Azure AD SSO Setup

Updated by Amy Thomas

Parameters Needed 

Criteria Provided Parameters 

  1. Entity ID (Audience URI)    
    1. urn:amazon:cognito:sp:us-east-1_tkdHRnjPD 
  2. Assertion Consumer Service URL 
  3. First-Time Sign-On URL/BookMark: 
    1. Once Soft-Enabled, Criteria CSM to provide customer with following link to include their unique company account ID. Customer must login via this link and not through their service provider):  
  4. Our Required SAML Attributes 
    1. First Name 
    2. Last Name 
    3. Email Address 
  5. Optional SAML Attribute 
    1. Job Title 
    2. Idp Immutable Global Unique Identifier (Varies by Idp)  

What we need from you

  1. Federation Metadata Document endpoint URL (Can also be an XML Document but URL preferred) 


Step-By-Step Guide

Create an Azure SAML Application 
  1. Visit the Azure Active Directory Page on your Azure Portal 


  1. In Active Directory Menu Blade click on Enterprise Applications 
  2. Select New Application at the top left 
  1. Select Non-gallery application and type in HireSelect as the application name 
  1. Edit the SSO Configuration 
  2. On the App Overview screen select Set up single sign on
  1. Select SAML 
  1. Click to Edit the Basic SAML Configuration 
  1. For the Identifier (Entity ID) field enter  urn:amazon:cognito:sp:us-east-1_tkdHRnjPD 
  2. For the Reply URL (Assertion Consumer Service URL) field enter 
  3. For the Sign on URL enter<companyAccountId
  4. Click Save 
  1. Click to Edit the User Attributes & Claims 

  1. Change the name identifier format to Persistent and the Source Attribute to user.objectid 
  2. Click Save 
  3. Edit the claim value to user.userprincipalname 


  1. Add another claim with the name And set the value to user.objectid 

Download the SAML Metadata URL 
  1. On the Single Sign-On Screen copy the App Federation Metadata URL and send this to our Support Team.

Next Steps

Our team will update your Criteria account and advise once we are ready to begin testing the integration. For next steps, please continue to our SSO How-to Guide.

PLEASE NOTE: The terminology for the attributes for your company may not be an identical match to the attribute names in the SSO setup page. In that case, you can input the most closely related attribute on your end. For example, If the attribute on the SSO setup page lists “givenname” you can input the user’s first name.  

How did we do?