A Microsoft Enterprise Agreement for Azure AD account is required to enable this SSO option.
Do you want to use single sign-on in Recruitee? To be able to use single sign-on in Recruitee, you need to have an already configured application on a supported authorization management platform. In this article, we explain how to do this for Azure Active Directory.
Create a new application for SSO in Azure Active Directory
1. Go to your administrator Dashboard in Azure Active Directory and go to Active Directory > Enterprise Applications
2. Click + Create your own application.
3. Type in a relevant name, select Non-gallery application, and click Create.
4. After this you're redirected to the newly created application Overview, go to Getting started via the left side menu and click Configure single sign-on (or click Single sign-on from the side menu).
5. Select SAML as the single sign-on method.
6. Click on the pencil icon to Edit step 1, the Basic SAML Configuration.
7. Add the following values and save:
Identifier (Entity ID): recruitee
Reply URL: https://auth.recruitee.com/sso/sp/consume/YOUR_COMPANY_NAME YOUR_COMPANY_NAME stands for your company subdomain from Recruitee (same that is used on Career Site) - it will be used for generating a unique SSO login URL for your users.
Sign on URL (optional): https://auth.recruitee.com/sso/sign-in/YOUR_COMPANY_NAME - fill in this field if you want to log in directly from Azure. This is the same link as the SSO login URL for your users.
📌 If you need to turn on SSO for multiple accounts, please, contact Support.
8. After you save the settings, click on the pencil icon to Edit step 2, the User Attributes & Claims.
9. Edit the values accordingly:
Required claim |
|
Unique User Identifier (Name ID) | user.userprinciplename |
Additional claims |
|
first_name | user.givenname |
last_name | user.surname |
user.userprinciplename |
📌 If guest accounts in your organization need access to Recruitee, you may have to edit the email attribute to the value user.mail instead.
Click Save. Users registering in your SSO-enabled company will have these fields pre-filled in the registration form.
10. Scroll down and click on the pencil icon to Edit step 3, the SAML Signing Certificate. Change the Signing Option to Sign SAML response. Save, and close the form.
11. Under step 3, download the Federation Metadata XML.
12. Log into Recruitee and go to Settings > Company Settings > SSO.
13. Select the default role for new users and upload the XML file under Upload file and SSO request.
⚠️ It is possible to change a user's role within Recruitee after they signed up. If you select a role that has restricted access to jobs/talent pools, like Reviewer, you will have to assign jobs/talent pools to new users manually within Recruitee.
14. Recruitee Support will contact you on when to activate your Single Sign-on integration.
15. In your Azure Active Directory, add or assign users, or a group of users, to the app to give them access to your SSO-enabled company in Recruitee.
Additional documentation
Read more on SSO configuration in Azure Active Directory support docs.