Your Questions about Single Sign-On (SSO) Answered
What is an SSO?
SSO stands for Single Sign-On, which is a process where users only need to use one set of login credentials to access multiple platforms, applications and networks. (Which platforms, applications and networks are included will depend on the organization that has set up the Single Sign-On account.)
An SSO provider uses an IdP to verify your identity when you log in, to ensure that you are who you say you are, and that you have authorization to access the place you are trying to log into.
What is SAML?
SAML stands for Security Assertion Markup Language. Essentially, when you log in via your SSO, this programming language tells external applications and services like the Criteria platform that you are who you say you are.
SAML 2.0 is the current version of SAML.
What is an IdP?
An IdP, or identity provider, is a system that stores and manages user identities. Your company might use an IdP to enable its employees to use one set of login credentials in order to access multiple platforms, applications and networks.
For you as a user, this means that you only need to remember one set of login information: your login details for the IdP.
What is a “Metadata file”? Where do I get this?
The Metadata file will be a URL or xml file that is generated when your IdP admin completes the steps required in your SSO account as part of the integration setup. Once the Metadata file has been generated, please send this to the Criteria Support team. We will then complete the setup process for your Criteria account.
What is SCIM?
SCIM stands for System for Cross-domain Identity Management. SCIM enables an IdP to synchronize updates to user profiles, so if you deactivate a user in your IdP, the user is also deactivated in the platforms, applications, and networks they have been approved for through the IdP.
Criteria does not support SCIM currently. If one of your users leaves your business, or simply no longer requires access to your Criteria account, you will need to remove their access in both locations. Click here for more information.
What do “soft-enable” and “hard-enable” mean?
When we first set up the integration between your Single Sign-On (SSO) provider and your Criteria account, we “soft-enable” it. This means that we have made the connection between the two systems so that you and the other Criteria users at your organization can test that it is working and that you are able to access your Criteria account through your SSO provider.
If there are any issues during this process, we can assist you and your IdP admin resolve them. During this time, your users will be able to log into your Criteria account via your SSO provider or via your Criteria username and password.
Once you have confirmed that it is all working correctly, we “hard-enable” the integration. From that point on, most users must log in using their SSO credentials; they will no longer be able to log in using their Criteria username and password. Admin users however, will still be able to log in using their Criteria username and password, in case there is a problem with the integration and you need to troubleshoot.
Do I need to set up my candidates in my SSO so they can access the invitation I sent them?
No, your candidates only need the URL for our candidate center and their Event ID. The Event ID is a unique 16-digit code that is specific to that candidate and the task you have invited them to complete (application form, testing, or video interview). The SSO integration only affects users logging in to your Criteria account (that is, where you manage your recruitment process).
I have an SSO integration and I have started using Talent Insights. Do all my employees need to be set up in my SSO to access Talent Insights?
Yes, all users who access your Criteria account, whether this is your recruitment platform or your Talent Insights platform, will need to be added to your SSO account. Click here to learn how to add new users.