Okta & BambooHR—The missing manager email

Okta’s BambooHR integration by default only provides the first and last names of the user’s manager/supervisor, whereas for downstream apps (G Suite, etc.), the manager’s address is much more useful. It turns out BambooHR has an unpublished field in their API called supervisorEmail, however this field is not an option in the Okta BambooHR schema GUI. The workaround is to use the Okta API to add the attribute!

  1. Create admin-level API token (https://developer.okta.com/docs/guides/create-an-api-token/create-the-token/)
  2. In Okta Admin, go to the BambooHR app, and then grab the instance ID from the URL in the address bar, for example: https://<YOUR-OKTA-DOMAIN>-admin.okta.com/admin/app/bamboohr/instance/<THIS IS YOUR BAMBOOHR INSTANCE ID>/#tab-general
  3. Open Terminal and run the code below, replacing <...> where necessary.
  4. Now, in Okta Admin, when you check back in the BambooHR profile (Directory-> Profile Editor), you will see Supervisor Email as a custom attribute!
  5. You can now set up your preferred mapping from BambooHR to Okta profiles. A new import may be required if the values don’t update immediately.
  6. For safety, you could delete the Okta API token once you’re done.
curl -v -X POST \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: SSWS <YOUR-OKTA=API-TOKEN>" \ -d '{ "definitions": { "custom": { "id": "#custom", "type": "object", "properties": { "supervisorEmail": { "title": "Supervisor Email", "description": "The email address of this users supervisor", "externalName": "supervisorEmail", "scope": "NONE", "type": "string", "required": false } }, "required": [] } } }' "https://<YOUR-OKTA-DOMAIN>/api/v1/meta/schemas/apps/<YOUR BAMBOOHR INSTANCE ID>/default"

Leave a Reply

Your email address will not be published. Required fields are marked *