How does Okta integrate with BambooHR?
Purpose: To help you understand what you can use Okta for and how you can integrate it with BambooHR.
Our IT products uniquely use identity information to grant people access to applications on any device at any time while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.
You can learn more about Okta in BambooHR Marketplace.
Please note that Okta extends to BambooHR's mobile app so users can log in to the app when using a single sign-on through Okta.
Please note you must be an admin user to set up this integration.
Before getting started, you will need to create an API key in BambooHR. You will use this API key later during the setup.
Log in to Okta and go to the Applications tab. Select Add Application.
Search for BambooHR and click Add.
Under General Settings, fill in the subdomain for your company. The subdomain is the first part of your BambooHR URL, so if my login URL is https://mycompany.bamboohr.com, my subdomain would be mycompany.
After you have filled in your subdomain, click Next.
Under Sign-On Options, be sure to check SAML 2.0 and then follow the setup instructions available.
After setting up SAML 2.0, be sure to set the Application username format to Email. Click Next.
Under the Provisioning tab, select Enable provisioning features and follow these steps:
- API Key: Paste the API key information you have retrieved before starting the setup.
- Pre-Start Interval: Enter the interval in days so that users with a hire date ahead of the current date and within this interval can import into Okta. For example, if you enter 7, the users with a hire date later than one week ahead of the current date will not import.
- Parameter to Use For Groups: Select Departments, Divisions, or Locations.
Next, determine what Provisioning Features you would like to use:
User Import: Import users from BambooHR to create new Okta users. First, determine the schedule for importing users from BambooHR into Okta. In the example above, I have selected never so I can import my users manually. Second, determine what username you would like users to use when logging in to Okta.
Profile Master: Enabling Profile Master will make BambooHR the system of record. In this way, you can only edit Okta information with details from BambooHR.
Update User Attributes: If you would like updates in Okta to overwrite information in BambooHR, enable this feature. We always recommend keeping BambooHR as the system of record.
On the Assign to People tab, you have the option to assign the app to employees who are already in Okta. This step is optional, and you can complete this at a later date if desired.
Once you have assigned people, click Next, and the setup will be complete.
Once logged into Okta, click on the BambooHR app icon, and you will immediately sign in to BambooHR.
If you log out of BambooHR while still logged into Okta, you are still effectively logged into BambooHR. If you were to go to your BambooHR login URL in a web browser, Okta would recognize you as still being logged in and allow immediate access. BE SURE TO FULLY LOG OUT OF OKTA WHEN YOU ARE NO LONGER USING THE APPLICATION.
BambooHR supports Schema Discovery in Okta for you to add extra attributes to a user's profile. To do that, follow the instructions below:
- From the admin dashboard in Okta, go to Directory, then select Profile Editor.
- Next to BambooHR, click Profile.
Check the list of attributes, and if you decide you need more, click Add Attribute. A list of extended attributes will appear (see below).
Select the attributes you would like to add, then click Save.
You can now import and push these user attribute values to or from BambooHR.