# HiBob The HiBob integration connects to your HiBob HR Information System (HRIS) platform to gather employee metadata and organizational structure information. As a primary source of workforce identity data, HiBob provides context for understanding user access patterns and supporting identity lifecycle decisions. The integration enables: * Employee data synchronization for Lifecycle Management. * Visibility into HiBob structure and employee status. * Mapping HiBob accounts to external identities for query enrichment and access reviews. * Automated tracking of changes and reporting relationships. This document includes steps to configure the integration, and details about the collected metadata. ### Prerequisites * A HiBob administrator account with permissions to create service users and permission groups * The required HiBob roles to grant API access scopes: * People's data > People permissions * Access to employee lifecycle data * Service user API credentials (ID and Token) ### Configuring HiBob Create an API Service User, and retrieve the user ID and token for authentication: 1. In Bob, open **Bob products** > **System settings**. 2. Click **Integrations**. 3. From the **All categories** menu, choose **Automation**. 4. Click on **Service users** > **Manage**. 5. Click + **New service user**. Enter a display name and a description and click **Next**. 6. A popup will show the service user info. Copy the **ID** and **Token** and securely save them to configure the Veza integration. 7. Click **Done**. See the help topic [Manage Service Users](https://help.hibob.com/hc/en-us/articles/27875098648465-Manage-service-users) for complete instructions. Create a service user permission group with the required permissions to read default employee fields: 1. In Bob, go to **Bob products** > **System settings** 2. Choose **Account** > **Permission** groups 3. Click **Create permission group** 4. Choose **Service user**. Give the group a name, description, and optional tags 5. In the **Group members** section, choose the Veza service user and click **Apply**. 6. Click **Create**, then **Confirm**. 7. The new permission group will have no permissions marked by default. Use the **People's data** tab to add the following scopes: * People's data > People > About > View selected employees' About sections. * People's data > People > Basic info > View selected employees' Basic info sections. * People's data > People > Work > View selected employees' Work sections. * People's data > People > Work contact details > View selected employees' Work contact details sections. * People > Lifecycle > View selected employees' lifecycle sections. 8. Under **People's data** > **Access rights**, choose employees these permissions apply to. By default, the permissions apply to all `Employed` employees. 9. Click **Save**, then click **Apply**. {% hint style="info" %} **Additional Properties Permissions** The permissions listed above are sufficient for the default employee fields supported by the Veza integration. If you need to access additional custom properties (such as `internal.lifecycleStatus`), you may need to grant additional permissions in HiBob according to their API documentation. For example, to access full employee lifecycle history data, the service user requires: * **People's Data > Lifecycle > View all other employees' Lifecycle section histories** * **People's Data > Access data for > Make sure the employee is in the list** Refer to the [HiBob API documentation](https://apidocs.hibob.com/reference/get_people-id-lifecycle) for specific permission requirements for each endpoint and custom property. {% endhint %} For more information, see [Create and Update Service User Permission Groups](https://help.hibob.com/hc/en-us/articles/29550415706897-Create-and-update-a-service-user-permission-group). ### Configuring HiBob on the Veza Platform 1. In Veza, go to the **Integrations** page. 2. Click *Add Integration* and search for HiBob. Click on it and click **Next** to add an integration. 3. Enter the required information. 4. Click *Create Integration* to save the configuration. | Field | Notes | | ------------------- | ------------------------------------------------------------------------------------------------------------------ | | Insight Point | Choose whether to use the default data plane or a deployed Insight Point. | | Name | A friendly name to identify the unique integration. | | Service User ID | Service user for API authentication. | | Service User Token | Authentication token for the service user. | | Sandbox | Toggle if connecting to a sandbox environment. | | IdP Types | Comma-separated list of IdP types for identity mapping, e.g. (okta,azure\_ad,custom,google\_workspace,one\_login). | | Provisioning Source | Toggle to enable HiBob as a source of identity for Lifecycle Management. | #### Lifecycle Management capabilities When enabled as a provisioning source, HiBob serves as a source of identity for automated provisioning workflows. HiBob employees are ingested as `CustomHRISEmployee` entity types for use in [Lifecycle Management](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/integrations.md) policies. The integration supports: * **Identity Synchronization**: Employee data from HiBob drives joiner, mover, and leaver workflows * **Email Write-Back**: Email addresses provisioned in target systems (such as Active Directory or Azure AD) can be written back to employee records in HiBob {% hint style="info" %} HiBob is a source-only integration for Lifecycle Management. It cannot be used as a provisioning target for creating or managing user accounts. {% endhint %} ### Notes and Supported Entities The integration gathers employee metadata to support identity governance and Access Reviews, automated provisioning/de-provisioning, and access analysis. #### HiBob User Attributes: * `id` - Unique identifier for the employee * `employeeNumber` - Company-specific employee identifier * `name` - Display name of the employee * `firstName` - Employee's first name * `lastName` - Employee's surname * `canonicalName` - Full name in standard format * `displayFullName` - Full name as displayed in the system * `email` - Employee's email address * `isActive` - Boolean indicating if the employee is currently active * `employmentStatus` - Status of employment (e.g., "ACTIVE", "WITHDRAWN") * `jobTitle` - Employee's current job title * `employmentTypes` - List of employment type classifications * `workLocation` - Physical work location/site * `startDate` - Employment start date * `terminationDate` - Employment end date (if applicable) * `department` - Department reference containing department ID * `company` - Company identifier * `supervisor` - Reference to the employee's manager (if applicable) * `is_manager` - Boolean indicating if the employee has managerial status --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/hibob.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.