BambooHR has a complex permission model, and before creating this integration there are a couple of things you should consider:
First, you'll need to select a user to link BambooHR in Vanta. The connection relies on OAuth, which means the connecting user will need to be signed into BambooHR when adding the connection in Vanta. You should decide if you'd like to use an existing BambooHR employee, or create a non-employee BambooHR user for the integration.
If you use an existing employee, keep in mind that you will need to reconnect BambooHR in Vanta in the event that the connecting employee leaves.
If you would like to create a non-employee BambooHR, please see our guide BambooHR: Creating a Custom Access Level and Non-Employee User. Once the user has been created, check the inbox for the account used to make the non-employee, there should be a welcome email. Follow the steps to create a password for the user. This step is essential, as you must sign in to BambooHR with those user credentials to set up the Vanta integration!
Vanta needs at minimum View Only permissions to specific details in BambooHR. Due to this, the access component of this setup is important.
You have two options for access level:
Using Full Admin access level
orCreating a Custom access level
If you opt to create a Custom access level, these View Only settings are required:
Personal Tab:
Basic Info
View Only: Status, First Name, Last Name
Contact
View Only: Work Email
View Only: Home Email
Job Tab:
View Only: Hire Date
Employment Status
View Only: Date
View Only: Employment Status
Job Information
View Only: Job Title
View Only: Reporting to
View Only: Department
Time Off Tab:
Set All Fields to View Only
See About Themselves
Should Employees be able to see their own information?
Yes, Allow Access
Which Access Level should apply?
Full Access
For more on how to create a non-employee BambooHR user, or creating a Custom access role, please see our article; BambooHR: Creating a Custom Access Level and Non-Employee User
Integrating with BambooHR
From the left-hand navigation panel, select Integrations
Select the Available tab, and search for BambooHR
Select Connect
A pop-up modal will appear; enter your BambooHR subdomain address. This can be copied from the address bar when you are logged in to BambooHR. The text just before .bamboohr.com is your domain.
This should look like youraccount.bamboohr.com
Click Connect BambooHR
The pop-up modal will prompt to select a date to import people. By setting this date, Vanta will import any users who were active or termed after the date.
For example: if you set the date to October 30th, 2020, Vanta would import all users who left the company after October 30th, 2020, as well as any active users.
Once the date has been selected, hit save. It can take a few hours for the information to fully sync.
Reconnect BambooHR in Vanta
If the BambooHR user who initially set up the integration leaves your organization (or is about to) you can easily reconnect BambooHR in Vanta. Here's how you can do this:
Sign in to your BambooHR account with the user you'd like to reconnect the integration with.
Sign in to your Vanta account, and navigate to the Integrations page: https://app.vanta.com/integrations
On the Connections page, scroll down to Human Resources/Payroll, select the (...) menu, and click Reconnect
This will open the window where you set your subdomain for Vanta, enter your BambooHR address, which should look like "youraccount.bamboohr.com" and click Connect BambooHR
You will then see a popup where you may select a date to import people. By setting this date, Vanta will import any users who were active or termed after the date. You'll want to select the same date you had set before to ensure the same users stay in the account.
Once the date has been selected, hit save.