Azure Active Directory (Azure AD) Single Sign-On setup

Permissions: Basic users and above, who can manage and configure SSO

Product tier: Available for Advanced and Expert subscription tiers

Note: Greenhouse Recruiting no longer supports creating a custom subdomain.

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. You can set up Single Sign-On (SSO) for 

In this article:

Before proceeding, your organization will need the following items to configure the Greenhouse Recruiting and Azure AD integration:

  • Azure AD subscription
  • Greenhouse Recruiting Advanced or Expert subscription (includes Single Sign-On feature)

Obtain your ACS URL from Greenhouse Recruiting.

In Greenhouse Recruiting, navigate to Configure Configure.png Dev Center Single Sign-On

From the Single Sign-On page, click Copy next to the SSO Assertion Consumer URL field. Save this information to add in Azure AD in a later step.

Dev_Center___SSO_.png

Create a new application in Azure AD platform

Note: Do not use the pre-configured Greenhouse tile on the Azure marketplace. Create a custom tile for the new Greenhouse setup. 

Navigate to the Azure AD platform and click All applications on the left-hand panel.

Click the + New application tab on the All applications page. 

azure1.png

Select Create your own application

Name the application Greenhouse Recruiting

Click Single sign-on on the Greenhouse Recruiting application integration page.

Click the SAML tile to enable Single Sign-On on the next page. 

mceclip0.png

Edit SAML configuration and User Attributes & Claims

Next, you will need to edit Basic SAML Configuration and User Attributes & Claims.

Click the Edit icon Screen_Shot_2019-06-05_at_10.07.11_AM.png to edit Basic SAML Configuration. 

azure2.png

Enter the below information

SAML configuration

  • Identifier (Entity ID): greenhouse.io
    • Please note there is no https:// at the beginning of the Entity ID.
  • Reply URL (Assertion Consumer Services URL): Enter the ACS URL previously copied from Greenhouse Recruiting
  • Sign-on URL: Leave blank

Note: If you are using the pre-configured marketplace tile, the Sign-on URL cannot be left blank. To complete setup, create a new custom tile for the Greenhouse setup. 

Click Save when finished.

Click the Edit icon Screen_Shot_2019-06-05_at_10.07.11_AM.png to edit User Attributes & Claims:

azure3.png

Delete all attributes except user.mail, user.givenname, user.surname by clicking the ellipses and choosing Delete.

8.png

Note: Please proceed if you run into this error when deleting a value
qw.png

Click into user.givenname to manage user claim and edit the following options. When you're finished, click Save. 

  • Name: User.FirstName
  • Namespace: delete the value so it is empty
  • Source attribute: user.givenname

as.png 

Click user.surname to manage user claim, edit the following information, then click Save:

  • Name: User.LastName
  • Namespace: delete the value so it is empty
  • Source attribute: user.surname

er.png

Click user.mail to manage user claim, edit the following information, and Save:

  • Name: nameID
  • Namespace: delete the value so it is empty
  • Source attribute: user.mail

df.png

From the SAML Signing Certificate section, click Metadata XML and then download the metadata file on your computer.

ty.png

After downloading the XML file, follow the steps outlined here to finish enabling Single Sign-On in Greenhouse Recruiting. 

Tip: You can now read a concise version of these instructions inside the Azure portal, while you are setting up the app.

After adding this app from the Active Directory > Enterprise Applications section, click the Single Sign-On tab and access the embedded documentation through the Configuration section at the bottom.

You can read more about the embedded documentation feature here: Azure AD embedded documentation

Assign users to Greenhouse Recruiting in Azure AD

In the Azure portal, open the applications view, and navigate to the directory view.

Navigate to Enterprise applications on the left side of the page and click All applications.

Assign User

In the applications list, select the Greenhouse application you created.

5_edit_greenhouse_app.png

In the menu on the left, click Users and groups.

6_users_groups.png

Click the + Add user button.

7_all_users.png

Click the Users option and select the correct users. 

8_add_users_1.png

After you select the users, choose a role. 

9_add_users_2.png

Click Select button on Users and groups dialog.

Click Assign button on Add Assignment dialog.

Complete setup in Greenhouse Recruiting 

When you're finished setting up Single Sign-on in Azure AD, complete the remaining fields in the Dev Center (Configure icon Configure.png > Dev Center > Single Sign-On

Click here for more information on finishing this setup.