A custom API integration can be used to import and update attributes that are not currently available to sync using the JumpCloud app in BambooHR, e.g., manager, alternate email, and employee type, to create more complete user profiles and use those attributes for access and permission control and automation.
The current BambooHR integration is configured in BambooHR using the JumpCloud app. It is a one-way sync. The employee data is sent from BambooHR to JumpCloud in real-time or on a configured schedule.
This integration is configured in JumpCloud and should be considered as a complement to an existing BambooHR SCIM integration, not a replacement.
Prerequisites
- A JumpCloud administrator account
- JumpCloud SSO Package or higher or SSO à la carte option
- A BambooHR user account with full administrator permissions
- Your BambooHR company subdomain name
- An existing BambooHR integration
- If you are using both SSO and SCIM, you can use the existing BambooHR connector
- If you are only using SCIM, you must create a new JumpCloud application connector
Considerations
This option should not be used if the custom report returns more than 1200 rows.
- The /report endpoint generates a custom report and can manage the user lifecycle.
- Configuring JumpCloud SSO for BambooHR is recommended, but not required.
Configuring the BambooHR API Authentication
Per the Authentication section of the BambooHR Getting Started with the API, "the API key is sent over HTTP Basic Authentication. Use the secret key as the username and any random string for the password".
To generate the BambooHR API token
- Sign in to your BambooHR instance with administrator permissions.
- On the Home page, navigate to Account > API Keys > Add New Key.
- Enter a name for the API key in the API Key Name field and click Generate Key.
- Click COPY KEY to copy the key to your clipboard.
- Click Done.
Copy the API Key to a secure location, like the JumpCloud Password Manager, for future reference.
To encode the BambooHR credentials
- Access the API Key.
- Use a tool or commands to base64 encode the credentials:
- Command in a mac terminal:
base64 <<< 1208934bba29wa123492879873:x - <BambooHR API key>:<random string with 1 or more characters>
- Example: 1208934bba29wa123492879873:x
- Command in a mac terminal:
- Securely store the encoded credentials, like in the JumpCloud Password Manager.
Configuring Custom Settings for /report endpoint
If you want to manage the lifecycle and avoid creating inactive users, use this option, use the /report endpoint, specifically the GET /report/<id> request.
You cannot use this option if more than 1200 rows return in the report as it will timeout. Use the /directory endpoint.
To configure BambooHR
A custom report with the attributes you want for the integration, including status, will need to be created in BambooHR. The id for the report is found in the URL shown when viewing the report in BambooHR.
- Log in to BambooHR.
- Click the Reports tab from the top navigation bar.
- Click +New Report and give the report a name
- Add the attributes you want to sync to JumpCloud.
- Be sure to include status
- If you want to import manager, be sure to include supervisor email
- Complete the rest of the form and click Save.
- Note the id from the URL once the report loads.
To configure JumpCloud
To learn more about the JumpCloud Custom API integration connector, see Import Users with a Custom API Integration.
- From the Identity Management tab of your BambooHR application connector, select or enter the following under Service Provider Configuration:
- API Type - Custom API
- Authentication method - API key
- Base URL - https://api.bamboohr.com/api/gateway.php/<your BambooHR company subdomain>/v1/reports
- Header name - Authorization
- Header value - Basic <base64 encoded “API key:random-string”>
- In the Endpoint Configuration section, select or enter the following:
- Resource location - employees
- Endpoint path - /<report id from section above>
- Response Parameter Location - Body
- Response Body JSON Path - na
- Limit name - leave blank
- Offset name - leave blank
- Click Test Connection.
- In the User Schema Attribute Mapping section, enter the following:
- Unique ID - id
- User Status - status
- Inactive Status Values - Inactive
- You must include the status value in your report if you want to manage the lifecycle and avoid creating inactive users
- The Inactive Status Values field is case sensitive, ensure that Inactive is capitalized
- Complete all required and desired optional mappings.
If you only want this integration for populating manager, the only optional mapping that will need to be included is the one for manager email. All others can be deleted.
If your company always populates the preferred name field in BambooHR, you can map that to First Name in JumpCloud. If it doesn’t, then mapping firstname will ensure that value is always populated in JumpCloud. However, mapping to firstname may result in users not having the first name they want.
- Scroll back up to the top of the attributes and click Preview.
Do not click Save before clicking Activate. You will lose all of your configuration settings.
- If the attributes are mapping correctly, click Activate.
- If successful, you will receive a message saying the Identity Management has been successfully verified.
- Perform your initial manual import.
- If the initial import is correct, enable a scheduled sync.