Okta provides cloud software that helps companies manage and secure user authentication into modern applications, and for developers to build identity controls into applications, website web services and into devices. Greenhouse Recruiting's integration with Okta allows your organization to use Okta to enable Single Sign-On (SSO) in your Greenhouse Recruiting account. In this article, we will cover how to:
Add and Configure Greenhouse Recruiting to Okta Account
Navigate to your Okta administrator console and click Applications. Use the provided search bar to find Greenhouse.
Navigate to the General tab for the Greenhouse application and edit the Sub Domain field with your organization's subdomain.
Click SAML 2.0.
Click Done when finished.
Note: If you have an Enterprise Okta account, you will be taken to the Sign-On Options tab after you complete the steps on the General Settings tab where you should enabled SAML 2.0. Please finish creating the application by clicking Done on this page before sending the Greenhouse team your Metadata file. If you click View Setup Instructions before clicking Done to finish creating the application, the certificate may not generate properly.
Navigate to the Assignments tab and assign all relevant users to the application:
Navigate to the Sign On tab and click View Setup Instructions.
Follow the instructions on this page, which includes instructions to send the IDP Metadata to us at www.greenhouse.io/asksupport.
Enable SSO in Greenhouse Recruiting
Once Greenhouse Recruiting receives your IDP Metadata file, we will complete the configuration and coordinate with you to determine exactly when SSO should be enabled for your organization. It is important that this launch is carefully timed, because you will need to instruct users about the change.
See notes below:
* All users MUST log in through Okta once we enable SSO. Users won't be able to log in via the normal Greenhouse login screen anymore, even if they already have passwords.
* Your users will access Greenhouse via the custom URL, which will use the company subdomain that you entered (i.e. https://my-company.greenhouse.io). Right now, your team is using https://app.greenhouse.io. Once SSO is fully-enabled, your users can access Greenhouse through either the custom subdomain (https://my-company.greenhouse.io) or through https://app.greenhouse.io.
* If a new user has an Okta account but not a Greenhouse account, Greenhouse will automatically create a Greenhouse user account the first time they log in via Okta. They'll be created with Basic permissions. Administrators can still invite users and change permissions in Greenhouse using our existing screens.
* Data will be unaffected. Your users will still have access to all of their existing jobs, scorecards, interviews, etc. Okta only changes the way people log in.