Creating new SSO-enabled user

Follow those steps when you want to create new SSO-enabled user:

1. Get SmartRecruiters API key
a. Login to your SmartRecruiters account.
b. Go to Settings/Admin and then to API/Integrations (if you are already logged in you can use this link). Please keep in mind that you have to have SmartRecruiters Admin account in Corporate Plan to be able to see this page.
c. Copy your SmartRecruiters API key value.

2. Create and activate new User using SmartRecruiters Public API
a. Navigate to our Live Docs page.
b. At the top, in the X-SmartToken field please paste your SmartRecruiters API key that you got in step 1c. of this guide.
c. Scroll down to the POST /users endpoint.
d. In the “User” field please provide the following string (between the quotes inputting values described in point e. below):

{
 "email": "user_email_address",
 "firstName": "user_first_ name",
 "lastName": "user_last_name",
 "systemRole": {
   "id": "id_of_system_role",
   "name": "name_of_system_role"
 },
 "ssoIdentifier": "user_email_as_sso_identifier"
 }

as in the screenshot below:

Alternatively, to provide more information about the user (like it’s location) use an example of extended object below:

{
 "email": "",
 "firstName": "",
 "lastName": "",
 "role": "",
 "location": {
 "country": "",
 "countryCode": "",
 "regionCode": "",
 "region": "",
 "city": "",
 "address": "",
 "postalCode": ""
 },
 "ssoIdentifier": "",
 "password": "",
 "externalData": ""
}

e. Between the quotes, please provide values as described below:
email – user’s email address (please note that this is case-sensitive)
firstName – user’s first name
lastName – user’s last name
role – use EMPLOYEE or RESTRICTED or STANDARD or EXTENDED or ADMINISTRATOR
ssoIdentifier – user’s ssoIdentifier – the most important thing is that the ssoIdentifier that your IDP sends needs to match exactly (case-sensitive) the SmartRecruiters user’s ssoIdentifier – this is where you set it up in SR. we recommend that the ssoIdentifier is this person’s email, but the truly important part is that ssoIdentifiers need to match in IDP and SR. If for some reason you will need to change the ssoIdentifier after creating the user, you can do so by following this guide.

f. Click on “Try it out!” button.
From the Response Body result, copy the “id” value of the user in question as in the screenshot below:

3. Activate the User via API
Scroll down to the Activate a user account endpoint. Paste the “id” value (copied in step 2f. of this guide) in the “id” field. Click on “Try it out!” button.

When you receive the response 204, the user is now created and active. Trying to login to SmartRecruiters from the IDP application of your choice will now succeed for this user as long as IDP will send the ssoIdentifier exactly the same as set in step 2d of this guide.