Integration: Setting up SSO within Trakstar Hire
Using Mitratech HQ? Go here for further instructions!
What is Single Sign-On?
Single sign-on (or SSO) is a method of authentication and log-in to an application with a single set of credentials, rather than remembering multiple usernames and passwords across different software.
Trakstar Hire can integrate with any SAML 2.0 identity provider to achieve a seamless login experience. Once users have authenticated with their organization’s identity provider, they are granted one-click access to Hire – simple, secure, and fast!
Configuring SSO in Hire
NOTE: You'll need a user with Super Admin Hire access and administrator access to your SSO software to set this up. This can be the same person or different folks - buddy up so you can complete the necessary steps!
Once logged in as a Super Admin, go to Settings > Company Settings > SSO.
Look for the Single Sign-On/ACS (Consumer) URL and Issuer/Audience URI information
IDP Set Up
As an admin on your SSO software, Log in to your Identity Provider (IDP).
Create an "Application" within your Identity Provider via the SAML 2.0 sign-on method. Use the Single Sign-on URL and Audience URI from your settings page in Hire. Ensure the application user name is set as "Email," and the NameID format is “Email address.”
Note: The steps vary from one IDP to another - the administrator of the IDP account would know how this is done. If not, please reach out to your IDP's support team.
Configure the IDP application to allow access to all the relevant users within the organization
Copy the Identity Provider Metadata URL to transfer into Hire.
Connecting Your IDP & Hire
Within Hire, navigate Settings > Company Settings > SSO and enable SAML.
Paste the Identity Provider Metadata URL in the Metadata URL field. Here's an example of what it will look like with Okta:
Click Save, and you're done!
Important Points
- User accounts need to be created in Hire before authenticating (and logging in) via the IDP. Configuring SSO only helps users login to Hire without having to remember their Hire credentials - but their accounts still need to be created in Hire.
- Users accessing Hire from their IDP will automatically sign in to the application.
- Once SSO is enabled, users cannot log in via the Login page on hire.trakstar.com They need to login either via their identity provider or via HTTPS://{clientname}.hire.trakstar.com/accounts/login.
- Users accessing Hire from links in emails will be redirected to their IDP (and signed right in, if already authenticated with your identity provider)
- If you use our Chrome Plugin to pull candidate profiles into your Hire account, you must log in via SSO before using the plugin. You will not be able to log in via the plugin.
- Hire cannot support Google SSO, as Google does not provide a Metadata URL, which is required in the Hire SSO settings.