Custom HRIS Provider

OAA Template for Human Resources Information Systems

PreviousCustom Identity Provider NextOAA .NET SDK

Last updated 5 months ago

Was this helpful?

Custom HRIS Provider

OAA Template for Human Resources Information Systems

Overview

Use this Open Authorization API template to publish employee metadata for Human Resources Information Systems (HRIS) platforms, typically used by organizations as a single source of truth for employee information.

Unlike an Identity Provider, HR platforms typically do not provide access to other systems. Employee profiles within an HRIS platform are instead used to store important details such as employment status, who individuals report to, department, and country. Veza can use this metadata to:

Trigger events when there is a change in the integrated HRIS data source.
Correlate employees in the HRIS system with identities in your identity provider (IdP).
Enrich Access Reviews with details about linked HRIS employees for users under review.

The template supports:

A top-level System entity representing the HRIS tenant, organization, or account.
Employee entities representing current and inactive workers
Group entities representing teams, departments, cost centers, or other units to which users are assigned.

To enable this payload format, specify the hris custom template when with the API.

HRIS template example

{
  "System": {
    "URL": "https://examplehris.com"
  },
  "Employees": [
    {
      "Employee Number": "123456",
      "Company": "Example Corp",
      "First Name": "John",
      "Last Name": "Doe",
      "Preferred Name": "Johnny",
      "Display Full Name": "Johnny Doe",
      "Canonical Name": "John Doe",
      "Username": "john.doe",
      "Email": "john.doe@examplecorp.com",
      "IDP ID": "1234-5678-9012",
      "Personal Email": "johndoe@gmail.com",
      "Home Location": "City A",
      "Work Location": "City B",
      "Cost Center": "001",
      "Department": "002",
      "Managers": ["987654"],
      "Groups": ["team-1", "dept-1"],
      "Employment Status": "ACTIVE",
      "Is Active": true,
      "Start Date": "2021-05-01T00:00:00Z",
      "Termination Date": null,
      "Job Title": "Software Engineer",
      "Employment Types": ["FULL_TIME"],
      "Primary Time Zone": "America/New_York"
    }
  ],
  "Groups": [
    {
      "Group Type": "TEAM",
      "Parent": "dept-1"
    }
  ]
}

Custom properties

{
  "name": "BambooHR",
  "hris_type": "BambooHR",
  "custom_property_definition": {
    "employee_properties": {
      "division": "STRING",
      "office_extension": "STRING"
    },
    "group_properties": {
      "headquarters_location": "STRING"
    }
  },
  "system": {
    "name": "BambooHR",
    "id": "BambooHR",
    "url": "https://vezai.bamboohr.com",
    "idp_providers": ["okta"]
  },
  "employees": [
    {
      "name": "Charlotte Abbott",
      "id": "1",
      "custom_properties": {
        "division": "North America",
        "office_extension": "1234"
      },
      "employee_number": "1",
      "email": "cabbott@efficientoffice.com",
      "work_location": "Lindon, Utah",
      "job_title": "Sr. HR Administrator"
    },
    {
      "name": "Cheryl Barnet",
      "id": "10",
      "custom_properties": {
        "division": "North America",
        "office_extension": "5678"
      },
      "employee_number": "10",
      "email": "cbarnet@efficientoffice.com",
      "work_location": "Lindon, Utah",
      "job_title": "VP of Customer Success"
    }
  ],
  "groups": [
    {
      "name": "North America-Human Resources",
      "id": "North America-Human Resources",
      "group_type": "Department",
      "custom_properties": {
        "headquarters_location": "Lindon, Utah"
      }
    }
  ]
}

Identity mappings

Veza maps HRIS employees to identities from integrated Identity Providers (IdPs) such as Okta by matching the idp_id, email, or id value in the HRIS payload with the IdP entity's Name, Principal Name, or Identity. The matching process checks these fields in the following sequence:

idp_id
email
id

If the idp_id is unset, Veza uses the email field for matching. If the email field is also absent, the id is used. Veza issues a warning if no matching entity is found.

