OneLogin | Marketplace Partner
How does OneLogin integrate with BambooHR?
Purpose: To help you understand what you can use OneLogin for and how you can integrate it with BambooHR.
OneLogin
An overview from BambooHR® Marketplace:
OneLogin gives users the ability to launch all their web apps from OneLogin's single sign-on (SSO) portal or from the company's intranet.
You can learn more about OneLogin in BambooHR® Marketplace.
Please note that OneLogin extends to the BambooHR mobile app so that users can log in to the app when using a single sign-on through OneLogin.
Please note you must be a Full Admin user to set up this integration.
Log in to OneLogin and click on the Apps tab to select Add Apps. Search for BambooHR and then click BambooHR. You will then be redirected to the BambooHR connector.
Confirm the display name and icon for the BambooHR app. Be sure to select the SAML2.0 connector. Click Save in the top right corner.
Once you have successfully added the BambooHR app, you need to specify other details before completing the integration setup. Go to the Configuration tab and enter your BambooHR subdomain.*
*Your subdomain is the first part of your BambooHR URL. For example, if my BambooHR URL is: https://helpcontent.bamboohr.com, my subdomain would be helpcontent.
Next, select the Parameters tab to ensure the admin has configured the credentials with the mappings being as follows:
- E-Mail = Email
- First Name = First Name
- Last Name = Last Name
- Username = Email
Select the SSO tab and copy the following information into BambooHR:
X.509 Certificate (View Details)
SAML 2.0 Endpoint (HTTP)
Be sure to copy the entire certificate, including the BEGIN CERTIFICATE and END CERTIFICATE lines.
In a separate window, log in to BambooHR. Navigate to Settings and select Apps. Find OneLogin and click Install.
Enter the SAML information into BambooHR by pasting the SSO Login URL (SAML 2.0 Endpoint (HTTP)) and the X.509 Certificate information from OneLogin. You can now click on the BambooHR app icon in OneLogin to log in to BambooHR.
You will also see the option to "allow optional email & password login." This will give employees the option to log in through [OneLogin/Microsoft/SAML/etc] or type in their email and password. Please note that while this is an option, we recommend leaving this unchecked as installing a single sign-on option will disable the 2-Step Login in BambooHR.
The option of making SSO an optional authentication choice while still allowing username/password authentication gives our customers who are primarily looking to simplify login experience more flexibility in how they configure and use the SSO integration. For customers whose requirements focus on enhanced security, it is recommended that they use the SSO-only option for maximum security. Authentication security will always only be as strong as the weakest option permitted.
To grant all of your BambooHR employees access to log in to BambooHR through OneLogin, you need to create a mapping. To do this, click on the Users tab and select Mappings. Click New Mapping.
Follow these steps to create your mapping:
- Rename the mapping to BambooHR Mapping to easily recognize it in the future.
- Under Conditions, change the selections to MemberOf > contains > BambooHR.
- Under Actions, change the selections to Set role > BambooHR. (Note: BambooHR will automatically appear as "Default" here if you have not created a role for BambooHR and no other apps are in OneLogin.)
Once you have entered the above information, click Save.
On the Mappings page, click Reapply All Mappings to establish the new mapping.
Once this is complete, you and your BambooHR users can log in to BambooHR via the single sign-on.
Please note that each employee will still receive the password setup email with employee access enabled in BambooHR, but they do not have to create a password for BambooHR because OneLogin manages that. Once a user activates the employee in BambooHR and their email address in BambooHR matches the email address in OneLogin, the employee can authenticate through OneLogin and click through to BambooHR from within that app.
Once logged into OneLogin, click on the BambooHR icon to go directly to BambooHR.
*IMPORTANT NOTE: If you log out of BambooHR while still logged into OneLogin, you will still be effectively logged into BambooHR. If you were to go to your BambooHR login URL in a web browser, OneLogin would recognize you as still logged in and allow immediate access. BE SURE TO LOG OUT OF ONELOGIN WHEN YOU ARE NO LONGER USING THE APPLICATION.
If you are an existing customer using this integration, please be aware that OneLogin supports this integration.
Click here to find contact information.