top of page
Search
  • Writer's pictureDerek Visch
    • Oct 7, 2020
    • 5 min read

BambooHR to Active Directory

Updated: Jun 7, 2021

Sync BambooHR to AD with Automated User Provisioning from Auto IDM.


How can you integrate BambooHR with your Active Directory environment?

To learn more about how to free your IT team from manual provisioning setup a meeting with us today here https://www.autoidm.com/schedule


How does this thing work?

We use BambooHR’s API, and our own framework to maintain, orchestrate, and monitor data integrations. We've partnered with BambooHR which gives us a test environment, allowing us to fully test everything in an isolated environment before touching production systems. After data is pulled via the API we synchronize the two data systems following the rules that your business needs.


What about getting everyone on the same page in HR and IT? What's the project plan look like?

Getting the left hand to know what the right hand is doing in business is complicated. At Auto IDM we have a solid process established to make sure everyone in your business is on the same page. The process is adjusted depending on your needs but it follows these main points.


  1. Initial Meeting - (30 min) We start by bringing all stake holders together to be sure we're all on the same page. In the same meeting we lay out our current timeline and let everyone know exactly what's expected of them and when. We understand that People are the most important process in any automation. After this meeting everyone knows who's responsible for what and who to go to to ask for questions.

  2. Access - (2 hours) We architect a fully secure solution that gives Auto IDM access to what we need. This gives your IT team full control over how things will be accomplished. We will find a process that suits your needs.

  3. Business Rules - (1 hour) After we gain access Auto IDM immediately schedules the initial rules meeting. While we have time before the Business Rules meeting Auto IDM's team immediately gets together to build out our best guess as to what rules will fit with your organization. We also build a list of accounts to review during our next meeting as we'll need to align your BambooHR system with Active Directory using an ID to key off from. During the business rules meeting we work with you to understand your unique needs and build a system that works for you. We also build out a testing plan.

  4. Testing - (~1 hour x 4) This is the most iterative process of the project. We need someone from your company to be our Champion and that can offer their time for a set time frame (normally a week for a total of ~4 hours depends on how complicated the setup and testing plan is). We follow our test plan and review with you any unexpected issues that crop up during development. This process is very iterative, and we condense it down it to be as painless as possible.

  5. Completion - (15 minutes) We have a final completion meeting to verify everyone knows that the project is completed. The biggest difference between us and everyone else is, if there's any issues or changes that come up we complete them for you and it's fully included in our cost. This means that our cost aligns with what your company wants in the long term, the solution to continue working.


What is BambooHR?

BambooHR offers small and growing companies a human resource information system (HRIS) that includes many features companies need to scale their human resources department. From an integration and IT’s perspective BambooHR is thought of as the System of Record for user accounts.


What features does Auto IDM have available?

Auto IDM's solution automates your existing processes. Which means we tailor our solution to what you need, and also leverage our knowledge across our entire customer base by sharing core functionality. There's no need to learn our systems we take care of account creation and allow your team to continue using the systems and tools they are already familiar with.


Here's a short list of some things we can do for you!

  1. AD Account Creation, Update, Deletion (Disabling and moving to a disabled OU is more common)

  2. Group Membership

  3. Homefolder management

  4. Write back to BambooHR: Write the work email, username, and initial password back to BambooHR

  5. Password Reset triggered in BambooHR!

  6. Daily Report: What did the automation change in the last day?

  7. Drift Report: What exists in Active Directory that's not current managed by the automation? (Governance)

  8. Welcome Packet: We can send/generate an initial username and password for your users so that communication issues can be taken off of ITs plate

  9. Additional customizations are available and included with the cost


What software do I need?

You’ll need BambooHR and a Windows Server with Active Directory installed. The rest is up to our integration team. We have multiple architectures available that can suit your needs.


What if something breaks?

As a fully managed service we will reach out to you if we see an error. For any questions or issues that you detect submit a ticket to our helpdesk at support@autoidm.com


What about Azure AD?

Azure AD Connect https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-roadmap is a tool that will integrate your local AD environment with Azure AD. Auto IDM can directly integrate with Azure AD as well, but we'll save that for another article.


What about Google Workspace (GSuite)?

With on prem AD there’s Google Cloud Directory Sync (GCDS) which is available https://support.google.com/a/answer/106368?hl=en which can accomplish moving data from AD to Google for you. Auto IDM can directly integrate with Google Workspace as well, but we'll save that for another article!


Can I do this myself instead of paying for your service?

Yes writing, orchestrating, monitoring, and maintaining your own software is doable. Here's some pointers.


Pull data from BambooHR: To start you'll need to review BambooHR's API documentation here. There’s some nice open source tooling that can help you interact with their RESTful API. PyBambooHR is located here. At Auto IDM we use a regular HTTP client library, specifically ktor (https://ktor.io/docs/client.html) . Now you have data from BambooHR, how do you get that data into Active Directory?


Map data and push to Active Directory: The simplest way (although not always the best depending on your situation) is to use PowerShell. The Import-CSV Module located here is probably the easiest interface to use. After I'd use the ActiveDirectory Module, specifically New-ADUser , Set-ADUser, Add-ADGroupMember, and Remove-ADGroupMember


Does doing all of this yourself seem like something you shouldn’t be supporting? That’s what Auto IDM is here for. Auto IDM is a fully managed service. There’s no software to train on, no software maintenance, and no software configuration that your team needs to worry about. Setup a meeting so we can learn about your integration and about how we can help! https://www.autoidm.com/schedule



Recent Posts

See All
Post: Blog2_Post
bottom of page