Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. You can set up single sign-on (SSO) with Azure AD to authenticate users logging in to Greenhouse Onboarding and Greenhouse Welcome.
For information on setting up Azure AD SSO for Greenhouse Recruiting, click here.
Enter your SSO credentials in Greenhouse Onboarding
Before you can connect Greenhouse Onboarding with Azure AD, you'll need to provide the following identity provider details:
- Single Sign-On URL
- IdP Certificate Fingerprint (in SHA1 format)
- Single Logout URL (optional)
Note: Your Single Log-out (SLO) URL is only needed if your organization wants to use SLO requests with your SAML provider.
Open Greenhouse Onboarding and navigate to Settings > Data Flow > Single Sign-On.
On the Single Sign-On page, enter your SSO URL, IdP certificate fingerprint, and single logout URL in their corresponding fields.
Mark the checkbox above the Save button to indicate that your organization uses Azure AD as an Identity Provider.
Click Save.
When you're finished, reach out to Greenhouse Technical Support to turn on your SAML configuration setup.
Before closing Greenhouse Onboarding, copy your organization's SSO Assertion Consumer URL and Entity ID/Issuer from the Single Sign-On page. You'll need these details later during Azure AD setup.
Connect Greenhouse Onboarding in your Azure AD platform
Once you've set up your SAML configuration in Greenhouse Onboarding, it's time to set up the integration in Azure AD. Follow the below steps to connect Greenhouse Onboarding in Azure AD.
Create a new Enterprise application in Azure AD
Note: Do not use the pre-configured Greenhouse tile on the Azure marketplace. Create a custom tile for your new Greenhouse Onboarding setup.
Navigate to the Azure AD platform and click All applications on the left panel.
Click the + New application tab on the All applications page.
Select Create your own application and configure the following settings:
- Enter Greenhouse Onboarding under What's the name of your app?
- Under What are you looking to do with your application?, select Integrate any other application you don't find in the gallery (Non-gallery)
Name the application Greenhouse Onboarding.
Click Single sign-on on the Greenhouse Onboarding application integration page.
Click the SAML tile to enable Single Sign-On on the next page.
Edit SAML configuration, user attributes, & claims in Azure AD
Next, you will need to edit your Basic SAML Configuration and User Attributes & Claims.
Click the Edit icon to edit the Basic SAML Configuration.
In the Basic SAML Configuration panel, enter the below information:
- Identifier (Entity ID): Enter your Entity ID/Issuer from Greenhouse Onboarding, app.parklet.co
-
Reply URL (Assertion Consumer Services URL): Enter your SSO Assertion Consumer URL from Greenhouse Onboarding, https://onboarding.greenhouse.io/saml/{uid}/consume
- The bracketed section includes your Greenhouse Onboarding unique identifier (UID).
- Sign-on URL: Leave this field blank
Note: If you are using the pre-configured marketplace tile, the Sign-on URL cannot be left blank. To complete the setup, create a new custom tile for the Greenhouse setup.
Click Save when finished.
Assign users to Greenhouse Onboarding in Azure AD
In the Azure portal, open the applications view and navigate to the directory view.
Navigate to Enterprise applications in the left panel and click All applications.
In the applications list, select the Greenhouse Onboarding application you created above.
In the left menu, click Users and groups.
Click the + Add user button.
Click the Users option and select your desired users.
After you select the users, choose a role.
Click Select button on Users and groups window.
Click Assign button on Add Assignment window.