SAML: Generic SSO App Configuration

Before you start

Ensure you have Admin Access to your SSO portal.

Ask your Moveworks team for your CUSTOMER_ID: this is your organization's unique identifier which will be used to create branded urls for login.

Setup Instructions in SSO Portal

Go to your SSO's Admin Portal & create a new "Security Assertion Markup Language 2.0" (SAML) application. Please configure your redirect and login urls based on your region as follows

  1. App Name: Enter Moveworks.
  2. Sign-in Method: Select SAML 2.0 as the sign in method.
  3. SAML ACS URL (also called Single-sign on URL, destination url, recipient url): Moveworks uses the same url for sending and receiving SAML Assertions. Specify your SAML Assertion Consumer Service (ACS) URL based on your region below. Use United States as your default region, unless your organization is launched in a different data center region. Please ask your Moveworks Customer Success team for your region if you are unsure.
  1. Audience URI (also called SP Entity ID): Enter
  2. Default Relay State: Enter your CUSTOMER_ID from the previous step.
  1. (Optional) Download & upload the following Moveworks icon for your application:

Finish Moveworks’ side of the integration

After the above setup is complete, provide the following information to your Moveworks Customer Success team:

  1. Identity Provider (IDP) Single Sign-On URL: (called idp_sso_url)
  2. Issuer URL: (called idp_issuer)
  3. Issuer X.509 Certificate: (called idp_issuer_cert)
    1. Your certificate can be viewed or downloaded from your SSO app
    2. Your certificate should start with a -----BEGIN CERTIFICATE-----
    3. Your certificate should end with a -----END CERTIFICATE-----