Rezonate
  • 🏠Home
  • 🚩Platform Tour
    • đŸ‡ģđŸ‡ŗPlatform Dashboard
    • 🆔Identity Analytics
      • đŸĒĒIdentity Centric
      • 🔡Identity By Platform
    • ⚠ī¸Risks & Threats
      • Highlighted ITDR Capabilities
  • ℹī¸How-to Guides
    • ➕Adding Integrations
    • đŸ¤ĻManage Users
    • 🧑‍đŸ’ŧCustomize Exposures
    • 👁ī¸â€đŸ—¨ī¸Querying & Filtering Data
  • 📐Core Integrations
    • Azure Integration
      • Required Privilegees
      • Update Certificate for Existing Installation
    • Okta Integration
      • Okta Integration -Remediation Supported
    • Google Workspace
      • 1-Click Integration
      • Legacy Integration
    • Google Cloud Integration
    • Zoom Integration
    • DocuSign Integration
    • GitHub Integration
      • GitHub Enterprise Expansion
    • AWS Integration
      • AWS - Required Privileges
      • Log Streaming Integration
    • Salesforce Integration
      • Salesforce - Collected Data & Query Volume
    • JAMF Pro Integration
    • CircleCI Integration
    • Auth0 Integration
    • Cloudflare Integration
    • CrowdStrike Integration
      • Integrating Permissions
    • Slack Integration
    • Workday Integration
    • BambooHR Integration
    • Snowflake Integration
    • LastPass Integration
    • SentinelOne integration
    • SAP Cloud Platform Integration
    • GitLab Integration
    • Oracle NetSuite Integration
    • Atlassian Cloud Integration
    • Zendesk Integration
    • HiBob Integration
    • Microsoft Defender Integration
    • Docusign Integration
    • Mongo Atlas Integration
    • Ping Identity One Integration
    • Generic HRIS Integration
  • 📍Notifications & Alerts
    • Slack Integration
    • HTTP Webhook Integration
      • Webhook Alert Example - Saved Search
      • Webhook Alert Example- ITDR
    • Microsoft Teams Integration
    • Torq Integration
    • Email Integration
    • Splunk Integration
    • Datadog Integration
    • PagerDuty Integration
    • Jira Integration
  • 🆘Troubleshooting & Support
    • Collectors IP Ranges
    • Data Processing
      • AWS
      • Azure Active Directory
      • Azure Cloud
      • Google Workspace
    • SSO Integrations
      • SSO Login - Okta
      • SSO Login - AzureAd
  • 📓Legal & Terms
Powered by GitBook
On this page
  • Integration Steps
  • Creating the Access Level (Role)
  • Creating a Service-Account User
  • The Data is being collected by Rezonate
  1. Core Integrations

BambooHR Integration

Bamboo's HR data plays a crucial role in managing identities and ensuring their security within your organization.

PreviousWorkday IntegrationNextSnowflake Integration

Last updated 8 months ago

With the BambooHR integration, Rezonate can correlate HRIS information to the identities of your identity providerin your Identity Provider, identifying security policy breaches (such as active access for terminated employees) and enriching identity-centric context.

In this Integration Rezonate has limited read-only access to a subset of the employee's attributes, without access to sensitive HR information such as salaries or contracts.

Integration Steps

Creating the Access Level (Role)

  1. Sign in to your Bamboo Console, with a privileged user and click on the settings button.

  2. Select "Access Levels" in the menu.

  3. Select "Create a Custom Access Level"

  4. In the Access Level Name - write "Integration Access", you can leave the description empty.

  5. In the next step (What this Access Level can do), keep it empty and click Next.

  6. Under the "What this Access Level Can See" select the following: Personal

    1. Basic Info - View Only

    2. Address - View Only

    3. Contact - View Only

    4. Social Links - View Only

    5. Education - View Only

    Job:

    1. Hire Date - View Only

    2. Original Hire Date - View Only

    3. Employment Status - View Only

    4. Job Information - View Only

Its highly recommended to exclude SSN from the list of fields, and can be easily done by expanding the Basic Info, clicking on SSN, and changing to "No Access"

Creating a Service-Account User

After we have defined the limited Role, we will need to create a user to be used as a service account. To do that, click on the recently-created access level, and click on the settings button. Select "Add a Non-Employee BambooHR User.

If necessary, you can create an email alias for the integration, as you will need to confirm the selected email. in the username, info write the following: First Name: Rezonate, Last Name: Integration.

Now, Browse into Rezonate and go to the integration section, under the settings. Click "Add Integration" and select BambooHR.

Field
Value

API Key

Place your recently created-api key

Company Domain

The Data is being collected by Rezonate

As mentioned, Rezonate has limited access to Employee reports, without sensitive salary information or contracts. below is the list of the actual fields in the report that is collected

export const customFormat = {
	title: 'Rezonate Report',
	fields: [
		'id',
		'acaStatus',
		'acaStatusCategory',
		'address1',
		'address2',
		'age',
		'bestEmail',
		'birthday',
		'city',
		'country',
		'createdByUserId',
		'dateOfBirth',
		'department',
		'division',
		'employeeNumber',
		'employmentHistoryStatus',
		'firstName',
		'fullName1',
		'fullName2',
		'fullName3',
		'fullName4',
		'fullName5',
		'displayName',
		'gender',
		'hireDate',
		'originalHireDate',
		'homeEmail',
		'homePhone',
		'flsaCode',
		'jobTitle',
		'lastChanged',
		'lastName',
		'location',
		'maritalStatus',
		'middleName',
		'mobilePhone',
		'preferredName',
		'state',
		'stateCode',
		'status',
		'supervisor',
		'supervisorId',
		'supervisorEId',
		'supervisorEmail',
		'terminationDate',
		'workEmail',
		'workPhone',
		'workPhonePlusExtension',
		'workPhoneExtension',
		'zipcode',
	],
};

After setting the access level, click on the Save & Finish button at the bottom of the screen ____

After creating the user, you'll have to confirm the email and set a password.

After setting a password, sign in to the Integration user account and select the profile button. Then Click on API Keys.

Generate an API Key and copy it.

The company domain used to access your account (If you access BambooHR at , then the company domain is “mycompany”)

Thats It! you have finished the process.

📐
đŸĒƒ
https://mycompany.bamboohr.com