A Microsoft Enterprise Agreement for Microsoft Entra ID account is required to enable this SSO option.
Do you want to use single sign-on in Recruitee? To be able to use single sign-on in Recruitee, you need to have an already configured application on a supported authorization management platform. In this article, we explain how to do this for Microsoft Entra ID.
Create a new application for SSO in Microsoft Entra ID
1. Go to the Microsoft Entra ID portal and browse to Microsoft Entra ID and follow Identity > Applications > Enterprise applications.
2. Click + New application..
3. Type in a relevant name, select Non-gallery application, and click Create.
4. After this you're redirected to the newly created application Overview, go to Getting started via the left side menu and click Configure single sign-on (or click Single sign-on from the side menu).
5. Select SAML as the single sign-on method.
6. Click on the pencil icon to Edit step 1, the Basic SAML Configuration.
7. Add the following values and save:
Identifier (Entity ID): recruitee
Reply URL: https://auth.recruitee.com/sso/sp/consume/YOUR_COMPANY_NAME YOUR_COMPANY_NAME stands for your company subdomain from Recruitee (same that is used on Career Site) - it will be used for generating a unique SSO login URL for your users.
Sign on URL (optional): https://auth.recruitee.com/sso/sign-in/YOUR_COMPANY_NAME - fill in this field if you want to log in directly from Microsoft Entra ID. This is the same link as the SSO login URL for your users.
📌 If you need to turn on SSO for multiple accounts, please, contact Support.
8. After you save the settings, click on the pencil icon to Edit step 2, the User Attributes & Claims.
9. Edit the values accordingly:
Required claim |
|
Unique User Identifier (Name ID) | user.userprincipalname |
Additional claims |
|
first_name | user.givenname |
last_name | user.surname |
user.userprincipalname |
📌 If guest accounts in your organization need access to Recruitee, you may have to edit the email attribute to the value user.mail instead.
Click Save. Users registering in your SSO-enabled company will have these fields pre-filled in the registration form.
10. Scroll down and click on the pencil icon to Edit step 3, the SAML Signing Certificate. Change the Signing Option to Sign SAML response. Save, and close the form.
11. Under step 3, download the Federation Metadata XML.
12. Log into Recruitee and go to Settings > Company Settings > SSO.
13. Select the default role for new users and upload the XML file under Upload file and SSO request.
⚠️ It is possible to change a user's role within Recruitee after they signed up. If you select a role that has restricted access to jobs/talent pools, like Reviewer, you will have to assign jobs/talent pools to new users manually within Recruitee.
14. Recruitee Support will contact you on when to activate your Single Sign-on integration.
15. In your Microsoft Entra ID, add or assign users, or a group of users, to the app to give them access to your SSO-enabled company in Recruitee.
Additional documentation
Read more on SSO configuration in Microsoft Entra ID support docs.