Customers can choose which users will access the system via Single sign-on (SSO) vs. email/password using simple radio buttons within User Management. These actions can also be completed via our Public API. This will address a number of customer use cases. Where a customer has enabled Web SSO, the default setting for all existing and newly created users will be Single sign-on (SSO).
- Administrator goes to User Management in Settings / Admin.
- Administrator clicks Add new user.
- Administrator fills out the details and changes sign-in to Email/Password.
- When Amy logs into SmartRecruiters, she sees a two-phase authentication. Amy enters her email address (phase 1) and is then requested to enter her password (phase 2).
- Where Single sign-on (SSO) is selected in step 3, Amy will enter the email address (phase 1) and the system will automatically route to the SSO identity provider so no password field will be displayed.
Can these access management changes happen via integrations with other systems, such as a HRIS?
Yes. The feature is available through the public API, so that customers can trigger changes from other systems rather than everything happening via SmartRecruiters UI.
Where sign-in is changed to Email/Password, can the administrator request a reset password?
Yes. This can be done from both the user interface and via APIs. On the UI, there is a Reset Password button on the Edit user modal. The administrator should first change the sign-in option to Email/Password and Save. This will close the modal so the administrator needs to reopen the modal and Reset Password.
Are there any configuration impacts to using SSO sign-in?
Yes. Where the administrator sets a user to "Single sign-on (SSO)" then the "Login and Password" page in Settings / Admin is automatically hidden. Thus, "SSO only" users will not be able to reset passwords.
With this feature will the Administrator have to update the Sign-in options value for all users? No. If the company has configured web SSO in SmartRecruiters settings, then all users will default to SSO even if both values are blank. If SSO is not configured, then all users will default to email/password even if both values are blank.
Can administrators filter by sign-in options on the user list?
How will this feature impact authentication on mobile Hiring app or Field Recruiting app?
The apps will respect whatever value each user has associated to their account - either SSO or email/password.
Does this feature apply if users are asked to log in via an email? - e.g. a job approval email.
Yes. The same rules are in place.