A Microsoft Enterprise Agreement for Microsoft Entra ID account is required to enable this SSO option.
Do you want to use single sign-on in Recruitee? To be able to use single sign-on in Recruitee, you need to have an already configured application on a supported authorization management platform. In this article, we explain how to do this for Microsoft Entra ID.
Create a new application for SSO in Microsoft Entra ID
1. Go to the Microsoft Entra ID portal and browse to Microsoft Entra ID and follow Identity > Applications > Enterprise applications.
2. Click + New application..
3. Type in a relevant name, select Non-gallery application, and click Create.
4. After this you're redirected to the newly created application Overview, go to Getting started via the left side menu and click Configure single sign-on (or click Single sign-on from the side menu).
5. Select SAML as the single sign-on method.
6. Click on the pencil icon to Edit step 1, the Basic SAML Configuration.
7. Add the following values and save:
Identifier (Entity ID): tellent
Reply URL: https://auth.tellent.com/sso/sp/consume/YOUR_COMPANY_NAME YOUR_COMPANY_NAME stands for your company subdomain from Recruitee (same that is used on Career Site) - it will be used for generating a unique SSO login URL for your users.
Sign on URL (optional): https://auth.tellent.com/sso/sign-in/YOUR_COMPANY_NAME - fill in this field if you want to log in directly from Microsoft Entra ID. This is the same link as the SSO login URL for your users.
📌 If you need to turn on SSO for multiple accounts, please, contact Support.
8. After you save the settings, click on the pencil icon to Edit step 2, the User Attributes & Claims.
9. Edit the values accordingly:
Required claim |
|
Unique User Identifier (Name ID) | user.userprincipalname |
Additional claims |
|
first_name | user.givenname |
last_name | user.surname |
user.userprincipalname |
📌 If guest accounts in your organization need access to Recruitee, you may have to edit the email attribute to the value user.mail instead.
Click Save. Users registering in your SSO-enabled company will have these fields pre-filled in the registration form.
10. Scroll down and click on the pencil icon to Edit step 3, the SAML Signing Certificate. Change the Signing Option to Sign SAML response. Save, and close the form.
11. Under step 3, download the Federation Metadata XML.
12. Log into Recruitee and go to the Tellent Admin Center.
📌 If you don't see the Tellent Admin Center, make sure you are logged in via auth.tellent.com and that you have full permissions in your organisation.
13. In the Tellent Admin Center, click on "Set up SSO for your company".
14. Now click on "Continue to the next step".
15. Upload the XML file and click on "Continue to the next step".
16. Now enable the SSO for Recruitee and select the default role for new users. Click on "Start testing SSO" to finish the setup.
📌 After clicking on "Start testing SSO", then all users can sign-in with SSO, while the old login also remains accessible. When you're done testing, you can enable SSO for everyone, which means the old sign-in method will no longer work.
⚠️ It is possible to change a user's role within Recruitee after they signed up. If you select a role that has restricted access to jobs/talent pools, like Reviewer, you will have to assign jobs/talent pools to new users manually within Recruitee.
17. In your Microsoft Entra ID, add or assign users, or a group of users, to the app to give them access to your SSO-enabled company in Recruitee.
Additional documentation
Read more on SSO configuration in Microsoft Entra ID support docs.