Recruitment Marketing uses SAML 2.0 to implement Single sign-on for its users. The benefits of single sign-on include:
- Adding new team members can be done centrally.
- No more ‘password fatigue:’ team members don't need to worry about remembering yet another password.
- Team members who leave the company will automatically lose access to the Recruitment Marketing system once their ability to authenticate via the Identity Provider (IdP) is removed.
For some information, you will need to consult the IT team responsible for your Identity Provider (IdP) system.
Activating Single Sign-On using SAML 2.0 for users
- Log into the Recruitment Marketing module.
- From the side menu, under Organisation click Settings.
- Settings can be found under the SAML 2.0 - Users section.
- Either enter the URL of the iDP metadata, and click Save, which will automatically parse the relevant information from the metadata file, or complete the following:
- Assertion Consumer Service URL - if not pre-filled, consult your IT team
- SP Entity ID - should be set to the full domain name of your new website (i.e. careers.company.com), with no protocols
- IdP SSO Target URL - consult your IT team
- IdP Entity ID - should be set to the full domain name of your new website (i.e. careers.company.com), with no protocols
- IdP Certificate - this is the public certificate from your enterprise identity provider, consult your IT team.
- Suggested Clock drift - as Recruitment Marketing and iDP systems do not share the same NTP server.
- IdP Launch URL - define to direct SAML users to your IdP SAML app if they navigate directly to Recruitment Marketing
- IdP Sign Out URL - define to direct SAML users to a specific website (usually an intranet page) if they manually log out of Recruitment Marketing during a SAML session.
- Enable provisioning of users from IdP - select this checkbox as it is recommended
Enable syncing user roles/permissions from IdP - select this checkbox if required. The valid permission values are:
- Click the Save button to keep the settings.
If using the IdP Metadata URL to configure the setting, the hosting domain of the metadata URL needs to be whitelisted within the Recruitment Marketing platform. Many common services such as Okta, Azure AD are already whitelisted. However, if you receive an error when clicking the Save button, please speak to your Customer Success Manager or Professional Services team member to have them arrange for your domain to be whitelisted.
Note: If using a client's metadata URL, it will need to be whitelisted to ensure a successful import into the system. Please contact PageUp to have this done.