Access RequirementsIdentity & Access Management

OneLogin Access Requirements

View as Markdown

Why do we need access to your OneLogin instance?

The Moveworks service interacts with your OneLogin instance to carry out one or more of the following:

  • fulfill employees’ software provisioning requests;
  • identify employees; and
  • help employees reset passwords, unlock locked accounts, help employees reset their multi-factor authentication, and warn employees when their password is about to expire.

Note that not all Moveworks+OneLogin deployments handle all of the tasks mentioned above, and is dependent on customer-specific discovery.

Service Account Needed:

A service account allows the Moveworks service to fulfill provisioning requests by adding users to roles in OneLogin. Create the API credential pair (client ID & client secret) and share with your Moveworks Customer Success team. This account must have the Manage Users permission in OneLogin.

https://developers.onelogin.com/api-docs/1/getting-started/working-with-api-credentials

Share the account credentials with your Moveworks Customer Success Team.

What is the account used for:

  • This account is used for the bot to be able to add users to OneLogin roles for Application Provisioning, identifying user attributes, and MFA Reset Functionality.