Creating new SSO-enabled user

Follow those steps when you want to create new SSO-enabled user:

1. Get SmartRecruiters API key
a. Login to your SmartRecruiters account.
b. Go to Settings/Admin and then to API/Integrations (if you are already logged in you can use this link). Please keep in mind that you have to have SmartRecruiters Admin account in Corporate Plan to be able to see this page.
c. Copy your SmartRecruiters API key value.

API key

2. Create and activate new User using SmartRecruiters Public API
a. Navigate to our Live Docs page.
b. At the top, in the X-SmartToken field please paste your SmartRecruiters API key that you got in step 1c. of this guide.
c. Scroll down to the POST /users endpoint.
d. In the “User” field please provide the following string (between the quotes inputting values described in point e. below):

1
2
3
4
5
6
7
{
"email": "",
"firstName": "",
"lastName": "",
"role": "",
"ssoIdentifier": ""
}

as in the screenshot below:

POST :users

Alternatively, to provide more information about the user (like it’s location), under the Parameter section click on the Model Schema’s yellow body (this will pre-populate the “User” field on the left).

click on Model Schema

Or use an example of extended object below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
{
 "email": "",
 "firstName": "",
 "lastName": "",
 "role": "",
 "location": {
 "country": "",
 "countryCode": "",
 "regionCode": "",
 "region": "",
 "city": "",
 "address": "",
 "postalCode": ""
 },
 "ssoIdentifier": "",
 "password": "",
 "externalData": ""
}

e. Between the quotes, please provide values as described below:
email – user’s email address (please note that this is case-sensitive)
firstName – user’s first name
lastName – user’s last name
role – use EMPLOYEE or RESTRICTED or STANDARD or EXTENDED or ADMINISTRATOR
ssoIdentifier – user’s ssoIdentifier – the most important thing is that the ssoIdentifier that your IDP sends needs to match exactly (case-sensitive) the SmartRecruiters user’s ssoIdentifier – this is where you set it up in SR. we recommend that the ssoIdentifier is this person’s email, but the truly important part is that ssoIdentifiers need to match in IDP and SR. If for some reason you will need to change the ssoIdentifier after creating the user, you can do so by following this guide.

f. Click on “Try it out!” button.
From the Response Body result, copy the “id” value of the user in question as in the screenshot below:

user id

3. Activate the User via API
Scroll down to the Activate a user account endpoint. Paste the “id” value (copied in step 2f. of this guide) in the “id” field. Click on “Try it out!” button.

PUT users

When you receive the response 200, the user is now created and active. Trying to login to SmartRecruiters from the IDP application of your choice will now succeed for this user as long as IDP will send the ssoIdentifier exactly the same as set in step 2d of this guide.