Okta’s BambooHR integration by default only provides the first and last names of the user’s manager/supervisor, whereas for downstream apps (G Suite, etc.), the manager’s address is much more useful. It turns out BambooHR has an unpublished field in their API called supervisorEmail, however this field is not an option in the Okta BambooHR schema GUI. The workaround is to use the Okta API to add the attribute!
- Create admin-level API token (https://developer.okta.com/docs/guides/create-an-api-token/create-the-token/)
- In Okta Admin, go to the BambooHR app, and then grab the instance ID from the URL in the address bar, for example:
https://<YOUR-OKTA-DOMAIN>-admin.okta.com/admin/app/bamboohr/instance/<THIS IS YOUR BAMBOOHR INSTANCE ID>/#tab-general
- Open Terminal and run the code below, replacing
<...>
where necessary. - Now, in Okta Admin, when you check back in the BambooHR profile (Directory-> Profile Editor), you will see Supervisor Email as a custom attribute!
- You can now set up your preferred mapping from BambooHR to Okta profiles. A new import may be required if the values don’t update immediately.
- For safety, you could delete the Okta API token once you’re done.
curl -v -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: SSWS <YOUR-OKTA=API-TOKEN>" -d '{ "definitions": { "custom": { "id": "#custom", "type": "object", "properties": { "supervisorEmail": { "title": "Supervisor Email", "description": "The email address of this users supervisor", "externalName": "supervisorEmail", "scope": "NONE", "type": "string", "required": false } }, "required": [] } } }' "https://<YOUR-OKTA-DOMAIN>/api/v1/meta/schemas/apps/<YOUR BAMBOOHR INSTANCE ID>/default"
Thank you to Julian in the comments for pointing out a syntax issue that I’ve now fixed.
You are amazing, thank you so much for this fix! This was really high on the list for this project and I’m so happy we can deliver it now. Cheers!!
I was already implementing a solution based on Okta Worfklow to populate a custom field with the proper information, when I stumbled upon this article. This solution worked a treat! Thanks a lot.
Only issue was with is the several “\” in the curl command, they were throwing an error on the CLI. I’ve removed them and the command worked just fine.
You are a life saver! Thank you!
Hello,
Thank you so much for this, I tried to run it but I encounter a small problem, I replaced the API, domain and Instance ID and I get the following error:
* Closing connection -1
curl: (3) URL using bad/illegal format or missing URL
* Closing connection -1
curl: (3) URL using bad/illegal format or missing URL
* Closing connection -1
curl: (3) URL using bad/illegal format or missing URL
* Closing connection -1
curl: (3) URL using bad/illegal format or missing URL
* Closing connection -1
curl: (3) URL using bad/illegal format or missing URL
* Closing connection -1
curl: (3) URL using bad/illegal format or missing URL
* Closing connection -1
curl: (3) URL using bad/illegal format or missing URL
curl: (3) unmatched brace in URL position 4:
“{
I looked on the internet, at first it was with ‘{, someone suggested to use “{ but the same thing is happening. I would really appreciate it if you can help me.
I believe this is because there were some backslashes left in the snippet (which had originally been escaping newlines). I have updated the snippet and removed them, so it might work for you now.
Used this successfully in July 2023. Thank you for posting this.