Interview SSO Info

The Interview platform supports Single Sign On (SSO) for our business and enterprise plan customers. Any admin on your Interview account can configure Single Sign On (SSO) using your organization’s SAML settings.

SSO Setup Quick Reference

To quickly get started with SSO:

1. As an admin, visit Interview Single Sign-On Settings
2. Download our Service Provider Metadata, linked in the Step 1 header
3. Use Service Provider Metadata to generate IdP metadata
4. Import IdP Metadata SAML XML
5. Set custom login subdomain
6. Set enforcement of SSO (optional)

SSO Step-by-Step Setup

To get to the SSO settings page, start going to your Team Settings. You can do this by selecting the dropdown with your name in the top right corner of the Interview dashboard:

❗If you don’t see team settings in your dropdown menu, you do not have permissions to update your organization’s Interview settings. Please contact your account admin.

As an admin, you’ll be able to see all of your team’s settings. At the bottom of your team settings page, you’ll find a section called “Single Sign-On (SSO)”

Click on Configure SSO to open the single sign-on options page.

To fully configure SSO for your organization, there are three steps:

1. Setup provider metadata
2. SSO login subdomain
3. Mandatory SSO enforcement

ℹ️ What happens to existing users if you switch over to SSO

As long as the user’s email address being added to SSO is the same email their original account is associated with, they will seamlessly log in via SSO.

If at any point they are using a different email to login via SSO, a new account will be just-in-time (JIT) auto-provisioned.

Provider Metadata Setup

First, in order to generate IdP metadata, you need our Service Provider Metadata – we provide it as an XML link in the first paragraph. You can either choose to click the link – which will open the metadata.xml file or right click and select Save link as… to save the XML file to your local storage.

Then, import this file into your SSO provider where they ask for Service Provider metadata. This will generate an IdP metadata file.

Next you’ll need to import this data into Interview. You can either choose to manually input data or automatically import.

Automatic import:

Upload your SAML XML metadata file using the upload button OR copy and paste the XML file’s entire contents into the form.

Manual entry:

Simply input the values for:

• Issuer Entity ID
• Certificate SHA-1 Fingerprint
• Single Sign-On Target URL
• Single Logout Target URL (optional)

✅ We strongly encourage you to utilize our automatic import functionality. These values are long strings that can be easy to confuse and make significant mistakes which may impact login functionality.

SSO Login Subdomain

Now that you’ve configured your IdP information, you’re able to customize your SSO login subdomain. This will give you a dedicated sign in page specifically for your organization.

You should direct your users to use this subdomain for login; they’ll be greeted with a welcoming login screen specifically for SSO users to reduce confusion.

However, if one of your users accidentally attempts to login through other CoderPad pages – such as our homepage login button – we’ll redirect them to the correct location upon email input.

Mandatory SSO Enforcement

While we allow organizations to have both SSO and more traditional email/password user accounts, we recommend you enforce SSO login. The benefits of doing this are:

• Simplification of organization-wide authentication
• Reduced/simplified IT support requests
• Ability to add security precautions (such as 2FA)

To make SSO mandatory, simply select the “Enforce SSO” checkbox in the step 3 section.

We strongly encourage you to save this form, and test login with both new and existing user accounts before making SSO mandatory, or you may lock yourself out of your account.

Once you’re done updating your SSO settings, make sure to hit Save to persist your changes.

Technical Information

When enabling SSO, we expect fields for email and name. If you have multiple fields for names (such as first name and last name), you should pass through first name only, or should compress them into a single name field.

Interview SSO uses SAML 2.0 for authentication, and we support integration with standard 3rd party SAML providers.

Likewise, while some services provide a certificate as SHA-256 fingerprints, you will need to convert them to a SHA-1 formatting fingerprint if you’re manually inputting IdP metadata into Interview.

To do this, copy the Certificate for conversion on a service (such as https://www.samltool.com/fingerprint.php) then copy the SHA-1 formatted fingerprint for entry within Interview.

Note that we will JIT auto-provision new user accounts when they first go through the SSO flow at yourdomain.coderpad.io.

Finally, we do not support automatic user de-provisioning. That said, after a user is deactivated internally in your SSO solution, any Interview account admin can deactivate their Interview account on the Organization Members page.

External Services Documentation

• GSuite is supported and easily configured
• Azure SAML support documentation
• OneLogin has a connector built specifically for CoderPad Interview for easy integration
• MS Active Directory is not specifically supported by us but may be able to be configured
• Okta currently has two integrations listed for Interview. Please use the CoderPad Interview SAML integration in OIN. We’re working with Okta to cleanup the integrations listings

If you have any questions about getting access to or setting up SSO we are happy to help you out. Contact us and we’ll help get things sorted.