Skip to main content

BambooHR integration

This guide explains how to integrate BambooHR with SecureAuth CIAM using SAML for single sign-on (SSO) and multi-factor authentication (MFA). The integration streamlines user authentication, enabling BambooHR users to securely access the platform through SecureAuth CIAM as an Identity Provider (IdP).

SecureAuth CIAM configuration

Setting up SecureAuth CIAM as the Identity Provider (IdP) establishes it as the central authority for authenticating BambooHR users. This configuration ensures that user credentials and authentication flows are managed through SecureAuth CIAM, enhancing security and user management.

  1. Log in to your SecureAuth CIAM tenant with an admin account.

  2. In your workspace or organization, select Applications > Clients > Create client.

    ciam_citrix_storefront_001.png

  3. Provde a name for your application, select SAML Service Provider, and click Create.

    ciam_bamboohr_002.png

  4. In the SAML Provider ID section, do the following:

    • Copy the SAML SSO URL. Make a note of the URL.

    • Access the SAML Metadata URL, copy the X509 Certificate value, save it in a text file.

    ciam_bamboohr_003.png

  5. Select the SAML tab, click Upload, and provide your BambooHR tenant metadata in the URL format and click Upload.

    For example: https://<tenant>.bamboohr.com/saml/sp_metadata.php

    ciam_bamboohr_004.png

  6. Go to OAuth > Tokens > Subject Identifier. In the SAML section, set the Subject Name ID to mail.

    ciam_citrix_storefront_005.png

  7. Save your changes.

BambooHR configuration for SSO

To configure SAML-based SSO for BambooHR, follow these steps to complete the integration with SecureAuth CIAM.

  1. Log in to your BambooHR tenant with an admin account.

    bamboo_login.png

  2. Go to Settings and click Apps.

    bamboo_settings.png

  3. Select SAML and click Install.

    bamboo_add_saml.png

  4. In the SAML Single Sign-On Settings section, set the following:

    SSO Login

    Enter the login URL that you copied in SecureAuth CIAM configuration.

    x.509 Certificate

    Enter the x.509 Certificate that you copied in SecureAuth CIAM configuration.

    ciam_bamboohr_005.png

  5. Click Install.

Test your integration

Make sure the accounts in your BambooHR tenant have either a work or home email address.

  1. Go go your BambooHR URL.

  2. Ensure the page redirects to the SecureAuth CIAM authentication page.

  3. Complete authentication.

    Result: You should land on the BambooHR dashboard.

In this section: