Guides
DocumentationDeveloperAcademyCommunitySupportLogin

SAML Setup (General)

Suggest Edits

Prerequisites

SSO Prerequisites

  • Have sufficient privileges to create & configure a SAML application.

Moveworks SSO Prerequisites

  • Your Moveworks organization should be initialized (verify with your account team)

  • Note the following values.

    • data_center_domain - the data center where your organization is hosted (see table below).

    • subdomain - your organization's login subdomain. This will generally match your customer_id, but you can verify or customize it in General Information.

      🚧

      Warning

      Make sure you ONLY note your unique subdomain. For example, if you're organization's login subdomain is acme.moveworks.com, then your subdomain is acme and your data_center_domain is moveworks.com

    • [Optional] customer_id - unique identifier for your organization (can not be changed). This is stored as Org Name under Organization Details > General Information


Data Centerdata_center_domain
United States (default)moveworks.com
Canadaam-ca-central.moveworks.com
EUam-eu-central.moveworks.com
Australia / Asia Pacificam-ap-southeast.moveworks.com
Government Secure Cloudmoveworksgov.com

Configuration Steps

Create SAML Application

Go to your SSO Admin Portal & create a new "Security Assertion Markup Language" (SAML) application. Please configure your urls based on your Moveworks SSO properties.

  1. App Name: Moveworks.

  2. Sign-in Method: SAML 2.0 as the sign in method.

  3. SAML ACS URL: https://{{subdomain}}.{{data_center_domain}}/login/sso/saml

    📘

    Multiple URLs?

    Moveworks uses the same url for sending and receiving SAML Assertions. So you can use this SAML ACS URL for the following URLs

    • Single-sign on URL
    • Destination URL
    • Recipient URL.

  4. Audience URI (also called SP Entity ID): https://www.moveworks.com.

  5. Relay State: customer_id

  6. Application Icon:




Add SAML Configuration in MyMoveworks

  1. Note your SAML Configuration variables from your SSO platform

    • Identity Provider SSO URLidp_url
    • Identity Provider Issuer: idp_issuer
    • X.509 Certification: x509_certificate

  2. Navigate to SSO Settings in MyMoveworks

  3. If you already see a studio config, edit it. Otherwise, choose Create.

  4. Add your configuration using the values you've noted above

    • Moveworks Product: studio
    • Select Connector: moveworks or {{your_idp}}
    • Authentication Protocol: SAML
    • IDP Sign On / SSO URL: {{idp_url}} (From Step 1)
    • IDP Issuer: {{idp_url}}(From Step 1)
    • IDP Public Certificate: x509_certificate (From Step 1)

  5. Click Submit.

  6. Wait a few minutes, then attempt to log into your instance at https://{{subdomain}}.{{data_center_domain}}

Updated about 2 months ago