AD FS Configuration

Follow those steps to configure SmartRecruiters Web SSO in AD FS

Part 1: SmartRecruiters Configuration

    1. Login to your SmartRecruiters account.
    2. Go to Settings/Admin and then to Web SSO (if you are already logged in you can use this link). Please keep in mind that you have to have SmartRecruiters Admin user account in Corporate Plan to be able to see this page.
      1
    3. Click on the Enable Web SSO toggle, click on Save.
      2
    4. Copy IdP URL and Certificate from your IdP metadata (FederationMetadata.xml). You can find your ADFS Federation Metadata file URL on the AD FS server through the AD FS Management in AD FS > Service > Endpoints and go to section Metadata. It should look like this  https://sts.yourdomain.com/FederationMetadata/2007-06/FederationMetadata.xml. If you can’t open metadata URL link in the Internet Explorer, try using another browser. When you open the XML file, you will find your Idp URL and Certificate inside, similarly to the example below.3
    5. Paste the IdP URL and Certificate in the SmartRecruiters Web SSO settings as shown in the example below. Click on Save.4

Part 2: AD FS Configuration

  1. Open SmartRecruiters Web SSO metadata from the Web SSO configuration page and save as an xml file (metadata.xml) to your local hard drive. 5 6

    Make sure that you have this file available locally on your AD FS server – copy it to local drive of AD FS server if it was downloaded locally on the drive.

  2. Run the AD FS Management on the ADFS server.7

  3. Go to AD FS > Trust Relationships, right-click on Relying Party Trusts, and select Add Relying Party Trust… The Wizard window will appear:8

  4. Click on Start and then select Import data about the relying party from a file. Click Browse and go to the metadata.xml file that you got in Step 1. Click on Next. 9

  5. Enter the Display name (for example “SmartRecruiters”) and click on Next.10
  6. On the Configure Multi-factor Authentication Now? click on Next.
  7. On the Choose Issuance Authorization Rules click on Next
  8. On the Ready to Add Trust click on Next and then on Finish
  9. Right-click on SmartRecruiters (or on the other Display name that you defined in Step 5) and select Edit Claim Rules… Click on Add Rule…11
  10. In the Claim rule template select Send LDAP Attributes as Claims and click on Next.12
  11. Enter the Claim rule name (for example “Issue: Common Name based on LDAP attribute”). In the Attribute store select Active Directory. As the LDAP Attribute enter the name of Active Directory attribute which contains the ssoidenfier value that will match the SmartRecruiters user account ssoIdentifier (it should be user’s email address – case sensitive). As the Outgoing Claim Type select Common name. Click on Finish. You can read more about the ssoIdentifier in the User Binding section of the Web SSO Overview guide. 13
  12. Right-click on SmartRecruiters (or the other chosen Display Name) again and select Edit Claim Rules… Click on Add Rule…
  13. In the Claim rule template select Transform an Incoming Claim and click on Next.14
  14. Enter the Claim rule name type (for example “Issue: Name ID based on Common Name”). In the Incoming claim type select Common Name. In the Outgoing claim type select Name ID. In the Outgoing name ID format select Persistent Identifier. Click on Finish and then on OK.
    15
  15. That’s it! Your AD FS is set to work with SmartRecruiters Web SSO now. In order to test it and initiate the Web SSO login process, please use the URL following the example below:
    https://www.smartrecruiters.com/web-sso/saml/<CompanyIdentifier>/login
    Where the <CompanyIdentifier> will be the value of your company identifier.
    Please note that users need to be provisioned in SmartRecruiters for this to work correctly. You can read more about it in the User Provisioning section of the Web SSO Overview guide.