Note: Greenhouse Recruiting no longer supports creating a custom subdomain.
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. In this article, we will cover how to:
- Add and Configure Greenhouse Recruiting in Azure AD Account
- Assign Users to Greenhouse Recruiting in Azure AD
Before proceeding, your organization will need the following items to configure the Greenhouse Recruiting and Azure AD integration:
- Azure AD subscription
- Greenhouse Recruiting Advanced or Expert subscription (includes Single Sign-On feature)
Add and Configure Greenhouse Recruiting in Azure AD Account
To add the Greenhouse Recruiting application to Azure AD, you will first need to obtain your ACS URL from Greenhouse Recruiting.
In Greenhouse Recruiting, navigate to Configure > Dev Center > Single Sign-On. From the Single Sign-On page, click Copy next to the SSO Assertion Consumer URL field. Save this information to add in Azure AD in a later step.
Navigate to the Azure AD platform and click All applications on the left-hand panel. From the All applications page, click the + New application tab.
From the Add an application page, search for Greenhouse. Select Greenhouse from the list of results.
From the Greenhouse Add app page, click Add.
From the Greenhouse Recruiting application integration page, click Single sign-on. From the subsequent page, click the SAML tile to enable Single Sign-On.
Next, you will need to edit Basic SAML Configuration and User Attributes & Claims. Click the Edit icon to edit Basic SAML Configuration:
Fill out the values:
- Identifier (Entity ID): greenhouse.io
- Please note there is no https://
- Reply URL (Assertion Consumer Services URL): Enter the ACS URL copied from Greenhouse Recruiting previously
- Sign-on URL: https://app.greenhouse.io
Click Save when finished.
Click the Edit icon to edit User Attributes & Claims:
Delete all attributes except user.mail, user.givenname, user.surname by clicking ellipses > Delete.
Note: Please proceed if you run into this error when deleting a value
Click into user.givenname to manage user claim and edit the following then Save:
Name: User.FirstName
Namespace: delete the value so it is empty
Source attribute: user.givenname
Click into user.surname to manage user claim and edit the following then Save:
Name: User.LastName
Namespace: delete the value so it is empty
Source attribute: user.surname
Click into user.mail to manage user claim and edit the following then Save:
Name: nameID
Namespace: delete the value so it is empty
Source attribute: user.mail
From the SAML Signing Certificate section, click Metadata XML and then download the metadata file on your computer.
After downloading the XML file, follow the steps outlined here to finish enabling Single Sign-On in Greenhouse Recruiting.
Tip: You can now read a concise version of these instructions inside the Azure portal, while you are setting up the app! After adding this app from the Active Directory > Enterprise Applications section, simply click the Single Sign-On tab and access the embedded documentation through the Configuration section at the bottom. You can read more about the embedded documentation feature here: Azure AD embedded documentation
Assign Users to Greenhouse Recruiting in Azure AD
In the Azure portal, open the applications view, and then navigate to the directory view.
Navigate to Enterprise applications and then click All applications.
In the applications list, select Greenhouse.
In the menu on the left, click Users and groups.
Click the + Add user button.
Click Users to select the appropriate users.
Add the appropriate users, then assign a role.
Click Select button on Users and groups dialog.
Click Assign button on Add Assignment dialog.