Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. In this article, we will cover how to:
- Add Greenhouse Recruiting from Gallery
- Configure and Test Azure AD Single Sign-On (SSO)
- Assign Users to Greenhouse Recruiting in Azure AD
Before proceeding, your organization will need the following items to configure the Greenhouse Recruiting and Azure AD integration:
- Azure AD subscription
- Greenhouse Recruiting subscription with single sign-on enabled.
Note: Single Sign-On (SSO) is included in the Greenhouse Recruiting Pro and Enterprise subscription tiers, or the Core subscription tier at an additional cost.
Add Greenhouse Recruiting from Gallery
Before your organization can configure the integration, you need to add Greenhouse Recruiting from the gallery to your list of managed SaaS apps in Azure AD.
Click Azure Active Directory on the left-hand navigation panel in the Azure portal.
Navigate to Enterprise applications and then click All applications.
To add a new application, click + New application at the top of the dialog box.
Search for Greenhouse from the provided search field and select Greenhouse from results. Click Add button to add the application.
Configure and Test Azure AD Single Sign-On (SSO)
Once Greenhouse Recruiting is added to Azure AD, you are ready to configure and test single sign-on.
On the Greenhouse Recruiting application integration page in the Azure portal, click Single sign-on.
From the subsequent page, select SAML to enable single sign-on
Next, you will need to edit Basic SAML Configuration and User Attributes & Claims. Click the Edit icon to edit Basic SAML Configuration:
Fill out the values:
- Identifier (Entity ID): {subdomain}.greenhouse.io
- Please note there is no https://
- Reply URL (Assertion Consumer Services URL): https://{subdomain}greenhouse.io/users/saml/consume
- Sign on URL: https://{subdomain}.greenhouse.io
Note: Please replace <companyname> with a value that you would like to use for your company's subdomain.
Click Save when finished.
Click the Edit icon to edit User Attributes & Claims:
Delete all attributes except user.mail, user.givenname, user.surname by clicking on ellipses > Delete.
Note: Please proceed if you run into this error when deleting a value
Click into user.givenname to manage user claim and edit the following then Save:
Name: User.FirstName
Namespace: delete the value so it is empty
Source attribute: user.givenname
Click into user.surname to manage user claim and edit the following then Save:
Name: User.LastName
Namespace: delete the value so it is empty
Source attribute: user.surname
Click into user.mail to manage user claim and edit the following then Save:
Name: nameID
Namespace: delete the value so it is empty
Source attribute: user.mail
From the SAML Signing Certificate section, click Metadata XML and then download the metadata file on your computer.
To configure single sign-on in Greenhouse Recruiting, you need to send the downloaded Metadata XML to the Greenhouse support team.
Tip: You can now read a concise version of these instructions inside the Azure portal, while you are setting up the app! After adding this app from the Active Directory > Enterprise Applications section, simply click the Single Sign-On tab and access the embedded documentation through the Configuration section at the bottom. You can read more about the embedded documentation feature here: Azure AD embedded documentation
Assign Users to Greenhouse Recruiting in Azure AD
In the Azure portal, open the applications view, and then navigate to the directory view.
Navigate to Enterprise applications and then click All applications.
In the applications list, select Greenhouse.
In the menu on the left, click Users and groups.
Click Add button. Then select Users and groups on Add Assignment dialog.
On Users and groups dialog, select the appropriate users in the Users list.
Click Select button on Users and groups dialog.
Click Assign button on Add Assignment dialog.