Introduction

This is a guide on how to configure the SAML IdP in Talent App Store with an Azure Active Directory (AD).


Configure AzureAD

Within Azure you'll need to create a 'Non Gallery app' for SSO using SAML from the SnapHire/Talent App Store metadata.


  • On the left navigation pane, select Azure Active Directory.

  • Click Enterprise applications

  • Select New application

  • Click Non-gallery application.

  • Give the application a name ie. the name of your ATS

  • Click the add button.

  • Now browse back to the application you just created and click Single sign-on.

  • Choose SAML-based Sign-on.

  • Click Upload metadata file and upload the Talent App Store metadata.

  • User Attributes - for “User Identifier” select user.mail.

  • Then configure 3 custom claims to be sent through:
    tas.personal.email - user.mail
    tas.personal.givenName - user.givenname
    tas.personal.familyName - user.surname

  • Save a copy of your Federation metadata XML.

 

Installing the SAML IdP on Talent App Store

On your tenant’s storefront, navigate to Explore -> Identity -> Sign in With SAML 2.0, then click on the “Add user type” button.


  • Select the user type (user in most cases)
  • Choose a name which will appear when signing in
  • Select a logo which will appear when signing in, please note this needs to be a .png file
  • Paste your IdP metadata into the metadata field
  • Select the signature algorithm RSA with SHA256 (Azure default)
  • Select the signature digest algorithm SHA256 (Azure default)
  • Check 'NameID is email address'
  • Leave 'Assertions are encrypted' unchecked (Azure default)
  • Click Save