BambooHR
The BambooHR integration provides integration with HR data such as group memberships, employment status, out of the office, location, etc.
The external data sources we provide are meant to be examples and inspiration for users to create their own data sources. We won't maintain these integrations in perpetuity, and changes to the APIs they interact with may break them in the future.
The datasource project is open-source, and if the community wishes to provide contributions to keep it working in the future, we will shepherd those updates.
Install
Create new BambooHR API key by navigating to Your profile → API Keys, and adding a new API Key.
In order to correctly parse dates returned by BambooHR API you will need to provide a time zone - either an
UTC
or IANA Time Zone database name, i.e.America/New_York
.
- Docker Compose
- Binary
These instructions assume a local testing environment using Docker Compose. Adjust as needed for your deployment environment.
- Add the datasource docker image to Docker Compose:
version: '3'
services:
bamboohr:
image: docker.cloudsmith.io/pomerium/datasource/datasource:main
command:
- bamboohr
- --bamboohr-api-key=$YOUR_API_KEY
- --bamboohr-subdomain=$YOUR_BAMBOOHR_SUBDOMAIN
- --bamboohr-time-zone=America/New_York
- --address=:8080
container_name: bamboohr
restart: always
expose:
- 8080
- Bring up the new container.
These instructions assume a local testing environment. Adjust as needed for your deployment environment.
Download the latest release of the Pomerium datasource project and extract it.
Change directory and run the binary:
cd pomerium-datasource-*
./pomerium-datasource bamboohr --bamboohr-api-key=$YOUR_API_KEY --bamboohr-subdomian=$YOUR_BAMBOOHR_SUBDOMAIN --bamboohr-time-zone=America/New_York
The output should resemble:
{"level": "info", "message": "ready"}
Configure External Data Source
BambooHR data connector exposes two API endpoints:
/employees/all
returns all employees/employees/available
returns employees that are not currently out of the office due to vacation or other leave reasons.
To create new external data record:
In the Pomerium Enterprise Console, navigate to CONFIGURE → External Data and click + ADD EXTERNAL DATA SOURCE.
Fill out the following fields:
Field | Content | Notes |
---|---|---|
URL | http://bamboohr:8080/employees/available | Adjust for the endpoint you'll write policies against. |
Record type | pomerium.io/BambooHRAvailable | As above, adjust to somethinglike pomerium.io/BambooHRAll for the other endpoint. |
Foreign Key | user.email | Pomerium uses the users's email to associate IdP and Bamboo user entries. |
Polling Min Delay | 30m | Minimum poll interval |
Polling Max Delay | 4h | Maximum poll interval |
Click SAVE EXTERNAL DATA SOURCE.
Define a new policy. The example policy below only allows access to the persons in the Marketing department and only when they are not on vacation.
- Builder
- Editor
allow:
and:
- record:
field: department
is: Marketing
type: pomerium.io/BambooHRAvailable
Reference
The BambooHR data source provides the following record details; see BambooHR Field Reference for details.
department
division
status
first_name
last_name
country
state