How can we help you?

OneLogin

all_tiers.png

OneLogin is a cloud-based identity and access management provider that designs and develops a unified access management system platform for businesses and organizations. Greenhouse Recruiting's integration with OneLogin allows your organization to enable Single Sign-On (SSO) through OneLogin in your Greenhouse Recruiting account.

In this article, we will cover how to:

 

Add and Configure Greenhouse Recruiting to OneLogin Account with Custom Subdomain

If your organization has a custom subdomain configured for Greenhouse Recruiting, log into OneLogin and navigate to Applications Applications. Click the Add App button on the top-right, then search for Greenhouse

Click on Greenhouse Recruiting (Subdomain). Rename the app if you wish, then click Save in the top-right.

Screen_Shot_2020-05-20_at_1.52.15_PM.png

Return to Applications Applications and find Greenhouse in your list of apps. Click Greenhouse to land on the Info page, then click Configuration in the left-hand panel. 

Enter your custom subdomain. The subdomain you enter ultimately will determine the URL through which users will log in once SSO is hard-enabled. For example, if you enter my-company as your company subdomain, then users will log into https://my-company.greenhouse.io once SSO is enabled.

unnamed.png

Click the SSO tab on the left-hand panel. Copy your Issuer URL, SAML 2.0 Endpoint (HTTP) value, and SLO Endpoint URL into a separate document to be shared with Greenhouse. 

unnamed__1_.png

Click View Details. On the next page, copy your Fingerprint and paste it into the same document, then download your X.509 PEM toward the bottom of the page. 

Standard_Strength_Cert.png

X.509.png

Click here to open a ticket with Greenhouse Support to request assistance enabling SSO. The Greenhouse Support team will request you share the document you created and the X.509 PEM document. 

 

Add and Configure Greenhouse Recruiting to OneLogin Account with ACS URL

If your organization has been provided an ACS URL by Greenhouse, log into OneLogin and navigate to Applications > Applications. Click the Add App button on the top-right, then search for Greenhouse

Click on Greenhouse Recruiting (ACS URL). Rename the app if you wish, then click Save in the top-right.

Screen_Shot_2020-05-20_at_1.52.15_PM.png

Return to Applications > Applications and find Greenhouse in your list of apps. Click Greenhouse to land on the Info page, then click Configuration in the left-hand panel. 

Enter your ACS URL as provided by Greenhouse. If you do not have your ACS URL already, you can find it in Greenhouse Recruiting by navigating to Configure Dev Center Single Sign-On

Screen_Shot_2020-06-23_at_10.23.59_AM_copy.png

Click the SSO tab on the left-hand panel. Copy your Issuer URL, SAML 2.0 Endpoint (HTTP) value, and SLO Endpoint URL into a separate document to be shared with Greenhouse. 

unnamed__1_.png

Click View Details. On the next page, copy your Fingerprint and paste it into the same document, then download your X.509 PEM toward the bottom of the page. 

Standard_Strength_Cert.png

X.509.png 

 

Enable SSO in Greenhouse Recruiting

For organizations enabling OneLogin with a custom subdomain, once the Greenhouse Support team receives your IDP Metadata file, we will complete the configuration and coordinate with you to determine exactly when SSO should be enabled for your organization. It is important that this launch is timed carefully, because you will need to instruct users about the change.

For organizations enabling OneLogin with an ACS URL, once you have added Greenhouse Recruiting to OneLogin and gathered the necessary information, follow the steps outlined here to finish enabling Single Sign-On in Greenhouse Recruiting. 

See notes below:

  • All users MUST log into Greenhouse Recruiting through OneLogin once SSO is hard-enabled. Users will not be able to log in via the standard Greenhouse Recruiting login screen any longer, even if they already have passwords.
  • Your users will access Greenhouse Recruiting via the custom URL, which will use the company subdomain that you entered (e.g. https://my-company.greenhouse.io), if applicable. 
  • If a new user has a OneLogin account but not a Greenhouse Recruiting account, Greenhouse Recruiting will create a Greenhouse Recruiting user account for them automatically the first time they log in via OneLogin. The user account will be created with Basic permissions. Administrators can still invite users and change permissions in Greenhouse Recruiting using our existing process.
  • Data will be unaffected. Your users will still have access to all of their existing jobs, scorecards, interviews, etc. Enabling SSO via OneLogin only changes the way people log in.