# BambooHR Integration

With the BambooHR integration, Rezonate can correlate HRIS information to the identities of your identity providerin your Identity Provider, identifying security policy breaches (such as active access for terminated employees) and enriching identity-centric context.

{% hint style="info" %}
In this Integration Rezonate has limited read-only access to a subset of the employee's attributes, without access to sensitive HR information such as salaries or contracts.
{% endhint %}

## Integration Steps

### Creating the Access Level (Role)

1. Sign in to your Bamboo Console, with a privileged user and click on the settings button.<br>

   <figure><img src="/files/WfcUh01TfqqUhArzIHF0" alt="" width="188"><figcaption></figcaption></figure>
2. Select "Access Levels" in the menu.<br>

   <figure><img src="/files/LVeHhMNEHdckb5Bfr7IU" alt="" width="258"><figcaption></figcaption></figure>
3. Select "Create a **Custom** Access Level"<br>

   <figure><img src="/files/R1wBPDM6loCJcgIzoYBx" alt="" width="375"><figcaption></figcaption></figure>
4. In the Access Level Name - write "Integration Access", you can leave the description empty.\ <br>

   <figure><img src="/files/i92cjCMoZ76U6oc5Wxyt" alt=""><figcaption></figcaption></figure>
5. &#x20;In the next step (What this Access Level can do), keep it **empty** and click **Next**.<br>

   <figure><img src="/files/lz3W73Z5NYNnDRqf7reM" alt=""><figcaption></figcaption></figure>
6. Under the "What this Access Level Can See" select the following:\
   **Personal**

   1. Basic Info - View Only
   2. Address - View Only
   3. Contact - View Only
   4. Social Links - View Only
   5. Education - View Only

   **Job:**

   1. Hire Date - View Only
   2. Original Hire Date - View Only
   3. Employment Status - View Only
   4. Job Information - View Only

<figure><img src="/files/7W2kRHiikjIr0dgb59IJ" alt=""><figcaption></figcaption></figure>

Its highly recommended to exclude SSN from the list of fields, and can be easily done by expanding the Basic Info, clicking on SSN, and changing to "No Access"

<figure><img src="/files/WjuoPcFDcqOCFtHDWqBt" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/NVwaMcESjjzTueWR1J36" alt=""><figcaption></figcaption></figure>

After setting the access level, click on the **Save & Finish** button at the bottom of the screen\
![](/files/OuCigM0KbsF1tfnSktqw)\
\_\_\_\_

### Creating a Service-Account User

After we have defined the limited Role, we will need to create a user to be used as a service account.\
To do that, click on the recently-created access level, and click on the settings button.\
**Select "Add a Non-Employee BambooHR User.**

<figure><img src="/files/RXdEr9V23xcoftPGXsle" alt=""><figcaption></figcaption></figure>

If necessary, you can create an **email alias** for the integration, as you will need to confirm the selected email. in the username, info write the following: First Name: **Rezonate**, Last Name: **Integration**. <br>

<figure><img src="/files/wZ7wvqkvbHF7raUUCKs2" alt=""><figcaption></figcaption></figure>

After creating the user, you'll have to confirm the email and set a password.\
![](/files/lnpb7E0qftXl8HOhcbr8)

After setting a password, sign in to the Integration user account and select the profile button. \
Then Click on **API Keys.**\
![](/files/gcRsa8nIMAPAPOW8S2xd)

Generate an API Key and copy it. \
![](/files/U3FHbQY6FZfB1T40v9uk)<br>

Now, Browse into Rezonate and go to the integration section, under the settings.\
Click "Add Integration" and select BambooHR.&#x20;

<table><thead><tr><th width="282">Field</th><th>Value</th><th data-hidden></th></tr></thead><tbody><tr><td>API Key</td><td>Place your recently created-api key</td><td></td></tr><tr><td>Company Domain</td><td>The company domain used to access your account (If you access BambooHR at <a href="https://mycompany.bamboohr.com/"><code>https://mycompany.bamboohr.com</code></a>, then the company domain is “<strong>mycompany</strong>”)</td><td></td></tr></tbody></table>

\
![](/files/IUCftRBiA1d7TQMBS4Ht)

Thats It! you have finished the process. :boomerang:<br>

### The Data is being collected by Rezonate

As mentioned, Rezonate has limited access to Employee reports, **without** sensitive salary information or contracts. below is the list of the actual fields in the report that is collected

```json
export const customFormat = {
	title: 'Rezonate Report',
	fields: [
		'id',
		'acaStatus',
		'acaStatusCategory',
		'address1',
		'address2',
		'age',
		'bestEmail',
		'birthday',
		'city',
		'country',
		'createdByUserId',
		'dateOfBirth',
		'department',
		'division',
		'employeeNumber',
		'employmentHistoryStatus',
		'firstName',
		'fullName1',
		'fullName2',
		'fullName3',
		'fullName4',
		'fullName5',
		'displayName',
		'gender',
		'hireDate',
		'originalHireDate',
		'homeEmail',
		'homePhone',
		'flsaCode',
		'jobTitle',
		'lastChanged',
		'lastName',
		'location',
		'maritalStatus',
		'middleName',
		'mobilePhone',
		'preferredName',
		'state',
		'stateCode',
		'status',
		'supervisor',
		'supervisorId',
		'supervisorEId',
		'supervisorEmail',
		'terminationDate',
		'workEmail',
		'workPhone',
		'workPhonePlusExtension',
		'workPhoneExtension',
		'zipcode',
	],
};
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kb.rezonate.io/core-integrations/bamboohr-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.