1. Greenhouse Support
  2. All Recruiting topics
  3. Integrations
  4. Single sign-on (SSO)

Microsoft Entra ID single sign-on integration

Permissions: Basic users and above, who can manage and configure SSO

Product tier: Available for Advanced and Expert subscription tiers

Note: Greenhouse Recruiting no longer supports creating a custom subdomain.

Microsoft Entra ID is Microsoft's cloud-based identity and access management service. You can set up single sign-on (SSO) for Greenhouse Recruiting to consolidate your user access under your existing Microsoft Entra ID directory license.

For Microsoft Entra ID SSO setup for Greenhouse Onboarding, click here.

In this article

Before proceeding, your organization will need the following items to configure the Greenhouse Recruiting and Microsoft Entra ID integration:

  • Microsoft Entra ID subscription
  • Greenhouse Recruiting Advanced or Expert subscription (includes single sign-on feature)

Obtain your Microsoft Entra ID URL from Greenhouse Recruiting.

In Greenhouse Recruiting, navigate to Configure Configure-icon.png > Dev Center > Single Sign-On.

From the single sign-on page, click Copy next to the SSO Assertion Consumer URL field. Save this information to add in Entra ID AD in a later step.

Screenshot of copy Assertation URL

Create a new application in Microsoft Entra ID platform

Note: Do not use the pre-configured Greenhouse tile on the Entra ID marketplace. Create a custom tile for the new Greenhouse setup.

Navigate to the Microsoft Entra ID platform and click All applications on the left-hand panel.

Click the + New application tab on the All applications page.

Select Create your own application.

Name the application Greenhouse Recruiting.

Note: For this integration, you will need to create a custom app. Do not use the suggested gallery application.

Click Single sign-on on the Greenhouse Recruiting application integration page.

Click the SAML tile to enable single sign-on on the next page.

mceclip0.png

Edit SAML configuration and User Attributes & Claims

Next, you will need to edit Basic SAML Configuration and User Attributes & Claims.

Click the Edit icon Screen_Shot_2019-06-05_at_10.07.11_AM.png to edit Basic SAML Configuration.

Enter the below information

SAML configuration

  • Identifier (Entity ID): greenhouse.io
    • Please note there is no https:// at the beginning of the Entity ID.
  • Reply URL (Assertion Consumer Services URL): Enter the ACS URL previously copied from Greenhouse Recruiting
  • Sign-on URL: Leave blank

Note: If you're using the pre-configured marketplace tile, the Sign-on URL cannot be left blank. To complete setup, create a new custom tile for the Greenhouse setup.

Click Save when finished.

Click the Edit icon Screen_Shot_2019-06-05_at_10.07.11_AM.png to edit User Attributes & Claims.

Delete all attributes except user.mail, user.givenname, user.surname by clicking the ellipses and choosing Delete.

8.png

Note: Proceed if you run into this error when deleting a value.
qw.png

Click into user.givenname to manage user claim and edit the following options. When you're finished, click Save.

  • Name: User.FirstName
  • Namespace: delete the value so it is empty
  • Source attribute: user.givenname

as.png

Click user.surname to manage user claim, edit the following information, then click Save:

  • Name: User.LastName
  • Namespace: delete the value so it is empty
  • Source attribute: user.surname

er.png

Click user.mail to manage user claim, edit the following information, and Save:

  • Name: nameID
  • Namespace: delete the value so it is empty
  • Source attribute: user.mail

df.png

From the SAML Signing Certificate section, click Metadata XML and then download the metadata file on your computer.

ty.png

After downloading the XML file, follow the steps outlined here to finish enabling single sign-on in Greenhouse Recruiting.

Tip: You can now read a concise version of these instructions inside the Entra ID portal, while you are setting up the app.

After adding this app from the Active Directory > Enterprise Applications section, click the single sign-on tab and access the embedded documentation through the Configuration section at the bottom.

You can read more about the embedded documentation feature here: Microsoft Entra ID embedded documentation

Assign users to Greenhouse Recruiting in Microsoft Entra ID

In the Entra ID portal, open the applications view, and navigate to the directory view.

Navigate to Enterprise applications on the left side of the page and click All applications.

In the applications list, select the Greenhouse application you created.

5_edit_greenhouse_app.png

In the menu on the left, click Users and groups.

6_users_groups.png

Click the + Add user button.

7_all_users.png

Click the Users option and select the correct users.

After you select the users, choose a role.

9_add_users_2.png

Click Select button on Users and groups dialog.

Click Assign button on Add Assignment dialog.

Note: To auto-provision user accounts in Greenhouse Recruiting, your users need to first be provisioned in Microsoft Entra ID and attempt to log in to Greenhouse Recruiting through the custom tile in Entra ID.

Complete setup in Greenhouse Recruiting

When you're finished setting up Single Sign-on in Microsoft Entra ID, complete the remaining fields in the Dev Center (Configure icon Configure-icon.png > Dev Center > single sign-on)

Click here for more information on finishing this setup.