Single sign-on (SSO)

RecruitKit supports authenticating into the RecruitKit Dashboard with an identity provider.

Single sign-on (SSO) is a security feature that allows users to authenticate into the RecruitKit Dashboard using your company's identity provider (IdP).

SAML 2.0

SAML 2.0 (Security Assertion Markup Language) is an XML-based open standard used for exchanging authentication and authorization data between identity providers and service providers (SPs).

Supported identity providers

RecruitKit supports any SAML 2.0 identity provider.

Configuration

Configure the identity provider

  1. In your identity provider, create a new SAML 2.0 application or configure an existing one for RecruitKit.
  2. Name the application RecruitKit, and upload our logo for the icon, which can be downloaded here.
  3. For the single sign-on URL (sometimes referred to as the assertion URL, or the ACS URL), use https://dashboard.recruitkit.com.au/auth/sso/saml/acs.
  4. For the entity ID (sometimes referred to as the audience URI), use https://dashboard.recruitkit.com.au/auth/sso/saml/metadata.
  5. Set the name ID to be the user's email, and if requested, the format for the name ID should be unspecified.
  6. Include the following attribute mapping (if requested, the format for each attribute should be unspecified).
    • Pass through the user's first name as first_name.
    • Pass through the user's last name as last_name.
    • Pass through the user's email as email.
    • Optionally pass through the user's role as role. If the role is not provided, and the user does not already have a role, they will be assigned to the default recruiter role. More details about acceptable roles can be found here.
  7. Save the application, and then visit the configuration page within your identity provider to access the following fields, which you will need to provide to RecruitKit.
    • Identity provider single sign-on URL.
    • Identity provider issuer.
    • X.509 certificate.
  8. Remember to provision access to the new application for your users.

Configure the RecruitKit Dashboard

  1. In RecruitKit, navigate to the Account settings > Team management > Single sign-on (SSO) area, which can be found here. This is only available for the account owner and other users with the administrator role.
  2. Select the SAML 2.0 option.
  3. Enter in your identity provider name (Okta, Google, etc.).
  4. Copy the details you got from your identity provider's configuration page.
    • Identity provider single sign-on URL.
    • Identity provider issuer.
    • X.509 certificate.
  5. Save the settings.

Disabling single sign-on

You can disable single sign-on at any time.

  1. In RecruitKit, navigate to the Account settings > Team management > Single sign-on (SSO) area, which can be found here. This is only available for the account owner and other users with the administrator role.
  2. Select the No single sign-on option.
  3. Save the settings.