How can we help you?

JumpCloud

JumpCloud offers a directory-as-a-service (DaaS) solution that customers use to authenticate, authorize, and manage users, devices, and applications. They do it all easily via a common directory in the cloud, instead of through legacy, on-premises IT systems. Greenhouse Recruiting's integration with JumpCloud allows your organization to use JumpCloud for SSO.

Note: SSO is only available for organizations who are in the Advance or Expert Greenhouse Recruiting subscription tiers.

 

Activate Integration in JumpCloud

As an administrator, navigate to your JumpCloud account and select Applications on the left-hand side. Click the green + icon on the subsequent page.

In the Configure New Application ​dialog box, use the provided search bar to find Greenhouse. Click Configure.

In the Greenhouse configuration window, replace the default values with your company’s specific values in the following fields:

  • IdP Entity ID:Your company’s unique domain
  • SP Entity ID: {subdomain}.greenhouse.io
  • ACS URL: https://{subdomain}.greenhouse.io/users/saml/consume

When finished, click activate ​to complete the configuration in JumpCloud.

 

Enable SSO in Greenhouse Recruiting 

To configure JumpCloud for SSO in Greenhouse Recruiting , a private key and a public certificate are required. After you activate an application in JumpCloud, they will automatically generate a public certificate and private key pair for you. When the application is saved, you can download the certificate by clicking Download Certificate in the notification in the upper-right of the screen.  

With the private key and public certificate copied, complete the form at www.greenhouse.io/asksupport to request that single sign-on be enabled for your account. Include the following information in the form:

  • Single Sign On URL: https://sso.jumpcloud.com/saml2/greenhouse
  • Single Log Out URL: https://console.jumpcloud.com/userconsole/
  • IdP Certificate Fingerprint:​ Copy and paste your public certificate fingerprint here (for additional information on determining your SHA1 certificate fingerprint click here).

Greenhouse Recruiting will complete the configuration and coordinate with you to determine exactly when SSO should be enabled for your organization. It is important that this launch is carefully timed, because you will need to instruct users about the change. 

If a new user has a JumpCloud account but not a Greenhouse Recruiting account, Greenhouse Recruiting will automatically create a Greenhouse user account the first time they log in via JumpCloud. They will be created with Basic permissions. Administrators can still invite users and change permissions in Greenhouse Recruiting. 

Note:

You can manually generate your own private key and public certificate. For an example of generating signed certificates on Linux, see below. Please refer to other guidance for generating keys on other operating systems.

  • Create a private key: openssl genrsa ­-out private.pem 2048
  • Create a public certificate for that private key: openssl req ­-new ­-x509 ­-key private.pem ­-out cert.pem -­days 1095
  • Determine the SHA1 fingerprint for the public certificate: openssl x509 -­sha1 ­-in cert.pem -­noout -fingerprint