***
title: OneLogin Setup (OIDC)
excerpt: ''
deprecated: false
hidden: false
metadata:
title: ''
description: ''
robots: index
next:
description: ''
---------------
# Prerequisites
Before you edit your SSO configuration, make sure you are logged into MyMoveworks. Otherwise, you will not be able to log in and update your SSO configuration details.
**OneLogin SSO Prerequisites**
* Have administrator access to OneLogin. You should be able to access your portal at `https://{{your_subdomain}}.onelogin.com/admin2`
**Moveworks SSO Prerequisites**
* Your Moveworks Environment should be initialized in order to continue. (Verify with your Account Team if this has been completed)
* Note the following values.
* `data_center_domain` - the data center where your organization is hosted (see table below).
| Data Center | data\_center\_domain |
| :----------------------- | :---------------------------- |
| United States (default) | moveworks.com |
| Canada | am-ca-central.moveworks.com |
| EU | am-eu-central.moveworks.com |
| Australia / Asia Pacific | am-ap-southeast.moveworks.com |
| Government Secure Cloud | moveworksgov.com |
* `subdomain` - your organization's login subdomain. This should match your `customer_id`, which can be[verified from the General Information Page](/service-management/administration/organization-information).
Make sure to use the unique subdomain. For example, if you're organization's login subdomain is **acme.moveworks.com**, then your `subdomain` is **acme** and your `data_center_domain` is **moveworks.com** which is part of the US Data center.
* `customer_id` - The unique identifier for your organization . This is stored as **Org Name** under **Organization Details > General Information**
In exceptional cases where you would like Moveworks to support your organisation with a different subdomain value. Please reach out to Moveworks Support.
# Configuration Steps
## Create OIDC Application
1. Go to **Applications > Custom Connectors**
2. Click **New Connector** & fill out the details
* **Name**: `Moveworks`
* **Icon**:
* **Rectangular**
* **Square**
* **Sign on method**: `OpenID Connect`
* **Redirect URI**: `https://{{subdomain}}.{{data_center_domain}}/login/sso/oidc`
* **Post Logout Redirect URI**: `https://my.moveworks.com`
* **Signing Algorithm**: `RS256`
* **Login URL**: `https://{{subdomain}}.{{data_center_domain}}`
3. Go back to **Applications > Custom Connectors** and select **Add App to Connector** on your newly created Connector
4. Keep the Default Settings and hit **Save**
## Add OIDC Configuration in MyMoveworks
1. Copy your OIDC Configuration Variables\
* **Client ID**: This is your `idp_client_id`
* **Show client secret**: Click this to see your `idp_client_secret`
* **Issuer URL**: This is your `idp_issuer`
2. Navigate to SSO Settings in MyMoveworks
3. If you already see a `studio` config, edit it. Otherwise, choose **Create**.
4. Add your configuration using the values you've noted above
* **Moveworks Product**: `studio`
* **Select Connector**: `onelogin`
* **Authentication Protocol**: `OIDC`
* **IDP Redirect URL**: `https://{{subdomain}}.{{data_center_domain}}/login/sso/oidc`
* e.g. [https://acme.am-eu-central.moveworks.com/login/sso/oidc](https://acme.am-eu-central.moveworks.com/login/sso/oidc)
* **IDP Issuer**: `idp_issuer`(from Step 1)
* e.g. [https://acme.onelogin.com/oidc/2](https://acme.onelogin.com/oidc/2)
* **IDP Client Id**: `idp_client_id` (from Step 1)
* **IDP Client Secret**: `idp_client_secret` (from Step 1)
5. Click **Submit**.
6. Wait a few minutes, then attempt to log into your instance at `https://{{subdomain}}.{{data_center_domain}}`