BambooHR
The BambooHR integration provides integration with HR data such as group memberships, employment status, out of the office, location, etc.
caution
The external data sources we provide are meant to be examples and inspiration for users to create their own data sources. We won't maintain these integrations in perpituity, and changes to the APIs they interact with may break them in the future.
The datasource project is open-source, and if the community wishes to provide contributions to keep it working in the future, we will shepherd those updates.
Install
Create new BambooHR API key by navigating to Your profile → API Keys, and adding a new API Key.
In order to correctly parse dates returned by BambooHR API you will need to provide a time zone - either an
UTC
or IANA Time Zone database name, i.e.America/New_York
.
- Docker Compose
- Binary
These instructions assume a local testing environment using Docker Compose. Adjust as needed for your deployment environment.
Add the datasource docker image to Docker Compose:
version: "3"services: bamboohr: image: docker.cloudsmith.io/pomerium/datasource/datasource:main command: - bamboohr - --bamboohr-api-key=$YOUR_API_KEY - --bamboohr-subdomain=$YOUR_BAMBOOHR_SUBDOMAIN - --bamboohr-time-zone=America/New_York - --address=:8080 container_name: bamboohr restart: always expose: - 8080
Bring up the new container.
These instructions assume a local testing environment. Adjust as needed for your deployment environment.
Download the latest release of the Pomerium datasource project and extract it.
Change directory and run the binary:
cd pomerium-datasource-*
./pomerium-datasource bamboohr --bamboohr-api-key=$YOUR_API_KEY --bamboohr-subdomian=$YOUR_BAMBOOHR_SUBDOMAIN --bamboohr-time-zone=America/New_YorkThe output should resemble:
{"level":"info","message":"ready"}
Configure Configure External Data Source
BambooHR data connector exposes two API endpoints:
/employees/all
returns all employees/employees/available
returns employees that are not currently out of the office due to vacation or other leave reasons.
To create new external data record:
In the Pomerium Enterprise Console, navigate to CONFIGURE → External Data and click + ADD EXTERNAL DATA SOURCE.
Fill out the following fields:
Field Content Notes URL http://bamboohr:8080/employees/available
Adjust for the endpoint you'll write policies against. Record type pomerium.io/BambooHRAvailable
As above, adjust to somethinglike pomerium.io/BambooHRAll for the other endpoint. Foreign Key user.email
Pomerium uses the users's email to associate IdP and Bamboo user entries. Click SAVE EXTERNAL DATA SOURCE.
Define a new policy. The example policy below only allows access to the persons in the Marketing department and only when they are not on vacation.
- Builder
- Editor
allow: and: - record: field: department is: Marketing type: pomerium.io/BambooHRAvailable
Reference
The BambooHR data source provides the following record details; see BambooHR Field Reference for details.
department
division
status
first_name
last_name
country
state