OKTA SSO Configuration Guide

Before you start

Make sure you have Super Admin access in your Okta instance.

Okta App Setup Instructions

Go to the screen that lets you create Applications.

Click on Create App Integration

Select OIDC - OpenID Connect in the next screen.

1. Specify a name for the application.
2. Configure the application.
   1. Use https://my.moveworks.com/login/sso/oidc as the Sign-in redirect URL .
   2. Specify https://my.moveworks.com as the Trusted Origin .
   3. Configure the access as preferred. This gates the bot access from Okta.

Select options as shown below.

1. Go back to General Settings > Edit and uncheck Require consent .

Set the Initiate login URI in General Setting to be https://my.moveworks.com/login/org/CUSTOMER_ID

Handoff to Moveworks

After the above setup is complete, provide the following information to your Customer Success Team.

1. Go to the General tab

   

2. Share the idp_client_id , idp_secret , and idp_issuer with your Customer Success Engineer. The idp_issuer is not in the Okta settings, but it should be based on your Okta instance name (e.g. If you login at https://example.okta.com , then share that value for your idp_issuer ).

   

Configuring for Custom Domains

If you are migrating to "mycompany.moveworks.com" for your login, please make the following changes to your configuration. This should be done live on a call with the Moveworks team to ensure success.

1. Update the Sign-in redirect URL. It should allow multiple redirect URLs. Please take the CUSTOMER_ID you used before and add the following URL to the list:

https://CUSTOMER_ID.moveworks.com/login/sso/oidc

2. Ask the Moveworks Team to finish the update. We'll need to configure our IDP Redirect URL. After that, you can start using your new domain.
3. Update the Initiate login URI . It should now be:

https://CUSTOMER_ID.moveworks.com