Permissions: Basic users or above, who can manage and configure SSO

Product tier: Available for Advanced and Expert subscription tiers

JumpCloud offers a directory-as-a-service (DaaS) solution that customers use to authenticate, authorize, and manage users, devices, and applications. They do it all easily via a common directory in the cloud, instead of through legacy, on-premises IT systems.

Greenhouse Recruiting's integration with JumpCloud allows your organization to use JumpCloud for SSO.

Activate Integration in JumpCloud

As an administrator, navigate to your JumpCloud account and select Applications on the left-hand side. Click the green + icon on the subsequent page.

In the Configure New Application ​dialog box, use the provided search bar to find Greenhouse. Click Configure.

Screen_Shot_2020-07-17_at_4.40.55_PM.png

In the Greenhouse configuration window, replace the default values with your company’s specific values with your company-specific details (found in Greenhouse Recruiting > Configure icon Configure.png > Dev Center > Single Sign-On) in the following fields:

  • SP Entity ID: greenhouse.io
  • ACS URL: https://app.greenhouse.io/YOUR_ACS_TOKEN/users/saml/consume

Screen_Shot_2020-07-17_at_4.34.58_PM.png

When finished, click activate ​to complete the configuration in JumpCloud.

Enable SSO in Greenhouse Recruiting

To configure JumpCloud for SSO in Greenhouse Recruiting, a private key and a public certificate are required. After you activate an application in JumpCloud, they will automatically generate a public certificate and private key pair for you. When the application is saved, you can download the certificate by clicking Download Certificate in the notification in the upper-right of the screen.

With the private key and public certificate copied, follow the steps outlined here to finish enabling Single Sign-On in Greenhouse Recruiting. You will need to enter the following details in Greenhouse Recruiting to enable SSO:

  • Single Sign On URL: https://sso.jumpcloud.com/saml2/greenhouse
  • Single Log Out URL: https://console.jumpcloud.com/userconsole/
  • IdP Certificate Fingerprint:​ Copy and paste your public certificate fingerprint into Greenhouse Recruiting (for additional information on determining your SHA1 certificate fingerprint click here).

Please note if a new user has a JumpCloud account but not a Greenhouse Recruiting account, we will automatically create a Greenhouse Recruiting user account the first time the user logs in via JumpCloud. They will be created with Basic permissions. Administrators can still invite users and change permissions in Greenhouse Recruiting.

Note: You can manually generate your own private key and public certificate. For an example of generating signed certificates on Linux, see below. Please refer to other guidance for generating keys on other operating systems.

  • Create a private key: openssl genrsa ­-out private.pem 2048
  • Create a public certificate for that private key: openssl req ­-new ­-x509 ­-key private.pem ­-out cert.pem -­days 1095
  • Determine the SHA1 fingerprint for the public certificate: openssl x509 -­sha1 ­-in cert.pem -­noout -fingerprint