap-southeast.moveworks.com
Government Secure Cloudhttps://CUSTOMER_ID.moveworksgov.com/login/sso/oidchttps://CUSTOMER_ID.moveworksgov.com

Finish the Moveworks side of the integration

After setup is complete, provide the following information to your Customer Success team.

  1. Go to the General tab.
  1. Share the idp_client_id , idp_secret , and idp_issuer with your Customer Success team. The idp_issuer is not in the Okta settings, but it should be based on your Okta instance name (e.g. If you login at https://example.okta.com , then share that value for your idp_issuer ).

Updated 11 days ago