For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Logo
DeveloperAcademyCommunityStatus
  • Service Management
    • Overview
    • Concierge & Ticketing Capabilities Overview
    • Forms
    • Forms - Integration Specific Guides
    • Live Agent Chat / Handoff
    • Triage
    • Approval Mirroring
    • Ticket Interception
    • Generic Ticketing Integration: Ticket Gateway
  • Administration
    • MyMoveworks
    • Organization Information
    • Roles and Permissions
    • MyMoveworks SSO
  • Moveworks Setup
    • Accessing Moveworks Setup
    • First-Time Login via Magic Link
    • Moveworks Setup Modules
    • Moveworks Setup: Module How To Guides
    • Plugin Management
    • Monitor Alerts
    • Audit Logs
    • DSL Fields Defaults
    • Data Crawling View
    • API Playground
    • Setup Homepage
    • Troubleshooting Hub
    • Security and Privacy Settings
    • Configuration Delete
    • Advanced Config Editor
    • Identity configuration
    • Onboarding Stage
  • Security
    • Security
    • Hyperlink & Button Expiry
    • Attachment Handling
    • Moveworks Subprocessors
  • Provision Management
    • Overview
    • Access Software
    • Access Groups
    • Access Account
  • Access Requirements
    • Overview
    • Update Set Modules
    • Ticketing Systems & ITSMs Access
    • Identity and Access Management Systems Access
      • Active Directory & OpenLDAP Access Requirements
      • Microsoft 365 Access Requirements
      • Okta (Standard Level) Access Requirements
      • Okta Access Requirements
      • OneLogin Access Requirements
    • Multi-Factor Authentication (MFA) Systems Access
    • Knowledge Access Requirements
    • Email Distribution List Systems Access
    • Facilities Management Access
    • Live Agent Chat Access
    • HR Information System Access
    • Expense Management Access
    • Calendar Management Access
  • Core Platform
    • User Identity
    • Moveworks On-Prem Agent
    • Approvals Engine
    • Entity Catalog
    • Configuration Languages
    • Moveworks Data Objects
    • SIEM
  • Employee Experience Insights
    • Overview
    • Breaking Down the Dashboard
    • Understanding Industry Benchmarks
    • Apps & Services
    • Impact Module
    • EXI Common Use Cases
    • Configure EXI
    • Ticket Backpolling
  • Knowledge Studio
    • Overview
    • Knowledge Studio Configuration
    • AI Powered Recommendations
    • Inspecting & Verifying Sources
    • Publishing Articles
    • Creating Knowledge Articles
    • Resolving IT Tickets Guidance
DeveloperAcademyCommunityStatus
On this page
  • Why do we need access to your Okta instance?
  • Service Account Permissions Needed:
  • For organizations where Moveworks integrates with Okta to give employees access to software, the API token must have the following permissions in Okta:
  • For organizations where Moveworks integrates with Okta to help employees with passwords, account unlock, and multi-factor reset, the API token must have the following permissions in Okta:
  • What is the account used for:
  • Providing the Credentials
Access RequirementsIdentity and Access Management Systems Access

Okta (Standard Level) Access Requirements

||View as Markdown|
Was this page helpful?
Edit this page
Previous

Okta Access Requirements

Next
Built with

Why do we need access to your Okta instance?

The Moveworks service interacts with your Okta instance to carry out one or more of the following:

  • fulfill employees’ software provisioning requests;
  • identify employees; and
  • help employees reset passwords, unlock locked accounts, help employees reset their multi-factor authentication, and warn employees when their password is about to expire.

Note that not all Moveworks+Okta deployments handle all of the tasks mentioned above. In some deployments, password and account issues are handled through Moveworks’ direct interaction with Active Directory.

Service Account Permissions Needed:

The service account in Okta allows the Moveworks service to fulfill provisioning requests by adding users to groups in Okta. Create a bot service account dedicated to Moveworks and share the API token of this account with your Moveworks Customer Success team. Moveworks does not need the credentials of this service account, the token is sufficient for the integration.

For organizations where Moveworks integrates with Okta to give employees access to software, the API token must have the following permissions in Okta:

  • Group Admin
Scoping down the Group Admin Role

Within Okta, optionally, you can chose to constrain the Group Admin Role to only allow it to operate on a specific subset of groups. This way, the Moveworks token can ONLY access the required groups you would like it to operate on.

For organizations where Moveworks integrates with Okta to help employees with passwords, account unlock, and multi-factor reset, the API token must have the following permissions in Okta:

  • Help Desk Admin
  • Report Admin

For more information on what permissions are entailed in each role, please refer to Okta’s documentation.

What is the account used for:

  • This account is used for the bot to be able to add users to Okta groups for app provisioning and identifying user attributes when interacting with the bot.

Providing the Credentials

Once you have obtained the credentials, please notify your Customer Success team. They will provide an encrypted method of transferring the information. You may also opt for your preferred method if necessary.