Skip to main content

Guide to Enable Azure SSO

hireEZ
  • Updated

This guide will cover how to integrate hireEZ-SSO with Azure Active Directory (Azure AD). Integrating allows you to control who has access to hireEZ-SSO and enables your users to be automatically signed-in to hireEZ-SSO with their Azure AD accounts - all through the Azure portal. We support both SP and IDP initiated SSO.

You can also refer to: Microsoft Tutorial: Azure AD SSO integration with hireEZ-SSO
        * Please note that SSO is only available for organizations with Enterprise subscription.

This article will discuss the following parts:

Add hireEZ-SSO from the gallery

1. Login to your Azure Active Directory account, go to Browse Azure AD Gallery.

2. In the application search bar type in hireez - SSO.1.jpg

3. Select hireEZ-SSO from the results panel and then click to create the app. Wait a few seconds while the app is added to your tenant.

mceclip0.png

Configure and Azure AD SSO for hireEZ-SSO

4. You should be automatically taken to the hireEZ-SSO application integration page once the app is created. Under the Manage section, select Single sign-on > then select SAML.

2.jpg

5. Click to Edit the Basic SAML Configuration settings.

3.jpg

6. To configure the application in IDP initiated mode, perform the following steps:

a. Go to Single Sign-On (SSO) set up within Admin portal and click to Download SP metadata XML.

mceclip0.png
b. Open the downloaded file with text editor and save your teamID as seen highlighted in screenshot.

022.jpg

c. In the Identifier text box, type the URL: https://app.hireez.com/

d. In the Reply URL text box, type the URL: https://api.hireez.com/v1/users/saml/login/<teamID> as seen in the screenshot below.

4.jpg

7. (Optional step) Scroll down to number 2, Attributes & Claims and click to Edit.

5.jpg

8. (Optional step) Save the listed claim names on your computer for First Name, Last Name and Job Title. If you are missing any, you can add them by clicking Add new claim.

6.jpg

9. Go back by clicking the X on the top right, then scroll down to SAML Signing Certificate section, then open the App Federation Metadata Url in another tab.

7.jpg

10. From the new tab, copy the [Entity ID] and [X509 Certificate] values from the metadata file and save them on your computer.

8.jpg

11. Now back to the Microsoft Azure portal, click the Properties tab on the left menu bar, copy the value of User access URL, and save it on your computer.

9.jpg

12. Now on the hireEZ Admin Console, go to Single Sign-On Settings and populate the fields with the information saved from steps 8-11.

a. SAML 2.0 SSO URL field: User access URL from step 11.
b. Identity Provider Issuer field: Entity ID from step 10.
c. Certificate field: X509 Certificate from step 10.
d. (optional step) First name attribute, Last name attribute, and Title attribute fields:
    Corresponding Claim name from step 8.

*NOTE: For ADFS please populate as follows instead:

      • SAML 2.0 SSO URL field: Login URL as seen on Azure portal single sign-on page step 4 Set up.
      • Identity Provider Issuer field:https://app.hireez.com/

mceclip0.png

13. Turn On Single Sign-On Connection Status button. You can always use this toggle button to connect/disconnect Single Sign-On and apply the status to all the accounts in your team.

11.jpg

Adding users to your SSO

14. Go back to your Azure portal hireEZ - SSO > under manage, click on Users and groups > click on +Add user/group

12.jpg

15. Under Users and groups, click on None Selected > then search names and click on each so they show under Selected items > once you have them all click Select and Assign

13.jpg

Testing your SSO

16. Now scroll down and click Test to ensure all credentials are correct. If there is an error message please input the correct credentials and click Test, repeat until no error message. Then click Save.

image__1_.png

17. On the pop up, click sign in as current user > then click Test sign in.

15.jpg

a. For SP initiated: This will redirect to hireEZ-SSO Sign on URL where you can initiate the login flow.

b. For IDP initiated: You should be automatically signed in to the hireEZ-SSO for which you set up the SSO.

 

Enable Admin SP-Initiated Single Sign-On

18. After you make sure everything is working well, then turn On the Admin SP-Initiated Single Sign-On button. Admin SP-initiated SSO is disconnected by default because your admin account can always log into hireEZ Web App/Extension by email/password to revise your SSO configuration info as needed.

           Note:

      • The purpose of setting the admin SP-initiated SSO default to disconnected is so that your admin account can always login to hireEZ Web App/Extension by email/password to revise your SSO configuration info if the SSO integration setup has any errors.
      • If your Single Sign-On configuration has any errors or you have trouble to login to hireEZ Web App/Extension after you set the toggle to connected [Admin SP-Initiated Single Sign-On], please contact support@hireez.com.      
        16.jpg

You may also contact us at support@hireez.com or reach out to your Customer Success Manager to learn more about the workflow.


Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.