For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Logo
DeveloperAcademyCommunityStatus
  • Service Management
    • Overview
    • Concierge & Ticketing Capabilities Overview
    • Forms
    • Forms - Integration Specific Guides
    • Live Agent Chat / Handoff
    • Triage
    • Approval Mirroring
    • Ticket Interception
    • Generic Ticketing Integration: Ticket Gateway
  • Administration
    • MyMoveworks
    • Organization Information
    • Roles and Permissions
    • MyMoveworks SSO
      • Okta SSO Setup
      • Microsoft Entra Setup
        • Microsoft Entra Installation Guide (OIDC)
        • Microsoft Entra Installation Guide (SAML)
      • OneLogin Setup (OIDC)
      • Google SSO Setup (SAML)
      • OIDC Setup (General)
      • SAML Setup (General)
      • SSO Troubleshooting
  • Moveworks Setup
    • Accessing Moveworks Setup
    • First-Time Login via Magic Link
    • Moveworks Setup Modules
    • Moveworks Setup: Module How To Guides
    • Plugin Management
    • Monitor Alerts
    • Audit Logs
    • DSL Fields Defaults
    • Data Crawling View
    • API Playground
    • Setup Homepage
    • Troubleshooting Hub
    • Security and Privacy Settings
    • Configuration Delete
    • Advanced Config Editor
    • Identity configuration
    • Onboarding Stage
  • Security
    • Security
    • Hyperlink & Button Expiry
    • Attachment Handling
    • Moveworks Subprocessors
  • Provision Management
    • Overview
    • Access Software
    • Access Groups
    • Access Account
  • Access Requirements
    • Overview
    • Update Set Modules
    • Ticketing Systems & ITSMs Access
    • Identity and Access Management Systems Access
    • Multi-Factor Authentication (MFA) Systems Access
    • Knowledge Access Requirements
    • Email Distribution List Systems Access
    • Facilities Management Access
    • Live Agent Chat Access
    • HR Information System Access
    • Expense Management Access
    • Calendar Management Access
  • Core Platform
    • User Identity
    • Moveworks On-Prem Agent
    • Approvals Engine
    • Entity Catalog
    • Configuration Languages
    • Moveworks Data Objects
    • SIEM
  • Employee Experience Insights
    • Overview
    • Breaking Down the Dashboard
    • Understanding Industry Benchmarks
    • Apps & Services
    • Impact Module
    • EXI Common Use Cases
    • Configure EXI
    • Ticket Backpolling
  • Knowledge Studio
    • Overview
    • Knowledge Studio Configuration
    • AI Powered Recommendations
    • Inspecting & Verifying Sources
    • Publishing Articles
    • Creating Knowledge Articles
    • Resolving IT Tickets Guidance
DeveloperAcademyCommunityStatus
On this page
  • Prerequisites
  • Configuration Steps
  • Install Application
  • Configure Moveworks Settings
  • Enable User Access
  • Add SAML Configuration in MyMoveworks
AdministrationMyMoveworks SSOMicrosoft Entra Setup

Microsoft Entra Installation Guide (SAML)

||View as Markdown|
Was this page helpful?
Edit this page
Previous

OneLogin Setup (OIDC)

Next
Built with
SAML not recommended

Moveworks recommends that you set up your Microsoft Entra apps via OIDC. Our OIDC installation will provide a better experience. You can follow the instructions here (🔗).

Prerequisites

Making edits?

Before you edit your SSO configuration, make sure you are logged into MyMoveworks. Otherwise, you will not be able to log in and update your SSO configuration details.

Microsoft Entra Prerequisites

  • Ensure you have Access to the Azure Admin Portal with the appropriate IAM permissions in Azure to register a new Enterprise Application.

Moveworks SSO Prerequisites

  • Your Moveworks Environment should be initialized in order to continue. (Verify with your Account Team if this has been completed)

  • Note the following values.

    • data_center_domain - the data center where your organization is hosted (see table below).

      Data Centerdata_center_domain
      United States (default)moveworks.com
      Canadaam-ca-central.moveworks.com
      EUam-eu-central.moveworks.com
      Australia / Asia Pacificam-ap-southeast.moveworks.com
      Government Secure Cloudmoveworksgov.com

    • subdomain - your organization’s login subdomain. This should match your customer_id, which can beverified from the General Information Page.

      🚧 Warning

      Make sure to use the unique subdomain. For example, if you’re organization’s login subdomain is acme.moveworks.com, then your subdomain is acme and your data_center_domain is moveworks.com which is part of the US Data center.

    • customer_id - The unique identifier for your organization . This is stored as Org Name under Organization Details > General Information

      ❗️ The Org name cannot be changed. Once set, the same value should be used in all cases.

      In exceptional cases where you would like Moveworks to support your organisation with a different subdomain value. Please reach out to Moveworks Support.

Configuration Steps

Install Application

  1. Navigate to https://portal.azure.com

  2. Go to Enterprise applications and select New Application

  3. Search Moveworks, select our application, and select Create

Configure Moveworks Settings

  1. On the Single sign-on tab select SAML


  2. Select Edit for the Basic SAML Configuration (Step 1)

  3. Configure your SAML variables using your organization’s information and hit Save

    • Reply URL: https://{{subdomain}}.{{data_center_domain}}/login/sso/saml
    • Sign-on URL: https://{{subdomain}}.{{data_center_domain}}
    • Relay State: {{customer_id}}

  4. Select Edit for SAML Certificates next to Token signing certificate(Step 3)

  5. Validate that the following values are set

    • Signing Option: Sign SAML response and assertion
    • Signing Algorithm: SHA-256

Enable User Access

  1. Go to Manage > Properties

  2. Make sure that your app is visible to users.

Add SAML Configuration in MyMoveworks

  1. On the Single Sign-on tab, download your X.509 Certification (x509_certificate) by clicking on the Download link next to Certificate (Base64)

  2. Open the downloaded file in a text editor. It should look something like this.

    -----BEGIN CERTIFICATE-----
    ****************************************************************************
    ****************************************************************************
    ****************************************************************************
    ****************************************************************************
    ****************************************************************************
    ****************************************************************************
    ****************************************************************************
    *********************
    -----END CERTIFICATE-----

  3. From Step 4 in the Single Sign-on tab, copy the remaining SAML variables

    • Login URL: this is your idp_url
    • Microsoft Entra Identifier: this is your idp_issuer

  4. Navigate to SSO Settings in MyMoveworks

  5. If you already see a studio config, edit it. Otherwise, choose Create.

  6. Add your configuration using the values you’ve noted above

    • Moveworks Product: studio
    • Select Connector: ms_graph
    • Authentication Protocol: SAML
    • IDP Sign On / SSO URL: {{idp_url}} (From Step 3)
      • e.g. https://login.microsoftonline.com/c3662339-1217-4e03-ac19-15f31311cca7/saml2
    • IDP Issuer: {{idp_issuer}}(From Step 2)
      • e.g. https://sts.windows.net/c3662339-1217-4e03-ac19-15f31311cca7/
    • IDP Public Certificate: x509_certificate (From Step 1)

  7. Click Submit.

  8. Wait a few minutes, then attempt to log into your instance at https://{{subdomain}}.{{data_center_domain}}