For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Logo
DeveloperAcademyCommunityStatus
  • Service Management
    • Overview
    • Concierge & Ticketing Capabilities Overview
    • Forms
    • Forms - Integration Specific Guides
    • Live Agent Chat / Handoff
    • Triage
    • Approval Mirroring
    • Ticket Interception
    • Generic Ticketing Integration: Ticket Gateway
  • Administration
    • MyMoveworks
    • Organization Information
    • Roles and Permissions
    • MyMoveworks SSO
  • Moveworks Setup
    • Accessing Moveworks Setup
    • First-Time Login via Magic Link
    • Moveworks Setup Modules
    • Moveworks Setup: Module How To Guides
    • Plugin Management
    • Monitor Alerts
    • Audit Logs
    • DSL Fields Defaults
    • Data Crawling View
    • API Playground
    • Setup Homepage
    • Troubleshooting Hub
    • Security and Privacy Settings
    • Configuration Delete
    • Advanced Config Editor
    • Identity configuration
    • Onboarding Stage
  • Security
    • Security
    • Hyperlink & Button Expiry
    • Attachment Handling
    • Moveworks Subprocessors
  • Provision Management
    • Overview
    • Access Software
    • Access Groups
    • Access Account
      • How To Guide for Access Account Plugin
      • Azure Self Service Password Reset (SSPR) Access Requirements
      • Account Access Integration Specific Overview
        • Account Access Integration - Okta
        • Account Access Integration - Active Directory
        • Account Access Integration - Duo (MFA)
        • Account Access Integration - Ping Identity (MFA)
  • Access Requirements
    • Overview
    • Update Set Modules
    • Ticketing Systems & ITSMs Access
    • Identity and Access Management Systems Access
    • Multi-Factor Authentication (MFA) Systems Access
    • Knowledge Access Requirements
    • Email Distribution List Systems Access
    • Facilities Management Access
    • Live Agent Chat Access
    • HR Information System Access
    • Expense Management Access
    • Calendar Management Access
  • Core Platform
    • User Identity
    • Moveworks On-Prem Agent
    • Approvals Engine
    • Entity Catalog
    • Configuration Languages
    • Moveworks Data Objects
    • SIEM
  • Employee Experience Insights
    • Overview
    • Breaking Down the Dashboard
    • Understanding Industry Benchmarks
    • Apps & Services
    • Impact Module
    • EXI Common Use Cases
    • Configure EXI
    • Ticket Backpolling
  • Knowledge Studio
    • Overview
    • Knowledge Studio Configuration
    • AI Powered Recommendations
    • Inspecting & Verifying Sources
    • Publishing Articles
    • Creating Knowledge Articles
    • Resolving IT Tickets Guidance
DeveloperAcademyCommunityStatus
On this page
  • Okta
  • Unlock Account
  • Configuration options
  • Behind the Scenes
  • Password Reset
  • Behind the Scenes
  • MFA Reset
  • Configuration options
  • Behind the Scenes
Provision ManagementAccess AccountAccount Access Integration Specific Overview

Account Access Integration - Okta

||View as Markdown|
Was this page helpful?
Edit this page
Previous

Account Access Integration - Active Directory

Next
Built with

The Moveworks Account Access skill enables end users to resolve their login issues in a secure, self-service way via Okta.

Okta

Unlock Account

If enabled, this feature continuously polls your organization’s Okta system to check for account lockout events. Moveworks initiates a process to unlock user’s Okta account in response to the lockout event.

Configuration options

  • Frequency of Lockout Checks: By default, Moveworks checks (polls) Okta for locked out users every 30 seconds. This cadence can be customized (e.g. every 60 seconds, etc) by Moveworks on request.
  • Frequency of Account Lockout Notifications: Users are notified of an account lockout a maximum of four times a day, with a notification every six hours sent to the user via your organizations’s chat surface(s). The frequency of notifications (e.g. 4 reach outs per day) is also customizable.

Behind the Scenes

Moveworks communicates with Okta’s API over HTTPS to securely request account operations. For the most up-to-date information on Okta’s API, see Okta’s online documentation.

How does Moveworks identify locked out accounts?

Moveworks queries Okta’s System Log API for lockout events every 30 seconds, using the following search criteria:

eventType eq "user.account.lock" or eventType eq "user.session.start" and outcome.reason eq "LOCKED_OUT"

How does Moveworks unlock accounts?

The bot unlocks a user’s account with a LOCKED_OUT status and returns them to ACTIVE status by using the following API call: POST /api/v1/users/${userId}/lifecycle/unlock

Once unlocked, the user will be able to log back into Okta with their existing password.

Password Reset

If a user forgets their password, the Moveworks bot can help users reset it by giving the user a single-use link to the Okta forgot password portal. The actual password change happens in your organization’s ITSM system, so any existing security policies defined in Okta will apply.

Behind the Scenes

Moveworks utilizes the “Reset Password” method of the Okta Users API to generate a one-time use link to the Okta Reset Password portal where they can change their Okta password.

MFA Reset

When employees ask the bot to reset their Okta Verify MFA factors, Moveworks will initiate an Okta reset, by removing all factors associated with the user. Once the factors are removed, Moveworks will link the user to your organization’s Okta portal, where the user can log in. Once user’s log in, they will be prompted to set up a new MFA factor within Okta.

Configuration options

The Moveworks bot can be configured in one of two ways for the MFA Reset functionality:

  1. Allow the user to reset all factors in one step.
  2. Allow the user to choose which factor to reset. In this case, when the user clicks Yes, reset MFA, they will be given a list of their factors to choose from.

Behind the Scenes

Moveworks is able to reset employee’s Okta MFA by using the following API call: /users/{request.user_id}/lifecycle/reset_factors