Contact Support

How to Setup Single Sign-On using SAML 2.0

We want to make it easy for all of your team members to access JobScore.  If your company uses Single Sign On (SSO) with SAML 2.0, please complete the steps on this page. Once you provide us with the information we need, we will coordinate a cut-over date. 

Important: We have specific installation instructions for Okta and Microsoft Azure. Please click on the appropriate link if you use one of these providers.

Prepare for Single Sign-On cut over

Here's how things will work after we cut over to your SAML 2.0 Single Sign-On provider:

  1. All existing users in your JobScore account will preserve their existing access level, but they will no longer be able to log in using their password, they will only be able to login through SAML 2.0 Single Sign On.
  2. Users can be provisioned normally through the JobScore interface.  However, users ability to log in will be governed by your Identity Provider, meaning they may not be able to login when you add them.
  3. If a user has been granted access to JobScore through your Identity Provider but has not yet been added to the JobScore system they will be auto-provisioned on their first successful login (Just in Time provisioning).
  4. Auto-provisioned users are granted the lowest access level in JobScore (Limited). The user will be prompted to ask a colleague with JobScore administrative privileges to increase their access level if they are a hiring manager or recruitment / HR professional.

Recommendations:

  • We strongly recommend setting it up so that everyone in your company is able to access JobScore.  The limited access level is specifically designed for everyone in your company to only be able to view open jobs, refer friends and conduct interviews - things everyone in your company may need to do.
  • If you choose to restrict access to specific users, we recommend you ask your IT department (who controls your Identity Provider) to grant access to everyone who needs to access JobScore prior to the cut-over date to ensure a smooth transition. Please don't hesitate to contact support@jobscore.com if this prompts questions.
  • If you choose to restrict access, we recommend granting JobScore access and selecting an access level become a required part of your new employee onboarding process.

Step 1: Locate and save your Company code

Locate your Company Code by accessing this page in JobScore and then jot it down.

Step 2: Configure your SAML Identity Provider

Here is the information your Identity Provider will need to complete the integration:

  • ACS (Assertion Consumer Service) URL / Post Back URL: https://hire.jobscore.com/auth/saml/[companycode]
  • Name ID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
  • Audience: https://www.jobscore.com
  • Recipient: https://hire.jobscore.com/auth/saml/[yourcompanycode]
  • Attribute Statements (optional): JobScore will conveniently use these values (when available) when the user logs in for the first time and creates their account.
    • first_name - User's First Name
    • last_name - User's Last Name

Once you've added JobScore to your identity provider you aren't done, you'll need to send us an email...

Step 3: Email JobScore to activate Single Sign-On for your account

Once you configure your identity provider to work with JobScore, please email support@jobscore.com with the following details so we can configure your account

  • The day and time you would like to enforce SAML single sign-on for JobScore (when users will no longer be able to login using their password)
  • IdP Issuer URL:  The URL that uniquely identifies your SAML identity provider.
  • IdP Certificate:  The authentication certificate issued by your identity provider.
  • IdP Login URL (SSO): The URL where JobScore sends a SAML request to start the login sequence.
  • (Alternatively, If your IdP supports metadata generation, you can forward the generated xml file to us instead of the three values above)

The JobScore success team will confirm receipt of your email and the scheduled date and time of the cut-over.

If you have any other questions, please contact support@jobscore.com.

Comments

Powered by Zendesk