Single Sign On (SSO)

What is Single Sign On?

Single Sign On is (SSO) is a new authentication method which is widely used across the world for various web applications where there is a need of credentials. Single sign on process will help the user to login into multiple services using the same credentials.

What do you need to know?

Once this feature is enabled from the backend, the new authentication process will enable the Ready Recruit customers (users) to safely login to the application by using a single set of credentials.

How to configure it?

The admin users will have the ability to customise these settings from the admin dashboard under the "Security Settings" section. This can be configured by the customers using their own identity provider. (Example: ReadyTech users use Office 365 to login via SSO).

What do you require?

• SSO feature enabled on Ready Recruit - contact Zendesk Support to facilitate this. 
• Azure Active Directory, or Azure AD Premium (license required)
• Ready Recruit Administrator privileges
  
  

How to set up SAML SSO:

1. Log in to your Azure Active Directory.
2. Select Enterprise Applications in the left-hand main menu> All Applications > New Application > Non-gallery application.
3. Give your application a name related to the Application that you will be configuring. Example: Ready Recruit
4. In the application record, you just created, under Manage, click Single Sign-on.
5. Select SAML-based Sign-on.
6. In Ready Recruit, navigate to Admin Settings > Security Settings > SAML SSO. 
7. In Azure Active Directory, click the Edit button next to Basic SAML Configuration to Copy and Paste the Service Provider Entity ID, Assertion Consumer Service URL and the Sign-on URL field from Ready Recruit into Azure.

8. Now In the Preview window, under 3. SAML Signing Certificate, click Download on 'Federation XML Data'.

9. Go back to Admin Settings > Security Settings > SAML SSO in Ready Recruit.

10. Select Choose File, to upload the Azure Federation XML Data file you just downloaded to the Ready Recruit SAML SSO Identity Provider Metadata (IdP) field.

11. Select Force SSO, if applicable.
The Force SSO button restricts users to only log in using SSO. If the button is not selected, users will have both options to log in using password/username, as well as via Single Sign on. 

12. Go back to Azure Active Directory, navigate to the left-hand menu, and select Users and Groups.

13. Add your users that correspond to your existing Ready Recruit user list, with matching emails.

You are ready to start using SSO!

The "Sign in with Single Sign-on" button on Ready Recruit login portal should now be visible. When a user clicks on this blue colour button, they will be redirected to authenticate with Azure. They will not need to authenticate again once this is completed. 

Troubleshooting

If Ready Recruit returning an Invalid Signature on SAML Response error when attempting to sign in using SSO? Try these steps:

1. Open the Ready Recruit Enterprise Application in your Azure Active Directory.
2. Open the SAML Signing Certificate list by selecting the SAML Signing Certificate heading's Edit icon (a pencil).
3. Ensure there is only one active signing certificate on that list. Back up and delete any extra certificates.
4. Download the Federated Metadata XML file and upload it in the Ready Recruit SAML SSO admin section.
5. Ensure that the remaining steps are completed according to the Ready Recruit SAML SSO Configuration guide.
6. Log in to Ready Recruit via SAML SSO.
   
   

If you continue to experience issues after attempting these troubleshooting steps, please contact our team at Zendesk Support where we can investigate the issue further.