OneLogin Setup (OIDC)
Prerequisites
OneLogin SSO Prerequisites
- Have administrator access to OneLogin. You should be able to access your portal at
https://{{your_subdomain}}.onelogin.com/admin2
Moveworks SSO Prerequisites
-
Your Moveworks organization should be initialized (verify with your account team)
-
Note the following values.
-
data_center_domain
- the data center where your organization is hosted (see table below). -
subdomain
- your organization's login subdomain. This will generally match yourcustomer_id
, but you can verify or customize it in General Information.Warning
Make sure you ONLY note your unique subdomain. For example, if you're organization's login subdomain is acme.moveworks.com, then your
subdomain
is acme and yourdata_center_domain
is moveworks.com -
[Optional]
customer_id
- unique identifier for your organization (can not be changed). This is stored as Org Name under Organization Details > General Information
-
Data Center | data_center_domain |
---|---|
United States (default) | moveworks.com |
Canada | am-ca-central.moveworks.com |
EU | am-eu-central.moveworks.com |
Australia / Asia Pacific | am-ap-southeast.moveworks.com |
Government Secure Cloud | moveworksgov.com |
Configuration Steps
Create OIDC Application
-
Go to Applications > Custom Connectors
-
Click New Connector & fill out the details
-
Name:
Moveworks
-
Icon:
-
Rectangular
-
Square
-
-
Sign on method:
OpenID Connect
-
Redirect URI:
https://{{subdomain}}.{{data_center_domain}}/login/sso/oidc
-
Post Logout Redirect URI:
https://my.moveworks.com
-
Signing Algorithm:
RS256
-
Login URL:
https://{{subdomain}}.{{data_center_domain}}
-
-
Go back to Applications > Custom Connectors and select Add App to Connector on your newly created Connector
-
Keep the Default Settings and hit Save
Add OIDC Configuration in MyMoveworks
-
Copy your OIDC Configuration Variables
- Client ID: This is your
idp_client_id
- Show client secret: Click this to see your
idp_client_secret
- Issuer URL: This is your
idp_issuer
- Client ID: This is your
-
Navigate to SSO Settings in MyMoveworks
-
If you already see a
studio
config, edit it. Otherwise, choose Create. -
Add your configuration using the values you've noted above
- Moveworks Product:
studio
- Select Connector:
onelogin
- Authentication Protocol:
OIDC
- IDP Redirect URL:
https://{{subdomain}}.{{data_center_domain}}/login/sso/oidc
- IDP Issuer:
idp_issuer
(from Step 1) - IDP Client Id:
idp_client_id
(from Step 1) - IDP Client Secret:
idp_client_secret
(from Step 1)
- Moveworks Product:
-
Click Submit.
-
Wait a few minutes, then attempt to log into your instance at
https://{{subdomain}}.{{data_center_domain}}
Updated about 2 months ago