Creating new SSO-enabled user

Follow those steps when you want to create new SSO-enabled user:

1. Get SmartRecruiters API credential
a. Login to your SmartRecruiters account.
b. Go to “Settings/Admin -> Apps & Integrations -> Credentials” (if you are already logged in you can use this link). Please keep in mind that you have to have SmartRecruiters Admin account in Corporate Plan to be able to see this page.
c. Select “New Credential” to generate a new API credential; if you are creating an OAuth client ID, please ensure you specified users related access scopes.

2. Create and activate new User using SmartRecruiters Public API
a. Navigate to our Live Docs page.
b. At the top, in the X-SmartToken field please paste your SmartRecruiters API key that you got in step 1c. of this guide. Please note that this classic API explorer doesn’t support the use of OAuth credential. If you are using OAuth, use the new API explorer.
c. Scroll down to the POST /users endpoint.
d. In the “User” field please provide the following string (between the quotes inputting values described in point e. below):

{
 "email": "user_email_address",
 "firstName": "user_first_ name",
 "lastName": "user_last_name",
 "systemRole": {
   "id": "id_of_system_role",
   "name": "name_of_system_role"
 },
 "ssoIdentifier": "user_email_as_sso_identifier"
 }

as in the screenshot below:

Alternatively, to provide more information about the user (like it’s location) use an example of extended object below:

{
 "email": "",
 "firstName": "",
 "lastName": "",
 "role": "",
 "location": {
 "country": "",
 "countryCode": "",
 "regionCode": "",
 "region": "",
 "city": "",
 "address": "",
 "postalCode": ""
 },
 "ssoIdentifier": "",
 "password": "",
 "externalData": ""
}

e. Between the quotes, please provide values as described below:
email – user’s email address (please note that this is case-sensitive)
firstName – user’s first name
lastName – user’s last name
role – use EMPLOYEE or RESTRICTED or STANDARD or EXTENDED or ADMINISTRATOR
ssoIdentifier – user’s ssoIdentifier – the most important thing is that the ssoIdentifier that your IDP sends needs to match exactly (case-sensitive) the SmartRecruiters user’s ssoIdentifier – this is where you set it up in SR. we recommend that the ssoIdentifier is this person’s email, but the truly important part is that ssoIdentifiers need to match in IDP and SR. If for some reason you will need to change the ssoIdentifier after creating the user, you can do so by following this guide.

f. Click on “Try it out!” button.
From the Response Body result, copy the “id” value of the user in question as in the screenshot below:

3. Activate the User via API
Scroll down to the Activate a user account endpoint. Paste the “id” value (copied in step 2f. of this guide) in the “id” field. Click on “Try it out!” button.

When you receive the response 204, the user is now created and active. Trying to login to SmartRecruiters from the IDP application of your choice will now succeed for this user as long as IDP will send the ssoIdentifier exactly the same as set in step 2d of this guide.