A Microsoft Enterprise Agreement for Azure AD account is required to enable this SSO option.
Do you want to use single sign-on in Recruitee? In order to be able to use single sign-on in Recruitee, you need to have an already configured application on a supported authorization management platform. In this article we explain how to do this for Azure Active Directory.
Create a new application for SSO in Azure Active Directory
- Go to your administrator Dashboard in Azure Active Directory and click to Active Directory > Enterprise Applications
2. Click + New application
3. Select the Non-gallery application tile and type in a relevant name under Name and click Add.
4. After this you're redirected to the newly created application Overview, go to Getting started via the left side menu and click Configure single sign-on (or click Single sign-on from the side menu).
5. Select SAML as the single sign-on method.
6. Click on the pencil icon to Edit step 1, the Basic SAML Configuration.
7. In the Basic SAML Configuration add the following values and save:
- Identifier (Entity ID): recruitee
- Reply URL: https://auth.recruitee.com/sso/sp/consume/YOUR_COMPANY_NAME YOUR_COMPANY_NAME stands for your company subdomain from Recruitee (same that is used on Career Site) - it will be used for generating a unique SSO login URL for your users.
- Sign on URL (optional): https://auth.recruitee.com/sso/sign-in/YOUR_COMPANY_NAME - fill in this field if you want to log in directly from Azure. This is the same link as the SSO login URL for your users.
Note: If you need to turn on SSO for multiple accounts, please, contact Support.
8. After you saved the settings, click on the pencil icon to Edit step 2, the User Attributes & Claims.
9. Under User Attributes & Claims edit the values accordingly and Save. Users who register in your SSO-enabled company will have these fields pre-filled in the registration form.
10. After you saved the settings, scroll down and click on the pencil icon to Edit step 3, the SAML Signing Certificate. At Signing Option click on the dropdown menu and change it to Sign SAML response. After this Save and close the form.
11. From the App settings overview download the Federation Metadata XML, as a result an XML file will be downloaded.
12. After this login to Recruitee and go to Settings > Apps and Plugins > Single Sign-on.
13. Select the default role for new users and upload the XML file under Upload file and SSO request.
Important: It is possible to change a user's role within Recruitee after they signed up. If you select a role that has restricted access to jobs/talent pools, like reviewer, you will have to assign jobs/talent pools to new users manually within Recruitee.
14. Recruitee Support will contact you on when to activate your Single Sign-on integration.
15. In your Azure Active Directory add or assign users, or a group of users, to the app to give them access to your SSO-enabled company in Recruitee.
Read more on SSO configuration in Azure Active Directory support docs.