All Collections
Security & Privacy
Single sign-on (SSO) integration
Single sign-on (SSO) integration

Streamline your recruitment process with Recruit CRM's Single Sign-On integration.

Divya Utreja avatar
Written by Divya Utreja
Updated over a week ago

Please note that this is a Business and Enterprise plan exclusive feature.

Managing multiple platforms and remembering passwords can be time-consuming and inconvenient. With the Single Sign-On (SSO) integration, you can streamline your login process and enhance security.


🔑 Simplifying Access with Single Sign-On Integration


Recruit CRM's Single Sign-On Integration allows you to access your account by using your existing credentials from various identity providers (IDPs) supporting the OpenID Connect (OIDC) protocol, including Google, Microsoft Azure, and Okta.

This means no more juggling multiple passwords or struggling to remember which login credentials to use. With SSO, you can log in effortlessly and save your valuable time.


⚙️ Setting up SSO


2. Enable the 'Single Sign On toggle'.

Enabling SSO will disable MFA/2FA if that is enabled on the account.

3. Select your preferred IDP.

4. Set up SSO for your desired IDP:

Google

1. Navigate to Google Cloud Platform

2. From the navigation bar, click on 'APIs and Services' -> 'OAuth consent screen'

3. On the OAuth consent screen, click on the 'Select a Project' dropdown and from there you can create and select your project as shown below:

4. Once you select the project, select the 'User Type' as Internal/External as per your preference and click on 'Create' :

5. Fill in the required information including the name of your app, support emails, authorized domain, etc.

6. Click on 'ADD & REMOVE SCOPES', select all the scopes, and click on the blue 'Update' button -> hit 'Save and Continue':

7. The next step is to click on the 'ADD USERS' button and add the users -> hit 'Save & Continue'. It will then show you the entire summary, click on 'Back to Dashboard':

8. Post this, the next step is to create the credentials. Follow the steps below to create them:

In the Authorised Redirect URI section, paste the 'Redirect URI' that you've copied from the Recruit CRM's Account Management settings while setting up the SSO:

9. Once you create the credentials, you can access them by clicking on the name:

Okta

Getting the 'Client ID' and the 'Client Secret'


1. Create an account on Identity | Okta and click on 'Admin' on the top-right of the navbar:

2. It will redirect you to the Okta console. On the left panel of the console, click on Applications → Applications:

3. Click on "Create App Integration". A pop-up will appear, select the options as shown below and click on 'Next':

4. Under the 'Grant Type', enable the 'Client Credentials' and 'Refresh Token' options and enter the Redirect URL that you copied from our Recruit CRM web app.

5. Select 'Controlled access' as per your preference and click on 'Save'.

6. Once you save your changes, you will able to get the 'Client ID' and the 'Client Secret' as shown in the image below:

Getting the Authorization URL and Access token URL


1. Navigate to Security → API on the left panel and then click on 'default':

2. You'll be redirected to the 'default' page, click on the 'Metadata URL':

3. Once you click on the 'Metadata URL', you can access the 'Authorization URL' and 'Access token URL':

Adding users


1. Navigate to Directory → People and click on 'Add person':

2. Fill out the required form and click on 'Save':

Azure

Getting the 'Client ID'


1. Create an account on Microsoft Azure Portal.

2. Select 'App Registrations' from the Menu/Search Bar:

3. Click on the 'New Registration' button. Following this, provide the necessary details including the name of the app, select the supported account types that meet your requirements, and add the Redirect URL copied from the Recruit CRM web application.

4. Click on 'Register' and you will get the 'Client ID' and 'Tenant ID':

For Authorization UL and Access Token URL, you need to use this Tenant ID as:

Authorization URL: https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/authorize


Access Token URL: https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/token

Accessing the 'Client Secret'


1. Click on 'Add a certificate or secret' on the same page where you got your 'Client ID' and 'Tenant ID':

2. Click on ' New client secret', fill in the 'Description' and select the option available in the 'Expires' dropdown as per your preference and click on 'Add':

3. Once you click on 'Add', you will get the 'Client Secret'.

Granting Admin consent for default Directory


1. Navigate to 'Authentication' on the left side panel >> enable both the 'Access token' and 'ID token' and click on 'Save':

2. Next, navigate to 'API Permissions' located in the same left panel and click on 'Microsoft Graph (1)'. A new screen will appear where you'll find a list of checkboxes corresponding to various permissions.

Please ensure all checkboxes are selected, indicating that you've granted the necessary permissions. Once done, proceed to click on 'Update Permissions' to confirm your selections.

3. After completing the permissions setup, proceed by clicking on 'Grant admin consent for Default Directory'. Upon clicking, a popup window will appear seeking confirmation. Click 'Yes' to grant the necessary admin consent.

Adding users


1. To add users to this IDP, begin by clicking on 'Overview' on the left panel. Then, proceed to select 'Manage Application in local directory':

2. Click on 'Assign users and groups'.

3. Now, proceed by clicking on '+ Add user/group'.

4. A window will appear allowing you to select the users or groups you wish to add. Choose your peers from the list and click on 'Select'.



5. Once you set up the SSO for your desired IDP, paste the credentials on the Recruit CRM web app and hit the 'Save' button.

6. When the SSO is set up, you'll also get an option to permit login using email and password.

Important Note


If a user is not present in the IDP group and the option to 'Permit login with email and password' is unchecked, then this user will not be able to access their account unless the email/password login is activated or they are added to the IDP group.

Please note that the Account owner retains the ability to log in with their email and password, ensuring uninterrupted access to Admin Settings.

Hope this helps!

Did this answer your question?