Single Sign-On (SSO) for Hireguide
💡 Why should I learn this? Single Sign-On (SSO) enhances security and simplifies user authentication by allowing users to log in once to access multiple applications, without needing separate credentials for each. This streamlined login experience not only improves security but also reduces the burden on IT teams by minimizing the need for password management and resets.
With SSO enabled, your users can securely log in to Hireguide using your Identity Provider (IdP), which will handle the authentication process.
IN THIS ARTICLE
IdP Specific Configurations (additional steps)
Supported SSO Providers
Hireguide supports preconfigured integration with popular Identity Providers (IdPs) like Okta, OneLogin, Google Workspace, Entra ID (Azure AD), JumpCloud, PingOne, PingFederate, and CyberArk.
We also support any SAML 2.0 or OIDC-compliant IdP.
SSO Setup Process
- Enable SSO: The Hireguide IT team will activate SSO for your account.
- Configure SSO: An IT Admin with ‘Owner’ permissions can configure SSO through Hireguide’s self-serve onboarding tool.
Enforce SSO: Once SSO is configured, users will only be able to log in via SSO. The Hireguide username/password and Google One Tap login methods will be disabled.
How to Access the SSO Configuration Tool
- Send a request to your Customer Success Manager for SSO to be turned on in your Hireguide Workspace
- Log in to Hireguide
- Click Workspace Settings from the left navigation bar
- Go to the SSO Configuration tab
- Select your IdP and follow the on-screen instructions
IdP Specific Configurations (additional steps)
Azure - Attributes and Claims
When connecting Entra ID (Azure AD), open Attributes & Claims → Additional Claims and provide the following data to each Claim name in the list to make your application is compatible with Hireguide
Claim Name | Type | Value |
SAML | user.mail | |
familyname | SAML | user.surname |
givenname | SAML | user.givenname |
name | SAML | user.displayname |
IMPORTANT: The "Namespace" field must be blank to complete the integration successfully
Key Considerations Before Configuring SSO
User Provisioning
When a new user logs in via SSO for the first time, Hireguide automatically creates a user account with the default ‘Interviewer’ permissions, unless the user was invited with a different role. Permissions can be updated later within Hireguide if needed.
Impact on Other Login Methods
- Email + Password: Email and password login will be disabled once SSO is active.
- Google One Tap: After enabling SSO, users will no longer be able to log in using Google’s One Tap feature.
Deactivating Users
Deactivating a user in your IdP does not immediately deactivate their Hireguide account. Users will only be prompted to log in again when their authentication token expires (which can take up to 30 days). To prevent continued access to your workspace after an employee leaves, we recommend deactivating their Hireguide account via Workspace Settings whenever they are deactivated in your IdP.
Key Takeaway
Enabling Single Sign-On (SSO) for your Hireguide account enhances security and simplifies the user login experience by centralizing authentication through your Identity Provider (IdP). This reduces administrative overhead and ensures a seamless login process for your team. By following the self-serve configuration steps, you can easily integrate with any SAML 2.0 or OIDC-compliant IdP, while maintaining control over user access and permissions. As a best practice, be sure to regularly manage user deactivation both within your IdP and Hireguide to ensure your data remains secure.