Single sign-on (SSO) Overview
Anna Nowak avatar
Written by Anna Nowak
Updated over a week ago

SAML-based Single sign-on (SSO) gives members access to Recruitee through an identity provider (IDP) of your choice.

Recruitee integrates with SSO providers that support SAML2 (Security Assertion Markup Language). We support integrating with the following SSO providers:

  • Okta

  • Microsoft Entra ID

  • Google Apps

  • Auth0

📌 Integrating with other SSO providers supporting SAML2 is possible but has to be configured on the customer’s end entirely. Customers have been successful in setting up SSO with Duo SSO, Shibboleth, OneLogin, Keycloak, and JumpCloud.

You can start the SSO process for your Recruitee account by sending a request via Settings or contacting us. You will need to configure a new application within your SSO provider for Recruitee before SSO can be enabled for your account.

Check the following SSO provider-specific documentation with your IT team on how to set up an application for Recruitee in your SSO provider.


What does integrating SSO mean for your company?

Setting up SSO for your Recruitee account results in the following changes:

  1. Team members will need to be invited and sign in to Recruitee via your SSO provider. Users can also use the company-specific sign-in link to sign in. Make sure to share the company-specific link with your team members. Learn more about the sign-in process under Managing users.

  2. Former login credentials and a password reset will no longer work in Recruitee. Resetting passwords will need to be done via the SSO provider.

  3. For Private API integrations the auth_token will no longer work, so remember to switch to new Personal API Tokens.

  4. SSO login will only give you access to the company account that has SSO enabled (or multiple company accounts sharing the same certificate).

  5. If you work in multiple company accounts with and without SSO enabled and are logged in with SSO, switching between company accounts that don't have SSO enabled is not possible. The same for the other way around; while using your login credentials it is not possible to switch to company accounts that have SSO enabled. However, you will see the total number of companies that you have access to in your profile.


How to integrate SSO in your Recruitee account

In short, an administrator has to request SSO in their Recruitee Settings and upload the metadata XML file from the SSO provider. 

Requesting SSO  

1. In your SSO provider, add an application for Recruitee and generate a metadata XML file.

Follow the instructions for your specific tool:

3. Choose a default role for new users in Recruitee which you register via your SSO provider and upload the XML file under Upload file and SSO request button.

💡 You can change a user's role within Recruitee after they signed up. If you select a role that has restricted access to jobs/talent pools, like Reviewer, you will have to assign jobs/talent pools to new users manually within Recruitee.

4. Confirm your identity by providing a password or verification code.

5. Recruitee Support will contact you to coordinate when to enable your single sign-on integration.


Managing users

When you have SSO enabled in your account, you give and revoke access to team members in Recruitee via your SSO provider. If a coworker has access to the Recruitee application in your SSO provider, they'll be able to join your account.

You can also still add users via Recruitee, however, make sure to grant them access to the Recruitee application in your SSO provider as well.

⚠️ If you invite a person to Recruitee that hasn't been granted access to the Recruitee application in the SSO provider, this person will not be able to join your Recruitee account.

Access

When you add a new user to your SSO provider for Recruitee, they will have the default hiring role that you selected while requesting SSO. 

Based on this role, the new team member will have access to your Recruitee account. You can change their role or the jobs/talent pools they have access to, under Settings > Company > Team members.

If you add users via Recruitee, you can individually select roles and assign the jobs they should have access to in advance. However, make sure to grant them access to the Recruitee application in your SSO provider as well.

Signing in

Once added to the account, users have three different options to log into Recruitee.

Option 1:

1. Go to https://auth.recruitee.com/ and select SSO.

2. Fill in your email address.

📌 This is the email address you sign into your SSO provider with.

3. If you are already logged in to your SSO provider, you will be redirected to Recruitee instantly.

If you aren't logged in to your SSO provider yet, you will first be directed to do so. If the login is successful you will be redirected to Recruitee.

Option 2: If you have your company’s direct Sign-in URL you can skip steps 1 and 2 above and sign in to your SSO provider directly.

A Sign-in URL looks like this: auth.recruitee.com/sso/sign-in/[companyname]

Option 3: Depending on your SSO provider, you can also click on the Recruitee application in your provider's dashboard to be redirected to Recruitee.

Removing users

If you want to remove a user from Recruitee, you need to revoke their access rights in your SSO provider and delete them from Recruitee.

If you don't revoke access to Recruitee in your SSO provider, then the user may still be able to rejoin the account and access jobs.

Did this answer your question?