For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Logo
DeveloperAcademyCommunityStatus
  • Service Management
    • Overview
    • Concierge & Ticketing Capabilities Overview
    • Forms
    • Forms - Integration Specific Guides
    • Live Agent Chat / Handoff
    • Triage
    • Approval Mirroring
    • Ticket Interception
    • Generic Ticketing Integration: Ticket Gateway
  • Administration
    • MyMoveworks
    • Organization Information
    • Roles and Permissions
    • MyMoveworks SSO
      • Okta SSO Setup
      • Microsoft Entra Setup
      • OneLogin Setup (OIDC)
      • Google SSO Setup (SAML)
      • OIDC Setup (General)
      • SAML Setup (General)
      • SSO Troubleshooting
  • Moveworks Setup
    • Accessing Moveworks Setup
    • First-Time Login via Magic Link
    • Moveworks Setup Modules
    • Moveworks Setup: Module How To Guides
    • Plugin Management
    • Monitor Alerts
    • Audit Logs
    • DSL Fields Defaults
    • Data Crawling View
    • API Playground
    • Setup Homepage
    • Troubleshooting Hub
    • Security and Privacy Settings
    • Configuration Delete
    • Advanced Config Editor
    • Identity configuration
    • Onboarding Stage
  • Security
    • Security
    • Hyperlink & Button Expiry
    • Attachment Handling
    • Moveworks Subprocessors
  • Provision Management
    • Overview
    • Access Software
    • Access Groups
    • Access Account
  • Access Requirements
    • Overview
    • Update Set Modules
    • Ticketing Systems & ITSMs Access
    • Identity and Access Management Systems Access
    • Multi-Factor Authentication (MFA) Systems Access
    • Knowledge Access Requirements
    • Email Distribution List Systems Access
    • Facilities Management Access
    • Live Agent Chat Access
    • HR Information System Access
    • Expense Management Access
    • Calendar Management Access
  • Core Platform
    • User Identity
    • Moveworks On-Prem Agent
    • Approvals Engine
    • Entity Catalog
    • Configuration Languages
    • Moveworks Data Objects
    • SIEM
  • Employee Experience Insights
    • Overview
    • Breaking Down the Dashboard
    • Understanding Industry Benchmarks
    • Apps & Services
    • Impact Module
    • EXI Common Use Cases
    • Configure EXI
    • Ticket Backpolling
  • Knowledge Studio
    • Overview
    • Knowledge Studio Configuration
    • AI Powered Recommendations
    • Inspecting & Verifying Sources
    • Publishing Articles
    • Creating Knowledge Articles
    • Resolving IT Tickets Guidance
DeveloperAcademyCommunityStatus
On this page
  • FAQ
  • How do I grant users access to applications once SSO is set up?
  • Can I log into MyMoveworks without SSO?
  • How does Single Sign-On (SSO) work?
  • How does the Single Sign-On (SSO) session last?
  • What is my login URL to My Moveworks?
Administration

MyMoveworks SSO

||View as Markdown|
Was this page helpful?
Edit this page
Previous

Okta SSO Setup

Next
Built with

Users can use Single Sign-On (SSO) to log into MyMoveworks and access all applications from one portal. Your organization should have an SSO provider, which controls how you log into most of your applications.

We have detailed guides for common SSO setup experiences. Please ask your SSO administrator to complete the right guide for your organization.

  • Okta
  • Microsoft Entra (fka. Azure Active Directory)
  • OneLogin
  • Google

We also have generic guides if you do not see your SSO provider listed here

  • OpenID Connect (OIDC)
  • Security Assertion Markup Language (SAML)

FAQ

How do I grant users access to applications once SSO is set up?

There are two steps required to grant a user access

  1. Add them to the application in your SSO provider.
  2. Grant the user access to MyMoveworks applications in the Roles & Permissions module.
TIP: Integrate SSO Provisioning with Moveworks

When your users ask for access to MyMoveworks, you can send them to your AI Assistant Chatbot. From there, you can rely on our plugins to grant the user access.

  • You can use our Software Access plugin to integrate SSO provisioning directly with Moveworks
  • You can use our Forms plugin if you want to manage provisioning through your ITSM.
  • You can build your own plugin with Agent Studio.

Can I log into MyMoveworks without SSO?

No. You can only access MyMoveworks experiences over SSO.

How does Single Sign-On (SSO) work?

To make SSO possible, an identity provider (IdP) such as Okta or OneLogin must provide a central authentication server, which multiple applications can use to verify user identities. The authentication server validates user identities and confirms their identity to the application by providing an encrypted access token.

When a user first logs into an application, they are redirected to the IdP and are asked to provide their credentials, typically username and password.

For example, when signing in to an application, users can use two different identity providers to login: Application specific user name or Google. When users select one of the options, they are redirected to the relevant IdP to perform authentication.

The authentication server checks the user’s credentials against its central user directory, and if they are valid, starts an SSO session. Subsequently, the user can access the application for a predetermined period without logging in again.

When the user attempts to access another application from the trusted group, there is no need to request credentials again. The application requests authentication from the IdP, leveraging the open SSO session. The IdP provides an access token, and the application grants access to the user without showing the login screen again.

Here is an example of an SSO workflow:

  1. The user requests a resource from their desired application/website.
  2. The application/website redirects the user to the Identity Provider for authentication, using SAML, OpenID Connect, etc.
  3. The IdP authenticates the user and passes a token to the SSO server.
  4. The SSO server delivers the token to the application.
  5. The application grants access to the user.

How does the Single Sign-On (SSO) session last?

A single login session is active for 7 days. If you are logged out, simply navigate to https://admin.moveworks.com/sso and sign in with your email address.

What is my login URL to My Moveworks?

Your org’s login URL is dependent on your region. Replace org_name with the name of your Moveworks org name.

Data CenterLogin URL
United States (default)https://org_name.moveworks.com
Canadahttps://org_name.am-ca-central.moveworks.com
EUhttps://org_name.am-eu-central.moveworks.com
Australia / Asia Pacifichttps://org_name.am-ap-southeast.moveworks.com
Government Secure Cloudhttps://org_name.moveworksgov.com