Introduction

This is a guide on how to configure the SAML IdP in Talent App Store with an Azure Active Directory (AD).

Configure AzureAD

Within Azure you'll need to create a 'Non Gallery app' for SSO using SAML from the SnapHire/Talent App Store metadata.

• On the left navigation pane, select Azure Active Directory.

• Click Enterprise applications

• Select New application

• Click Non-gallery application.

• Give the application a name ie. the name of your ATS

• Click the add button.

• Now browse back to the application you just created and click Single sign-on.

• Choose SAML-based Sign-on.

• Click Upload metadata file and upload the Talent App Store metadata.

• User Attributes - for “User Identifier” select user.mail.

• Then configure 3 custom claims to be sent through:
  tas.personal.email - user.mail
  tas.personal.givenName - user.givenname
  tas.personal.familyName - user.surname

• Save a copy of your Federation metadata XML.

Installing the SAML IdP on Talent App Store

On your tenant’s storefront, navigate to Explore -> Identity -> Sign in With SAML 2.0, then click on the “Add user type” button.

• Select the user type (user in most cases)
• Choose a name which will appear when signing in
• Select a logo which will appear when signing in, please note this needs to be a .png file
• Paste your IdP metadata into the metadata field
• Select the signature algorithm RSA with SHA256 (Azure default)
• Select the signature digest algorithm SHA256 (Azure default)
• Check 'NameID is email address'
• Leave 'Assertions are encrypted' unchecked (Azure default)
• Click Save