Okta SSO Configuration Guide SAML

This document describes the steps required to set up the Moveworks as a SAML application in Okta. Doing this will allow employees in your organization to access the Moveworks Control Center through their Okta dashboard, in the same way as they use single sign-on to access other apps they use.


SAML is an alternative set up for you myMoveworks SSO set up. Some organizations want the flexibility of managing credentials without relying on OIDC automation or if other SSO credentials are getting authorized by SAML it can be easier to manage if myMoveworks authentication matches the other apps already provisioned.


  • Super Admin access to Okta instance is required to complete the instructions below


  1. Log in to your Okta org and navigate to the Admin user interface

  2. Navigate to Applications > Applications.

  3. Navigate to the Applications section of Okta, and click on Create App Integration.

  4. Select SAML 2.0 in the next screen.

  5. On the next screen, enter a name for the application (whatever you think will make sense to your organization’s users) and upload an image (Moveworks will provide a standard logo image to use, but you can use any image you like). You can ignore the App visibility checkboxes. After you’re done, click Next.

  6. Configure the following details under SAML:

    1. Single sign on URL: https://CUSTOMER_ID.moveworks.com/login/sso/saml (please ask your support or customer success team for your CUSTOMER_ID)
    2. Audience URI: http://www.moveworks.com
    3. Default Relay State: This will be provided by your Moveworks team, and should be the name of your organization.
    4. Name ID format: Select “EmailAddress”
    5. Application username: Select “Okta username”
    6. Update application username on: Select “Create and update”
  7. On the Feedback screen, make the following selections before clicking Finish:

    1. Are you a customer or partner? Select “I’m an Okta customer adding an internal app”.
    2. App type: Select “This is an internal app that we have created”.
  8. After clicking Finish, go to the Sign On tab and click on View SAML setup instructions.

  9. The details on the subsequent page shown will need to be sent to your Moveworks team in order to complete the configuration. Please copy each of the following 3 pieces of information and send them together in an encrypted email to your Moveworks team. If your organization does not have the capability to send encrypted emails, your Customer Success team can send you an encrypted email (using Virtru) to which you can respond with the information:

    1. Identity Provider Single Sign-On URL
    2. Identity Provider Issuer
    3. X.509 Certificate

Completion and Verification

Once the above information is provided to the Moveworks team, they will apply it into your organization’s Moveworks configurations. This will take 24-48 hours to take effect. After that, the Moveworks will officially re-route your organization’s authentication pathway for the Control Center to SAML, upon which they will notify you and ask you to verify that you can successfully log in through your organization’s Okta instance