Introduction
This is a guide on how to configure the SAML IdP in Talent App Store with an Azure Active Directory (AD).
Configure AzureAD
Within Azure you'll need to create a 'Non Gallery app' for SSO using SAML from the SnapHire/Talent App Store metadata.
On the left navigation pane, select Azure Active Directory.
Click Enterprise applications
Select New application
Click Non-gallery application.
Give the application a name ie. the name of your ATS
Click the add button.
Now browse back to the application you just created and click Single sign-on.
Choose SAML-based Sign-on.
Click Upload metadata file and upload the Talent App Store metadata.
User Attributes - for “User Identifier” select user.mail.
Then configure 3 custom claims to be sent through:
tas.personal.email - user.mail
tas.personal.givenName - user.givenname
tas.personal.familyName - user.surnameSave a copy of your Federation metadata XML.
Installing the SAML IdP on Talent App Store
On your tenant’s storefront, navigate to Explore -> Identity -> Sign in With SAML 2.0, then click on the “Add user type” button.
- Select the user type (user in most cases)
- Choose a name which will appear when signing in
- Select a logo which will appear when signing in, please note this needs to be a .png file
- Paste your IdP metadata into the metadata field
- Select the signature algorithm RSA with SHA256 (Azure default)
- Select the signature digest algorithm SHA256 (Azure default)
- Check 'NameID is email address'
- Leave 'Assertions are encrypted' unchecked (Azure default)
- Click Save