SmartRecruiters has implemented SAML 2.0, a broadly supported industry standard for Web SSO, for our mobile Hiring and Field Recruiting apps. SAML is quick and easy to set up and configure, and is also supported by the majority of Identity Providers (IdPs) on the market.
Any Identity Management Solution which supports SAML 2.0 can be configured to work with SmartRecruiters. Here is an example list of IdP Vendors that we have worked with previously:
To get started, configure Web SSO for your SmartRecruiters account. See our dev portal for more information.
After you set up Web SSO, SmartRecruiters' native mobile apps on both iOS and Android will use the same configuration to allow users in your organization to authenticate themselves using the OAuth 2.0 protocol.
Logging in with SSO
After verifying that Web SSO is enabled on your SmartRecruiters account, and that your users are provisioned to use SmartRecruiters, instruct your users to follow these directions:
- Download the SmartRecruiters mobile app(s) from the iTunes or Google Play app stores.
- Once the app is downloaded and installed, open up the app for the first time:
- Enter the email address that belongs to the user account that was provisioned for you by your IdP for SmartRecruiters access. This email essentially acts as username and unique identifier.
- SmartRecruiters will recognize that the account is tied to your company’s Web SSO configuration. The app will redirect to a WebView and load your provider’s SSO authentication screen. Here's an example with Okta Identity Management:
- Enter authentication details. If the authentication process is successful, then your IdP server will pass an authentication token back to the SmartRecruiters mobile app and log you into the app.
Here is a technical diagram of the expected flow:
Here are a few of the most commonly reported mobile SSO login problems and suggestions for resolving them.
Problem: User enters their email on the app login screen and is redirected to the WebView. The IdP authentication page does not load in the webview or the user sees an “SSL error” alert message.
Possible reason: On iOS, the IdP authentication page may not fulfill App Transport Security requirements. Run an SSL server test and review the results to verify that your IdP server fulfills the requirements.
Problem: User enters their email on the app login screen and is redirected to WebView. They successfully authenticate, but then they are NOT redirected back to the mobile app. Instead, they see a blank page.
Possible reason: The user is missing an sso identifier for their account. Review SmartRecruiters SSO setup documentation to verify that an sso identifier has been added for the user.
Problem: User enters their email on the app login screen and is NOT redirected to WebView. They are shown a SmartRecruiters password field.
Possible reason: User account has not been created in SmartRecruiters. Follow SmartRecruiters SSO configuration to create the user.
Problem: User enters their email on the app login screen and receives an error message.
Please take a screenshot of the error message and submit a support ticket.