Jobvite allows your users to log in via Single Sign On (SSO) using their Identity Provider (IdP) of choice. The following article answers frequently asked questions and provides additional information regarding enabling SSO in your Jobvite instance.
Audience
All users
FAQs
Q. Which SSO providers are compatible with Jobvite?
A. Jobvite supports any SAML2.0-compliant IdP (Okta, Onelogin, Google, and Azure) and other IdPs (ADFS and PingIdentity).
Q. What will the login process look like?
A. When Single Sign On is enabled, company users can log in with either their Jobvite username/password or their company credentials via Sign in with SSO.
Q. What information do I need to get started?
A. To get started, submit a Help Center ticket. Please ensure you looped in an IT team member or the Single Sign-On system administrator who has the access and knowledge to configure Single Sign-On within your company.
Additional Information
- Jobvite has customized instructions that can be requested for integrating with:
- ADFS
- Azure
- Okta
- Other IdPs: Your Jobvite resource/support will provide you with your company-specific Jobvite SP metadata to configure a Jobvite Application in your IdP. The metadata will contain the Destination/Assertion Consumer Service URL, entity ID, and our certificate.
- In your IdP configurations, Jobvite requires the assertion to be signed and the Email Address to be passed as NameID. We recommend configuring the following attributes:
- FirstName (user’s first name)
- LastName (user’s last name)
- Once you have configured your IdP, provide your Jobvite resource with your IdP metadata so they can finalize the configuration, and you can begin testing.
- Jobvite does not auto-provision users. To log in through SSO, users must already have an employee user profile in Jobvite.
- Companies can choose to configure Single Sign-On as the only access method for Jobvite.
- If forced SSO is not enabled, users must receive an invite to join and set a password before they can log in with SSO.
- If you have forced SSO enabled, invitations are not required but are highly recommended. If invitations are sent, users will not be asked to create a password and will be authenticated directly into Jobivte.
- Please ensure that the email address attribute mapped to NameID in your IdP matches the email addresses configured in Jobvite for user profiles.
- When a UPN or truncated email address is used, it is still essential to ensure the full email address associated with the Jobvite user profile is mapped to the NameID.
- Deactivating a user in your IdP does not deactivate their Jobvite user account.
- Jobvite does not use relay states.
- Please submit a Help Center ticket to obtain more information on setting up SSO with Jobvite, including instructions for specific providers.
Troubleshooting
Issue: Upon Login, the user will see an error message 'Unable to authenticate using SAML response. Account SSO settings missing mappings OR account not set up to allow creating users.'
Solution: The error message typically indicates that either the user's email has not been provisioned in the SSO for login or that the email address does not match between Jobvite ATS and the SSO. Work with your IT team to ensure the user has been provisioned with the correct email address.