How to set up SSO with Microsoft Entra ID
Anna Nowak avatar
Written by Anna Nowak
Updated over a week ago

A Microsoft Enterprise Agreement for Microsoft Entra ID account is required to enable this SSO option.

Do you want to use single sign-on in Recruitee? To be able to use single sign-on in Recruitee, you need to have an already configured application on a supported authorization management platform. In this article, we explain how to do this for Microsoft Entra ID.

Create a new application for SSO in Microsoft Entra ID

1. Go to the Microsoft Entra ID portal and browse to Microsoft Entra ID and follow Identity > Applications > Enterprise applications.

2. Click + New application..

3. Type in a relevant name, select Non-gallery application, and click Create.

4. After this you're redirected to the newly created application Overview, go to Getting started via the left side menu and click Configure single sign-on (or click Single sign-on from the side menu).

5. Select SAML as the single sign-on method.

6. Click on the pencil icon to Edit step 1, the Basic SAML Configuration.

7. Add the following values and save:

📌 If you need to turn on SSO for multiple accounts, please, contact Support.

8. After you save the settings, click on the pencil icon to Edit step 2, the User Attributes & Claims.

9. Edit the values accordingly:

Required claim

Unique User Identifier (Name ID)

user.userprincipalname

Additional claims

first_name

user.givenname

last_name

user.surname

email

user.userprincipalname

📌 If guest accounts in your organization need access to Recruitee, you may have to edit the email attribute to the value user.mail instead.

Click Save. Users registering in your SSO-enabled company will have these fields pre-filled in the registration form.

10. Scroll down and click on the pencil icon to Edit step 3, the SAML Signing Certificate. Change the Signing Option to Sign SAML response. Save, and close the form.

11. Under step 3, download the Federation Metadata XML.

12. Log into Recruitee and go to Settings > Company Settings > SSO.

13. Select the default role for new users and upload the XML file under Upload file and SSO request.

⚠️ It is possible to change a user's role within Recruitee after they signed up. If you select a role that has restricted access to jobs/talent pools, like Reviewer, you will have to assign jobs/talent pools to new users manually within Recruitee.

14. Recruitee Support will contact you on when to activate your Single Sign-on integration. 

15. In your Microsoft Entra ID, add or assign users, or a group of users, to the app to give them access to your SSO-enabled company in Recruitee. 

Additional documentation

Read more on SSO configuration in Microsoft Entra ID support docs.

Did this answer your question?