Note: Greenhouse Recruiting no longer supports creating a custom subdomain.
Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. You can set up single sign-on (SSO) for Greenhouse Recruiting to consolidate your user access under your existing Azure directory license.
For Azure SSO setup for Greenhouse Onboarding, click here.
Before proceeding, your organization will need the following items to configure the Greenhouse Recruiting and Azure AD integration:
- Azure AD subscription
- Greenhouse Recruiting Advanced or Expert subscription (includes single sign-on feature)
Obtain your ACS URL from Greenhouse Recruiting.
In Greenhouse Recruiting, navigate to Configure > Dev Center > Single Sign-On.
From the single sign-on page, click Copy next to the SSO Assertion Consumer URL field. Save this information to add in Azure AD in a later step.
Create a new application in Azure AD platform
Note: Do not use the pre-configured Greenhouse tile on the Azure marketplace. Create a custom tile for the new Greenhouse setup.
Navigate to the Azure AD platform and click All applications on the left-hand panel.
Click the + New application tab on the All applications page.
Select Create your own application.
Name the application Greenhouse Recruiting.
Click Single sign-on on the Greenhouse Recruiting application integration page.
Click the SAML tile to enable single sign-on on the next page.
Edit SAML configuration and User Attributes & Claims
Next, you will need to edit Basic SAML Configuration and User Attributes & Claims.
Click the Edit icon to edit Basic SAML Configuration.
Enter the below information
SAML configuration
- Identifier (Entity ID): greenhouse.io
- Please note there is no https:// at the beginning of the Entity ID.
- Reply URL (Assertion Consumer Services URL): Enter the ACS URL previously copied from Greenhouse Recruiting
- Sign-on URL: Leave blank
Note: If you're using the pre-configured marketplace tile, the Sign-on URL cannot be left blank. To complete setup, create a new custom tile for the Greenhouse setup.
Click Save when finished.
Click the Edit icon to edit User Attributes & Claims:
Delete all attributes except user.mail, user.givenname, user.surname by clicking the ellipses and choosing Delete.
Note: Proceed if you run into this error when deleting a value.
Click into user.givenname to manage user claim and edit the following options. When you're finished, click Save.
- Name: User.FirstName
- Namespace: delete the value so it is empty
- Source attribute: user.givenname
Click user.surname to manage user claim, edit the following information, then click Save:
- Name: User.LastName
- Namespace: delete the value so it is empty
- Source attribute: user.surname
Click user.mail to manage user claim, edit the following information, and Save:
- Name: nameID
- Namespace: delete the value so it is empty
- Source attribute: user.mail
From the SAML Signing Certificate section, click Metadata XML and then download the metadata file on your computer.
After downloading the XML file, follow the steps outlined here to finish enabling single sign-on in Greenhouse Recruiting.
Tip: You can now read a concise version of these instructions inside the Azure portal, while you are setting up the app.
After adding this app from the Active Directory > Enterprise Applications section, click the single sign-on tab and access the embedded documentation through the Configuration section at the bottom.
You can read more about the embedded documentation feature here: Azure AD embedded documentation
Assign users to Greenhouse Recruiting in Azure AD
In the Azure portal, open the applications view, and navigate to the directory view.
Navigate to Enterprise applications on the left side of the page and click All applications.
In the applications list, select the Greenhouse application you created.
In the menu on the left, click Users and groups.
Click the + Add user button.
Click the Users option and select the correct users.
After you select the users, choose a role.
Click Select button on Users and groups dialog.
Click Assign button on Add Assignment dialog.
Note: To auto-provision user accounts in Greenhouse Recruiting, your users need to first be provisioned in Azure AD and attempt to log in to Greenhouse Recruiting through the custom tile in Azure.
Complete setup in Greenhouse Recruiting
When you're finished setting up Single Sign-on in Azure AD, complete the remaining fields in the Dev Center (Configure icon > Dev Center > single sign-on)
Click here for more information on finishing this setup.