If your organization manages user access through Google Apps, you can easily set up Single Sign-On (SSO) to allow your users to log into Greenhouse Recruiting or Greenhouse Onboarding using their employee Google account.
Note: Click here for more information on Single Sign-On.
Once SSO is enabled, all users must log in through Google Apps and won't be able to use their previous username and password.
Logging in through Google Apps only changes the way a user logs in to Greenhouse Recruiting or Greenhouse Onboarding and doesn't change anything else associated with their account. In other words, if a user has an existing Greenhouse Recruiting or Greenhouse Onboarding account, they'll still be able to access their jobs, candidates, interviews, onboarding tasks, and other data as normal.
Note: If a new user has a Google Apps account, but not a Greenhouse Recruiting account, Greenhouse Recruiting will automatically create a Greenhouse user account the first time they sign in using Google Apps. By default, this account will be assigned Basic permissions. Site Admins can update these permissions on the Configure page.
Set up SSO for Greenhouse Recruiting
Note: This process is based on Google's standard SSO setup steps, outlined here.
Log into Greenhouse Recruiting and copy your SSO Assertion Consumer URL in the Dev Center. (Configure > Dev Center > Single Sign-On > SSO Assertion Consumer URL)
In another tab, sign in to your Google Admin console and navigate to the Web and mobile apps page. (Home > Apps > Web and mobile apps)
Click Add app at the top of the page and select Add custom SAML app.
Enter the App name and click Continue. If needed, you can enter an optional description and app icon on this page.
Enter the following information on the Service Provider Details page:
- Entity ID: greenhouse.io
- Assertion Consumer Service (ACS) URL: The ACS URL previously copied from Greenhouse Recruiting
- Name ID format: EMAIL
- Name ID: Basic Information > Primary email
Map the following information on the Attributes page and click Finish. The text must exactly match the text below (including capitalization) in order for the integration to work correctly
| Basic information | App attributes |
| First name | User.FirstName |
| Last name | User.LastName |
| Primary email | NameID |
Select Download Metadata on the saved tile.
Navigate back to the Dev Center in Greenhouse Recruiting and finish the Single Sign-On setup outlined in this article.
Once you're finished, take the following steps:
- Grant users access to Greenhouse Recruiting in your Google Admin Console under User Access
- Finish setup in Greenhouse Recruiting by completing the remaining fields in the Dev Center (Configure > Dev Center > Single Sign-On)
- Finish overall SSO setup and move your integration to a hard-enabled state by following the steps in this document
Note: For troubleshooting guidance for common SAML errors, click here.
Set up SSO for Greenhouse Onboarding
Add Greenhouse Onboarding to Google Apps
Sign in to your Google Admin console and navigate to the Web and mobile apps page. (Home > Apps > Web and mobile apps)
Click Add app at the top of the page and select Add custom SAML app.
Enter the App name and click Continue. If needed, you can enter an optional description and app icon on this page.
Note: We recommend using "Greenhouse Onboarding" for your app name.
Enter the following information on the Service Provider Details page:
- Entity ID: app.parklet.co
- Assertion Consumer Service (ACS) URL: https://onboarding.greenhouse.io/saml/{Greenhouse Onboarding UID}/consume
- Name ID format: EMAIL
- Name ID: Basic Information > Primary email
Note: Owners can retrieve your organization's Entity ID and ACS URL directly in Greenhouse Onboarding.
Navigate to Settings > Data Flow > Single Sign-On, then copy the values from the SSO Assertion Consumer Service (ACS) URL and Entity ID/Issuer fields.
Map the following information on the Attributes page and click Finish. The text must exactly match the text below (including capitalization) in order for the integration to work correctly
| Basic information | App attributes |
| First name | User.FirstName |
| Last name | User.LastName |
| Primary email | NameID |
Select Download Metadata on the saved tile. You'll use this metadata to complete setup in the next step.
Finish SAML configuration in Greenhouse Onboarding
Next, you'll finish SAML configuration directly in Greenhouse Onboarding.
Open Greenhouse Onboarding, then navigate to Settings > Data Flow > Single Sign-On.
On the Single Sign-On page, fill out the following fields with credentials from your Google metadata file:
- Single Sign-On URL
- Single Logout URL (optional)
- IdP Certificate Fingerprint (SHA1 format)
Click Save.
Once you've saved your SSO information, reach out to Greenhouse Technical Support to finish setup and turn on your SAML configuration.
After you've finished setup in Greenhouse Onboarding, you'll need to grant users access to Greenhouse Onboarding in your Google Admin Console under User Access.
Note: For troubleshooting guidance for common SAML errors, click here.