How does OneLogin Integrate with BambooHR?
Purpose: To help you understand what OneLogin is used for and how you can integrate it with BambooHR.
OneLogin gives users the ability to launch all their web apps from OneLogin's single sign-on (SSO) portal or from the company's intranet.
You can learn more about OneLogin in BambooHR's Marketplace.
Please note that OneLogin does extend to BambooHR's mobile app so users will be able to login to the app using single sign on through OneLogin.
Login to OneLogin and navigate to "Apps" and select "Add Apps." Search for BambooHR and then click on "BambooHR." You will then be immediately taken into the BambooHR connector.
Confirm the display name and icon for the BambooHR app. Then be sure to select the "SAML2.0" connector. Then click "Save" in the top right corner.
Once you have successfully added the BambooHR app, you will need to specify other details before the integration is complete. Go to the "Configuration" tab and enter your BambooHR subdomain.*
*Your subdomain is simply the first part of your BambooHR URL. For example, if my BambooHR URL is: https://helpcontent.bamboohr.com then my subdomain would be "helpcontent."
Next, select the "Parameters" tab and ensure that the credentials are configured by admin and that the mappings are as follows:
- E-Mail = Email
- First Name = First Name
- Last Name = Last Name
- Username = Email
Navigate to the "SSO" tab and copy the following information for insertion into BambooHR:
X.509 Certificate (View Details)
SAML 2.0 Endpoint (HTTP)
In a separate window, login to BambooHR. Navigate to the Apps Marketplace and click on "OneLogin" under Single Sign-On. Then click "Install."
Enter the SAML information into BambooHR by pasting the SSO Login URL (SAML 2.0 Endpoint (HTTP)) and the x.509 Certificate information from OneLogin. You will now be able to click on the BambooHR App icon within OneLogin to log directly into BambooHR.
In order to grant all of your BambooHR employees access to login to BambooHR through OneLogin, you will need to create a mapping. To do this, navigate to "Users" and select "Mappings." Then click "New Mapping."
Follow these steps to create your mapping:
- Rename the mapping to "BambooHR Mapping" to easily recognize it in the future.
- Under "Conditions", change the selections to "MemberOf" > "contains" > "BambooHR."
- Under "Actions", change the selections to "Set role" > "BambooHR." (Note: BambooHR will automatically show as "Default" here if you haven't created a role for BambooHR and you have no other apps in OneLogin)
Once the above information is set, click "Save."
Once on the Mappings page again, click "Reapply All Mappings" in order to establish the new mapping.
Once this is complete, you and your BambooHR users will be able to login to BambooHR via Single Sign-On.
Please note that each employee will still receive the "password setup" email when Employee Access is turned on in BambooHR, but they don't actually have to create a password for BambooHR because that is managed through OneLogin. Once the employee is activated in BambooHR, then as long as the email address they have in BambooHR matches the email address in OneLogin, the employee can authenticate through OneLogin and click through into BambooHR from within that app.
Once logged into OneLogin, click on the BambooHR icon to be taken directly into BambooHR.
*IMPORTANT NOTE: If you "log out" of BambooHR, but you are still logged into OneLogin, then you are still effectively logged into BambooHR. If you were to go to your BambooHR login URL in a web browser, OneLogin would recognize you as still being logged in and allow immediate access. PLEASE BE SURE TO FULLY LOG OUT OF ONELOGIN WHEN YOU ARE NO LONGER USING THE APPLICATION.