Guides

Creating new SSO-enabled user

Follow those steps when you want to create new SSO-enabled user

Suggest Edits

Step 1 - Get SmartRecruiters API credential

  1. Login to your SmartRecruiters account.
  2. Go to Settings/Admin -> Apps & Integrations -> Credentials (if you are already logged in you can use this direct link). Please keep in mind that you have to have a SmartRecruiters Admin account in Corporate Plan to be able to see this page.
  3. Select New Credential to generate a new API credential; if you are creating an OAuth client ID, please ensure you specified users related access scopes.

Step 2 - Create and activate a new User using SmartRecruiters Public API

  1. Navigate to our Live Docs page.
  2. At the top, in the X-SmartToken field please paste your SmartRecruiters API key that you got in steps 1-3. of this guide. Please note that this classic API explorer doesn’t support the use of OAuth credentials. If you are using OAuth, use the new API explorer.
  3. Scroll down to the POST /users endpoint.
  4. In the “User” field please provide the following string (between the quotes inputting values described in point 5. below):
{
  "email": "user_email_address",
  "firstName": "user_first_ name",
  "lastName": "user_last_name",
  "systemRole": {
    "id": "id_of_system_role",
    "name": "name_of_system_role"
  },
  "ssoIdentifier": "user_email_as_sso_identifier"
}

as in the screenshot below:

Alternatively, to provide more information about the user (like its location) use an example of an extended object below:

{
  "email": "",
  "firstName": "",
  "lastName": "",
  "role": "",
  "location": {
    "country": "",
    "countryCode": "",
    "regionCode": "",
    "region": "",
    "city": "",
    "address": "",
    "postalCode": ""
  },
  "ssoIdentifier": "",
  "password": "",
  "externalData": ""
}
  1. Between the quotes, please provide values as described below:
  • email – user’s email address (please note that this is case-sensitive)
  • firstName – user’s first name
  • lastName – user’s last name
  • role – use one of the EMPLOYEE, RESTRICTED, STANDARD, EXTENDED or ADMINISTRATOR
  • ssoIdentifier – user’s ssoIdentifier – the most important thing is that the ssoIdentifier that your IDP sends needs to match exactly (case-sensitive) the SmartRecruiters user’s ssoIdentifier – this is where you set it up in SR. we recommend that the ssoIdentifier is this person’s email, but the truly important part is that ssoIdentifiers need to match in IDP and SR. If for some reason you will need to change the ssoIdentifier after creating the user, you can do so by following this guide.
  1. Click on the Try it! button.
    From the Response Body result, copy the id value of the user in question as in the screenshot below:

Step 3 - Activate the User via API

Scroll down to the Activate a user account endpoint. Paste the id value (copied in steps 2-6 of this guide) in the id field. Click on Try it! button.

When you receive response 204, the user is now created and active. Trying to log in to SmartRecruiters from the IdP application of your choice will now succeed for this user as long as IdP will send the ssoIdentifier exactly the same as set in steps 2-4 of this guide.

Updated almost 2 years ago