How does Okta Integrate with BambooHR?
Purpose: To help you understand what Okta is used for and how you can integrate it with BambooHR.
Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.
You can learn more about Okta in BambooHR's Marketplace.
Please note that Okta does extend to BambooHR's mobile app so users will be able to login to the app using single sign on through Okta.
Before you get started, you will need to create an API key in BambooHR. You will use this API key later during set up.
Login to Okta and go to the "Applications" tab. Then select "Add Application."
Search for "BambooHR" and click "Add."
Under "General Settings," fill in the "Subdomain" for your company. The Subdomain is the first part of your BambooHR URL. So, if my login URL is "https://mycompany.bamboohr.com", then my subdomain would simply be "mycompany."
Once you fill in your Subdomain, click "Next."
Under "Sign-On Options", be sure to check "SAML 2.0" and then follow the Setup Instructions available.
Once SAML 2.0 is setup, be sure to set the "Application username format" to "Email." Then click "Next."
Under the "Provisioning" tab, select "Enable provisioning features" then follow these steps:
- API Key: Paste the API key information you retrieve before beginning setup.
- Pre-start interval: Enter the interval in days, so that users with a hire date ahead of the current date and within this interval can be imported into Okta. For example, if you enter 7, the users with a hire date later than one week ahead of the current date will not be imported.
- Parameter to Use for Groups: Select between Departments, Divisions, and Locations.
Next, you will determine what Provisioning Features you'd like to use:
User Import: Import users from BambooHR to create new Okta users. First, determine the schedule for importing users from BambooHR into Okta. In the example above, I have selected "never" so I can import my users manually. Second, determine what username you would like users to use when logging into Okta.
Profile Master: Enabling Profile Master will make BambooHR the system of record. This way you can only edit Okta information with details from BambooHR.
Update User Attributes: If you would like to have updates in Okta overwrite information in BambooHR, then you will want to enable this feature. We always recommend keeping BambooHR as the system of record.
On the "Assign to People" tab, you have the option to assign the app to employees who are already in Okta. This step is optional and can be done at a later date, if desired.
Once people have been assigned, click "Next" and the set up will be complete.
Once logged into Okta, click the icon of the app that you want to log into. In this case, I would click on the BambooHR app icon. You will then be signed directly into BambooHR.
If you "log out" of BambooHR, but you are still logged into Okta, then you are still effectively logged into BambooHR. If you were to go to your BambooHR login URL in a web browser, Okta would recognize you as still being logged in and allow immediate access. BE SURE TO FULLY LOG OUT OF OKTA WHEN YOU ARE NO LONGER USING THE APPLICATION.
BambooHR supports User's Schema Discovery in Okta, so you can add extra attributes to a User's Profile. To do that, follow the instructions below:
- From the Admin dashboard in Okta, go to "Directory," then select "Profile Editor."
- Next to BambooHR, click "Profile."
Check the list of attributes, and if you decide you need more, click "Add Attribute." A list of extended attributes will appear (see below).
Select the Attributes you'd like to add, then click "Save."
You can now import and push these user attribute values to/from BambooHR.