Configuration

Prerequisites

In order to perform a full Web SSO set up with SmartRecruiters we assume the following:

  • You have an Identity Provider (IdP) set up and running and you’re familiar with adding a new Service Provider (SP) to its configuration
  • You have all the capabilities to integrated your IdP with our User API in order to sync user profile details in ongoing basis (e.g. remove from SmartRecruiters terminated employees’ profiles)
  • You have an Admin account within SmartRecruiters to access Web SSO configuration

Create user profiles within SmartRecruiters

In order to properly set up User profiles within SmartRecruiters, build an integration with your IdP (to manage user profiles from a single location) and provide a seamless experience for IdP users, please use our User API. You can find detailed instruction on how to do it in our Creating new SSO-enabled user guide.

If you wish your IdP users to be automatically logged in to SmartRecruiters the very first time, please ensure you do the following:

  • Provide a ssoIdentifier when creating user profiles via the User API; this identifier will be used for SAML assertion (“persistent” or “emailAddress” Identifier needs to be used, as per sections 8.3.2 and 8.3.7 of the official SAML 2.0 documentation). You can find more details about that on the  Web Single Sign-On Overview page
  • Activate users using the dedicated User API endpoint

Note: An email address and password which you provide for each user while creating their profiles can be used to log in directly to SmartRecruiters without a need of going through an IdP.

Specific IdP guides:

Below you can find detailed guides on how to configure SmartRecruiters as a Service Provider in specific IdP applications. If the guide to a specific IdP that you are using is not listed below and you know it exists (usually it’s available in IdP help pages), feel free to send it to us and we will be happy to add it here.

  • AD FS Configuration Guide
  • Google Apps  you can get the Entity ID, Single Sign-On URL and X.509 Certificate values by logging in to SmartRecruiters as an Admin, going to Settings/Admin -> Web SSO ->
    SmartRecruiters Metadata (or using this link if you are already logged in). It is shown in point 3 of “Add new Service Provider in your IdP” part on the generic guide below. Here’s our logo that you can use as an icon for SmartRecruiters app.
  • Okta – your Identity Provider URL and Identity Provider Certificate will be generated in the linked guide when you sign into your Okta Admin Dashboard

 Generic IdP guide:

Each IdP configuration looks differently in details but the general concept remains the same as we deal with the SAML 2.0 standard. Therefore we present below an example of how to add a new Service Provider using a free OpenIdP provider (Note that the OpenIdP service is no longer available and has been shut down, however the guide below is still valid for getting a generic set up flow).

Web SSO configuration in SmartRecruiters

In order to perform a Web SSO configuration in SmartRecruiters you need to be an Admin user.

  1. Open the Web SSO configuration page directly or log in to SmartRecruiters and go to Settings / Admin > Web SSO
    Settings / Admin > Web SSO
  2. Enable Web SSO
    Enable Web SSO
  3. Copy IdP URL and Certificate from your IdP metadata
    IdP metadata copy
  4. Paste it as shown in the below example
    Provide IdP URL & certificate
  5. Save.

Add new Service Provider in your IdP

  1. Manage Service Providers
    Manage Service Providers
  2. Add new Service Provider from SAML 2.0 XML metadata
    Add Service Provider
  3. Open SmartRecruiters Web SSO metadata from the Web SSO configuration page and copy
    SmartRecruiters Web SSO metadata
    Copy SmartRecruiters Web SSO metadata
  4. Paste the metadata in IdP configuration and Import
    Import the metadata
  5. Provide a Service Provider name and Save.
    Provide SP nameThat’s all! In order to initiate the SSO log in process please use the below URL:
    https://www.smartrecruiters.com/web-sso/saml/<CompanyIdentifier>/login