Permissions: Basic users and above, who can manage and configure SSO

Product tier: Available for Advanced and Expert subscription tiers

Note: Greenhouse Recruiting no longer supports creating a custom subdomain.

Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. You can set up single sign-on (SSO) for Greenhouse Recruiting to consolidate your user access under your existing Azure directory license.

For Azure SSO setup for Greenhouse Onboarding, click here.

Before proceeding, your organization will need the following items to configure the Greenhouse Recruiting and Azure AD integration:

  • Azure AD subscription
  • Greenhouse Recruiting Advanced or Expert subscription (includes single sign-on feature)

Obtain your ACS URL from Greenhouse Recruiting.

In Greenhouse Recruiting, navigate to Configure Configure-icon.png > Dev Center > Single Sign-On.

From the single sign-on page, click Copy next to the SSO Assertion Consumer URL field. Save this information to add in Azure AD in a later step.

Screenshot of copy Assertation URL

Create a new application in Azure AD platform

Note: Do not use the pre-configured Greenhouse tile on the Azure marketplace. Create a custom tile for the new Greenhouse setup.

Navigate to the Azure AD platform and click All applications on the left-hand panel.

Click the + New application tab on the All applications page.

azure1.png

Select Create your own application.

Name the application Greenhouse Recruiting.

Click Single sign-on on the Greenhouse Recruiting application integration page.

Click the SAML tile to enable single sign-on on the next page.

mceclip0.png

Edit SAML configuration and User Attributes & Claims

Next, you will need to edit Basic SAML Configuration and User Attributes & Claims.

Click the Edit icon Screen_Shot_2019-06-05_at_10.07.11_AM.png to edit Basic SAML Configuration.

azure2.png

Enter the below information

SAML configuration

  • Identifier (Entity ID): greenhouse.io
    • Please note there is no https:// at the beginning of the Entity ID.
  • Reply URL (Assertion Consumer Services URL): Enter the ACS URL previously copied from Greenhouse Recruiting
  • Sign-on URL: Leave blank

Note: If you're using the pre-configured marketplace tile, the Sign-on URL cannot be left blank. To complete setup, create a new custom tile for the Greenhouse setup.

Click Save when finished.

Click the Edit icon Screen_Shot_2019-06-05_at_10.07.11_AM.png to edit User Attributes & Claims:

azure3.png

Delete all attributes except user.mail, user.givenname, user.surname by clicking the ellipses and choosing Delete.

8.png

Note: Proceed if you run into this error when deleting a value.
qw.png

Click into user.givenname to manage user claim and edit the following options. When you're finished, click Save.

  • Name: User.FirstName
  • Namespace: delete the value so it is empty
  • Source attribute: user.givenname

as.png

Click user.surname to manage user claim, edit the following information, then click Save:

  • Name: User.LastName
  • Namespace: delete the value so it is empty
  • Source attribute: user.surname

er.png

Click user.mail to manage user claim, edit the following information, and Save:

  • Name: nameID
  • Namespace: delete the value so it is empty
  • Source attribute: user.mail

df.png

From the SAML Signing Certificate section, click Metadata XML and then download the metadata file on your computer.

ty.png

After downloading the XML file, follow the steps outlined here to finish enabling single sign-on in Greenhouse Recruiting.

Tip: You can now read a concise version of these instructions inside the Azure portal, while you are setting up the app.

After adding this app from the Active Directory > Enterprise Applications section, click the single sign-on tab and access the embedded documentation through the Configuration section at the bottom.

You can read more about the embedded documentation feature here: Azure AD embedded documentation

Assign users to Greenhouse Recruiting in Azure AD

In the Azure portal, open the applications view, and navigate to the directory view.

Navigate to Enterprise applications on the left side of the page and click All applications.

Assign User

In the applications list, select the Greenhouse application you created.

5_edit_greenhouse_app.png

In the menu on the left, click Users and groups.

6_users_groups.png

Click the + Add user button.

7_all_users.png

Click the Users option and select the correct users.

8_add_users_1.png

After you select the users, choose a role.

9_add_users_2.png

Click Select button on Users and groups dialog.

Click Assign button on Add Assignment dialog.

Note: To auto-provision user accounts in Greenhouse Recruiting, your users need to first be provisioned in Azure AD and attempt to log in to Greenhouse Recruiting through the custom tile in Azure.

Complete setup in Greenhouse Recruiting

When you're finished setting up Single Sign-on in Azure AD, complete the remaining fields in the Dev Center (Configure icon Configure-icon.png > Dev Center > single sign-on)

Click here for more information on finishing this setup.