---
title: OneLogin Access Requirements
excerpt: ''
deprecated: false
hidden: false
metadata:
  title: ''
  description: ''
  robots: index
next:
  description: ''
---
## Why do we need access to your OneLogin instance?

The Moveworks service interacts with your OneLogin instance to carry out one or more of the following:

* fulfill employees' software provisioning requests;
* identify employees; and
* help employees reset passwords, unlock locked accounts, help employees reset their multi-factor authentication, and warn employees when their password is about to expire.

Note that not all Moveworks+OneLogin deployments handle all of the tasks mentioned above, and is dependent on customer-specific discovery.

## Service Account Needed:

A **service account** allows the Moveworks service to fulfill provisioning requests by adding users to roles in OneLogin. Create the API credential pair (client ID & client secret) and share with your Moveworks Customer Success team. This account must have the ***Manage Users*** permission in OneLogin.

[https://developers.onelogin.com/api-docs/1/getting-started/working-with-api-credentials](https://developers.onelogin.com/api-docs/1/getting-started/working-with-api-credentials)

Share the account credentials with your Moveworks Customer Success Team.

## What is the account used for:

* This account is used for the bot to be able to add users to OneLogin roles for Application Provisioning, identifying user attributes, and MFA Reset Functionality.