Implementing SAML 2.0 for Clinch Talent Users
Clinch Talent uses SAML 2.0 to implement Single Sign-On for its users. The benefits of single sign-on in Clinch include:
- Adding new team members can be done centrally.
- No more ‘password fatigue:’ team members don't need to worry about remembering yet another password.
- Team members who leave the company can be removed centrally (i.e. no longer the need to send emails to Clinch requesting removal of team members)
To activate Single Sign-On using SAML 2.0 for your users, please see below.
Open up the left menu and go to Settings > Company.
Then, click 'SAML 2.0 - Users' in the right menu.
The following fields will be available from the IT team responsible for your Identity Provider (iDP) system:
- Assertion Consumer Service URL
- iDP SSO Target URL
- iDP Certificate
- Suggested clock drift as Clinch Talent and iDP systems do not share the same NTP server.
The following fields should be set to the full domain name of your new website (i.e. careers.company.com), with no protocols:
- iDP Entity ID
- SP Entity ID
If you would like to direct SAML users to your iDP SAML app if they navigate directly to Clinch Talent, set the following field:
- iDP Launch URL
If you would like to direct SAML users to a specific website (usually an intranet page) if they manually log out of Clinch Talent during a SAML session, set the following field:
- iDP Sign Out URL
If you would like to enable auto-provisioning of SAML2 users (this is recommended), then click the "enable provisioning of users from iDP" option.
If you would like to sync user roles/permissions from iDP, then click the "enable syncing user roles/permissions from iDP" option.
The valid permission values are: