In order to perform a full Web SSO set up with SmartRecruiters we assume the following:
- You have an Identity Provider (IdP) set up and running and you’re familiar with adding a new Service Provider (SP) to its configuration
- You have all the capabilities to integrated your IdP with our User API in order to sync user profile details in ongoing basis (e.g. remove from SmartRecruiters terminated employees’ profiles)
- You have an Admin account within SmartRecruiters to access Web SSO configuration
In order to properly set up User profiles within SmartRecruiters, build an integration with your IdP (to manage user profiles from a single location) and provide a seamless experience for IdP users, please use our User API. You can find detailed instruction on how to do it in our Creating new SSO-enabled user guide.
If you wish your IdP users to be automatically logged in to SmartRecruiters the very first time, please ensure you do the following:
- Provide a ssoIdentifier when creating user profiles via the User API; this identifier will be used for SAML assertion (“persistent” or “emailAddress” Identifier needs to be used, as per sections 8.3.2 and 8.3.7 of the official SAML 2.0 documentation). You can find more details about that on the Web Single Sign-On Overview page
- Activate users using the dedicated User API endpoint
Note: An email address and password which you provide for each user while creating their profiles can be used to log in directly to SmartRecruiters without a need of going through an IdP.
Below you can find detailed guides on how to configure SmartRecruiters as a Service Provider in specific IdP applications. If the guide to a specific IdP that you are using is not listed below and you know it exists (usually it’s available in IdP help pages), feel free to send it to us and we will be happy to add it here.
- AD FS Configuration Guide
- Google Apps – you can get the Entity ID, Single Sign-On URL and X.509 Certificate values by logging in to SmartRecruiters as an Admin, going to Settings/Admin -> Web SSO ->
SmartRecruiters Metadata (or using this link if you are already logged in). It is shown in point 3 of “Add new Service Provider in your IdP” part on the generic guide below. Here’s our logo that you can use as an icon for SmartRecruiters app.
- Okta – your Identity Provider URL and Identity Provider Certificate will be generated in the linked guide when you sign into your Okta Admin Dashboard
Each IdP configuration looks differently in details but the general concept remains the same as we deal with the SAML 2.0 standard. Therefore we present below an example of how to add a new Service Provider using a free OpenIdP provider (Note that the OpenIdP service is no longer available and has been shut down, however the guide below is still valid for getting a generic set up flow).
In order to perform a Web SSO configuration in SmartRecruiters you need to be an Admin user.
- Open the Web SSO configuration page directly or log in to SmartRecruiters and go to Settings / Admin > Web SSO
- Enable Web SSO
- Configure SmartRecruiters Signature Algorithm and Certificate.
Please select certificate with longest validity.
- Copy IdP URL and Certificate from your IdP metadata
- Paste it as shown in the below example.
- Save Web SSO configuration
- Manage Service Providers
- Add new Service Provider from SAML 2.0 XML metadata
- Paste the metadata in IdP configuration and Import
- Provide a Service Provider name and Save.
That’s all! In order to initiate the SSO log in process please use the below URL:
Updated about 2 months ago