UniFi Identity Enterprise - Add BambooHR as an SSO App
Enabling SAML in BambooHR will change how all users access the application. Once SAML is activated, users must sign in via the SAML 2.0 service and will no longer be able to use the regular sign-in page.
BambooHR does not offer a backup sign-in URL for username and password access. To revert to username and password sign-in, a BambooHR admin must disable SAML by uninstalling the Identity Enterprise SAML application.
Add BambooHR App to Identity Enterprise
- Go to your Identity Enterprise Manager > SSO Apps.
- Click the Add icon on the upper right corner and select BambooHR.
- Click Add. The Sign-On URL, Issuer, and Public Certificate will be displayed. Click to download the Public Certificate. Do not close the page as you'll need to copy and paste them to BambooHR later.
Configure SSO in BambooHR
- Navigate to BambooHR at https://[your_subdomain].bamboohr.com, where [your_subdomain] is your organization's subdomain, and sign in with your existing credentials. This URL is your organization's default relay state.
- Click the Settings icon > Apps.
- Select Single Sign-On from the Apps menu.
- You will see a list of Identity Providers. Select SAML.
- After selecting SAML, you will see a description and instructions to set up SSO, click Install.
- In the subsequent screen, enter the following:
- SSO Login URL: Paste the Sign-On URL from Identity Enterprise Manager.
- X.509 certificate: Paste the content of the public certificate downloaded from Identity Enterprise Manager.
- Click Install.
Configure SSO Settings in Identity Enterprise
- Navigate back to the Add BambooHR page on Identity Enterprise Manager.
- Enter your BambooHR subdomain. For example, if your BambooHR's sign-in URL is https://acme.bamboohr.com/saml/consume.php, then enter "acme". Entering the wrong subdomain will prevent you from authenticating via SAML to BambooHR.
- (Optional) Enter the SAML default relay state. It is the destination to which the user will be redirected after they have completed the authentication process at the Identity Provider (IdP).