Connect to Greenhouse Recruiting through Access

This guide covers how to configure Greenhouse Recruiting as a SAML application in Cloudflare Zero Trust.

Prerequisites

In Zero Trust, go to Access > Applications.
Select Add an application > SaaS.
For Application, enter Greenhouse and select the corresponding textbox that appears.
For the authentication protocol, select SAML.
Select Add application.
Copy the SAML Metadata endpoint.
Keep this window open without selecting Select configuration. You will finish this configuration in step 4. Finish adding a SaaS application to Cloudflare Zero Trust.

Paste the SAML Metadata endpoint from application configuration in Cloudflare Zero Trust in a web browser.
Follow your browser-specific steps to download the URL’s contents as an .xml file.

In Greenhouse Recruiting, go to the Configure icon > Dev Center > Single sign-on.
Copy the SSO Assertion Consumer URL.
Under Upload XML file, select Choose a file, and upload the .xml file created in step 2. Download the metadata file.
Change the Entity ID to greenhouse.io.
Keep this window open without selecting Begin testing. You will finish this configuration in step 5. Test the integration and finalize configuration.

In your open Zero Trust window, fill in the following fields:
- Entity ID: greenhouse.io
- Assertion Consumer Service URL: SSO Assertion Consumer URL from SSO configuration in Greenhouse Recruiting.
- Name ID format: Email
Select Save configuration.
Configure Access policies for the application.
Select Done.

In your open Greenhouse Recruiting window, select Begin Testing > Proceed.
Open an incognito browser window and go to your Greenhouse Recruiting URL. Choose the SSO login option. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider.
Once SSO sign in is successful, go to the Configure icon > Dev Center > Single sign-on.
Select Finalize Configuration.
In the text field, enter CONFIGURE.
Select Finalize. Now, users will only be able to sign in with SSO.