Custom HRIS System

The account/tenant/etc. that contains the HR information.

Property

Type

Required

Unique

Description

URL

String

The url for this HRIS system.

Custom HRIS Employee

Used to represent any person who has been employed by a company.

Property

Type

Required

Unique

Description

Employee Number

String

The employee's number that appears in the third-party integration.

Company

String

The company (or subsidiary) the employee works for.

First Name

String

The employee's first name

Last Name

String

The employee's last name

Preferred Name

String

The employee's preferred first name.

Display Full Name

String

The employee's full name, to use for display purposes. If a preferred first name is available, the full name will include the preferred first name.

Canonical Name

String

The employee's canonical name.

Username

String

The employee's username that appears in the integration UI.

String

The employee's work email.

IDP ID

String

The ID for this employee on the destination IDP provider used to automatically connect to it, if not supplied email is used

Personal Email

String

The employee's personal email.

Home Location

String

The employee's home location.

Work Location

String

The employee's work location.

Cost Center

String

The cost center ID (Group ID) that the employee is in.

Department

String

The department ID (Group ID) that the employee is in.

Managers

STRINGLIST

The employee IDs of the employee's managers.

Groups

STRINGLIST

The IDs of groups this user is in

Employment Status

String

The employment status of the employee. Possible values include - ACTIVE, PENDING, INACTIVE.

Is Active

BOOLEAN

If the employee is active or not.

Start Date

TIMESTAMP

The date that the employee started working. If an employee was rehired, the most recent start date will be returned.

Termination Date

TIMESTAMP

The employee's termination date.

Job Title

String

The title of the employee.

Employment Types

STRINGLIST

The employee's type of employment. Possible values include - FULL_TIME, PART_TIME, INTERN, CONTRACTOR, FREELANCE.

Primary Time Zone

String

The time zone which the employee primarily lives.

Custom HRIS Group

Used to represent any subset of employees, such as PayGroup or Team. Employees can be in multiple Groups.

Property

Type

Required

Unique

Description

Group Type

String

The type of group, possible values include - TEAM, DEPARTMENT, COST_CENTER, BUSINESS_UNIT, GROUP. This is intended as to not have each type as their own nodes.

Parent

String

The group ID of its parent group.

PreviousCustom Identity Provider NextOAA .NET SDK

Last updated 5 months ago

Was this helpful?

Overview

Trigger events when there is a change in the integrated HRIS data source.
Correlate employees in the HRIS system with identities in your identity provider (IdP).
Enrich Access Reviews with details about linked HRIS employees for users under review.

The template supports:

A top-level System entity representing the HRIS tenant, organization, or account.
Employee entities representing current and inactive workers
Group entities representing teams, departments, cost centers, or other units to which users are assigned.

To enable this payload format, specify the hris custom template when with the API.

HRIS template example

{
  "System": {
    "URL": "https://examplehris.com"
  },
  "Employees": [
    {
      "Employee Number": "123456",
      "Company": "Example Corp",
      "First Name": "John",
      "Last Name": "Doe",
      "Preferred Name": "Johnny",
      "Display Full Name": "Johnny Doe",
      "Canonical Name": "John Doe",
      "Username": "john.doe",
      "Email": "john.doe@examplecorp.com",
      "IDP ID": "1234-5678-9012",
      "Personal Email": "johndoe@gmail.com",
      "Home Location": "City A",
      "Work Location": "City B",
      "Cost Center": "001",
      "Department": "002",
      "Managers": ["987654"],
      "Groups": ["team-1", "dept-1"],
      "Employment Status": "ACTIVE",
      "Is Active": true,
      "Start Date": "2021-05-01T00:00:00Z",
      "Termination Date": null,
      "Job Title": "Software Engineer",
      "Employment Types": ["FULL_TIME"],
      "Primary Time Zone": "America/New_York"
    }
  ],
  "Groups": [
    {
      "Group Type": "TEAM",
      "Parent": "dept-1"
    }
  ]
}

Custom properties

The HRIS template supports . After specifying a custom property definition in the payload, you can assign additional attributes to entities. These enable attribute filters for searches and access reviews in Veza, and enrich results with entity metadata unique to the source system or your organization.

