SAML-based Single sign-on (SSO) gives members access to Tellent through an identity provider (IdP) of your choice.
Tellent integrates with SSO providers that support SAML2 (Security Assertion Markup Language). We support integrating with the following SSO providers:
Okta,
Microsoft Entra ID,
Google Apps,
Auth0.
📌 Integrating with other SSO providers supporting SAML2 is possible but has to be configured on the customer’s end entirely. Customers have been successful in setting up SSO with Duo SSO, Shibboleth, OneLogin, Keycloak, and JumpCloud.
Check the following SSO provider-specific documentation with your IT team on how to set up an application for Tellent in your SSO provider.
What does integrating SSO mean for your company?
Setting up SSO for your Tellent account results in the following changes:
Team members will need to be invited and sign in to Tellent via your SSO provider. Users can also use the company-specific sign-in link to sign in. Make sure to share the company-specific link with your team members. Learn more about the sign-in process under Managing users.
Former login credentials and a password reset will no longer work in Tellent. Resetting passwords will need to be done via the SSO provider.
SSO login will only give you access to the company account that has SSO enabled.
If you work in multiple company accounts with and without SSO enabled and are logged in with SSO, switching between company accounts that don't have SSO enabled is not possible. The same for the other way around; while using your login credentials it is not possible to switch to company accounts that have SSO enabled.
How to integrate SSO in your Tellent account
Go to Company > SSO and write down your ACS URL and Entity ID. You can click on the Entity value to open dropdown and edit the Entity ID if needed.
In your SSO provider add an application for Tellent and generate a metadata XML file. Your provider will ask you for the ACS URL and might ask you for the Entity ID.
"Continue to next step" and upload your metadata XML file.
"Continue to next step" and choose apps and the role new users signed up with SSO will have access to.
💡 If you select a role that has restricted access to Recruitee jobs/talent pools, like Reviewer, you will have to assign jobs/talent pools to new users manually within Recruitee.
Click "Start testing SSO", paste the code that's been sent to your email, and click "Continue".
SSO is now configured in your organization in test mode - your team members can sign in with both SSO, and email and password.
Open the Sign-in URL and sign in using SSO, to ensure the configuration is correct. Once you determine the SSO is working correctly, click "Enable for everyone" to force everybody in your team to only sign in using SSO.
Managing users
When you have SSO enabled in your account, you give and revoke access to team members in Tellent via your SSO provider. If a coworker has access to the Tellent application in your SSO provider, they'll be able to join your account.
You can also still add users via Tellent, however, make sure to grant them access to the Tellent application in your SSO provider as well.
⚠️ If you invite a person to Tellent that hasn't been granted access to the Tellent application in the SSO identity provider, this person will not be able to join your Tellent account.
Access
When you add a new user to your SSO provider for Tellent, they will have the default access and roles that you selected while configuring SSO.
Based on these roles, the new team member will have access to your Tellent applications. You can change their roles in Tellent Admin Center, or the Recruitee jobs/talent pools they have access to, under Settings > Company > Team members.
Signing in
Once added to the account, users have two different options to log in to Tellent.
Option 1:
1. Go to https://auth.tellent.com and select SSO.
2. Fill in your email address.
📌 This is the email address you sign into your SSO provider with.
3. If you are already logged in to your SSO provider, you will be redirected to Tellent instantly.
If you aren't logged in to your SSO provider yet, you will first be directed to do so. If the login is successful you will be redirected to Tellent.
Option 2:
If you have your company’s direct Sign-in URL you can skip steps 1 and 2 above and sign in to your SSO provider directly.
A Sign-in URL looks like this: auth.tellent.com/sso/sign-in/[companyname]
Removing users
If you want to remove a user from Tellent, you need to revoke their access rights in your SSO provider and delete them from Tellent.
If you don't revoke access to Tellent in your SSO provider, then the user may still be able to rejoin the account and access jobs.