Prerequisites

🚧

Making edits?

Before you edit your SSO configuration, make sure you are logged into MyMoveworks. Otherwise, you will not be able to log in and update your SSO configuration details.

OneLogin SSO Prerequisites

• Have administrator access to OneLogin. You should be able to access your portal at https://{{your_subdomain}}.onelogin.com/admin2

Moveworks SSO Prerequisites

• Your Moveworks Environment should be initialized in order to continue. (Verify with your Account Team if this has been completed)

• Note the following values.

  • data_center_domain - the data center where your organization is hosted (see table below).

    Data Center	data_center_domain
    United States (default)	moveworks.com
    Canada	am-ca-central.moveworks.com
    EU	am-eu-central.moveworks.com
    Australia / Asia Pacific	am-ap-southeast.moveworks.com
    Government Secure Cloud	moveworksgov.com

  • subdomain - your organization's login subdomain. This should match your customer_id, which can beverified from the General Information Page.

    🚧

    Warning

    Make sure to use the unique subdomain. For example, if you're organization's login subdomain is acme.moveworks.com, then your subdomain is acme and your data_center_domain is moveworks.com which is part of the US Data center.

  • customer_id - The unique identifier for your organization . This is stored as Org Name under Organization Details > General Information

    

    ❗️

    The Org name cannot be changed. Once set, the same value should be used in all cases.

    In exceptional cases where you would like Moveworks to support your organisation with a different subdomain value. Please reach out to Moveworks Support.

Configuration Steps

Create OIDC Application

1. Go to Applications > Custom Connectors

   

2. Click New Connector & fill out the details

   • Name: Moveworks

   • Icon:

     • Rectangular

       
       

     • Square

       
       

   • Sign on method: OpenID Connect

   • Redirect URI: https://{{subdomain}}.{{data_center_domain}}/login/sso/oidc

   • Post Logout Redirect URI: https://my.moveworks.com

   • Signing Algorithm: RS256

   • Login URL: https://{{subdomain}}.{{data_center_domain}}

3. Go back to Applications > Custom Connectors and select Add App to Connector on your newly created Connector

   

4. Keep the Default Settings and hit Save

   

Add OIDC Configuration in MyMoveworks

1. Copy your OIDC Configuration Variables
   

   • Client ID: This is your idp_client_id
   • Show client secret: Click this to see your idp_client_secret
   • Issuer URL: This is your idp_issuer

2. Navigate to SSO Settings in MyMoveworks

   

3. If you already see a studio config, edit it. Otherwise, choose Create.

4. Add your configuration using the values you've noted above

   • Moveworks Product: studio
   • Select Connector: onelogin
   • Authentication Protocol: OIDC
   • IDP Redirect URL: https://{{subdomain}}.{{data_center_domain}}/login/sso/oidc
     • e.g. https://acme.am-eu-central.moveworks.com/login/sso/oidc
   • IDP Issuer: idp_issuer(from Step 1)
     • e.g. https://acme.onelogin.com/oidc/2
   • IDP Client Id: idp_client_id (from Step 1)
   • IDP Client Secret: idp_client_secret (from Step 1)

5. Click Submit.

6. Wait a few minutes, then attempt to log into your instance at https://{{subdomain}}.{{data_center_domain}}