{
  "name": "BambooHR",
  "hris_type": "BambooHR",
  "custom_property_definition": {
    "employee_properties": {
      "division": "STRING",
      "office_extension": "STRING"
    },
    "group_properties": {
      "headquarters_location": "STRING"
    }
  },
  "system": {
    "name": "BambooHR",
    "id": "BambooHR",
    "url": "https://vezai.bamboohr.com",
    "idp_providers": ["okta"]
  },
  "employees": [
    {
      "name": "Charlotte Abbott",
      "id": "1",
      "custom_properties": {
        "division": "North America",
        "office_extension": "1234"
      },
      "employee_number": "1",
      "email": "cabbott@efficientoffice.com",
      "work_location": "Lindon, Utah",
      "job_title": "Sr. HR Administrator"
    },
    {
      "name": "Cheryl Barnet",
      "id": "10",
      "custom_properties": {
        "division": "North America",
        "office_extension": "5678"
      },
      "employee_number": "10",
      "email": "cbarnet@efficientoffice.com",
      "work_location": "Lindon, Utah",
      "job_title": "VP of Customer Success"
    }
  ],
  "groups": [
    {
      "name": "North America-Human Resources",
      "id": "North America-Human Resources",
      "group_type": "Department",
      "custom_properties": {
        "headquarters_location": "Lindon, Utah"
      }
    }
  ]
}

Identity mappings

idp_id
email
id

If the idp_id is unset, Veza uses the email field for matching. If the email field is also absent, the id is used. Veza issues a warning if no matching entity is found.

Custom HRIS System

The account/tenant/etc. that contains the HR information.

Property

Type

Required

Unique

Description

URL

String

The url for this HRIS system.

Custom HRIS Employee

Used to represent any person who has been employed by a company.

Property

Type

Required

Unique

Description

Employee Number

String

The employee's number that appears in the third-party integration.

Company

String

The company (or subsidiary) the employee works for.

First Name

String

The employee's first name

Last Name

String

The employee's last name

Preferred Name

String

The employee's preferred first name.

Display Full Name

String

The employee's full name, to use for display purposes. If a preferred first name is available, the full name will include the preferred first name.

Canonical Name

String

The employee's canonical name.

Username

String

The employee's username that appears in the integration UI.

String

The employee's work email.

IDP ID

String

The ID for this employee on the destination IDP provider used to automatically connect to it, if not supplied email is used

Personal Email

String

The employee's personal email.

Home Location

String

The employee's home location.

Work Location

String

The employee's work location.

Cost Center

String

The cost center ID (Group ID) that the employee is in.

Department

String

The department ID (Group ID) that the employee is in.

Managers

STRINGLIST

The employee IDs of the employee's managers.

Groups

STRINGLIST

The IDs of groups this user is in

Employment Status

String

The employment status of the employee. Possible values include - ACTIVE, PENDING, INACTIVE.

Is Active

BOOLEAN

If the employee is active or not.

Start Date

TIMESTAMP

The date that the employee started working. If an employee was rehired, the most recent start date will be returned.

Termination Date

TIMESTAMP

The employee's termination date.

Job Title

String

The title of the employee.

Employment Types

STRINGLIST

The employee's type of employment. Possible values include - FULL_TIME, PART_TIME, INTERN, CONTRACTOR, FREELANCE.

Primary Time Zone

String

The time zone which the employee primarily lives.

Custom HRIS Group

Used to represent any subset of employees, such as PayGroup or Team. Employees can be in multiple Groups.

Property

Type

Required

Unique

Description

Group Type

String

The type of group, possible values include - TEAM, DEPARTMENT, COST_CENTER, BUSINESS_UNIT, GROUP. This is intended as to not have each type as their own nodes.

Parent

String

The group ID of its parent group.