How does OneLogin integrate with BambooHR?
Purpose: To help you understand what you can use OneLogin for and how you can integrate it with BambooHR.
OneLogin gives users the ability to launch all their web apps from OneLogin's single sign-on (SSO) portal or from the company's intranet.
You can learn more about OneLogin in BambooHR Marketplace.
Please note that OneLogin extends to BambooHR's mobile app so users can log in to the app using single sign-on through OneLogin.
Please note you must be a Full Admin user to set up this integration.
Log in to OneLogin and click on the Apps tab to select Add Apps. Search for BambooHR, and then click on BambooHR. You will then immediately arrive at the BambooHR connector.
Confirm the display name and icon for the BambooHR app. Be sure to select the SAML2.0 connector. Click Save in the top right corner.
Once you have successfully added the BambooHR app, you need to specify other details before the integration is complete. Go to the Configuration tab and enter your BambooHR subdomain.*
*Your subdomain is the first part of your BambooHR URL. For example, if my BambooHR URL is: https://helpcontent.bamboohr.com, my subdomain would be helpcontent.
Next, select the Parameters tab to ensure the admin has configured the credentials with the mappings being as follows:
- E-Mail = Email
- First Name = First Name
- Last Name = Last Name
- Username = Email
Select the SSO tab and copy the following information for insertion into BambooHR:
X.509 Certificate (View Details)
SAML 2.0 Endpoint (HTTP)
In a separate window, log in to BambooHR. Navigate Settings and select Apps. Find OneLogin and click Install.
Enter the SAML information into BambooHR by pasting the SSO Login URL (SAML 2.0 Endpoint (HTTP)) and the X.509 Certificate information from OneLogin. You can now click on the BambooHR app icon within OneLogin to log in directly to BambooHR.
To grant all of your BambooHR employees access to log in to BambooHR through OneLogin, you need to create a mapping. To do this, click on the Users tab and select Mappings. Click New Mapping.
Follow these steps to create your mapping:
- Rename the mapping to BambooHR Mapping to easily recognize it in the future.
- Under Conditions, change the selections to MemberOf > contains > BambooHR.
- Under Actions, change the selections to Set role > BambooHR. (Note: BambooHR will automatically show as Default here if you have not created a role for BambooHR and no other apps are in OneLogin.)
Once you have set the above information, click Save.
On the Mappings page, click Reapply All Mappings to establish the new mapping.
Once this is complete, you and your BambooHR users can log in to BambooHR via single sign-on.
Please note that each employee will still receive the password setup email with employee access enabled in BambooHR, but they do not have to create a password for BambooHR because OneLogin manages that. Once a user activates the employee in BambooHR and their email address in BambooHR matches the email address in OneLogin, the employee can authenticate through OneLogin and click through to BambooHR from within that app.
Once logged into OneLogin, click on the BambooHR icon to go directly to BambooHR.
*IMPORTANT NOTE: If you log out of BambooHR while still logged into OneLogin, you are still effectively logged into BambooHR. If you were to go to your BambooHR login URL in a web browser, OneLogin would recognize you as still being logged in and allow immediate access. BE SURE TO FULLY LOG OUT OF ONELOGIN WHEN YOU ARE NO LONGER USING THE APPLICATION.