User Guide
Developer Documentation
Integrations
Release Notes

HiBob

Configuring the Veza integration for HiBob

The HiBob integration connects to your HiBob HR Information System (HRIS) platform to gather employee metadata and organizational structure information. As a primary source of workforce identity data, HiBob provides context for understanding user access patterns and supporting identity lifecycle decisions.

The integration enables:

  • Employee data synchronization for Lifecycle Management.

  • Visibility into HiBob structure and employee status.

  • Mapping HiBob accounts to external identities for query enrichment and access reviews.

  • Automated tracking of changes and reporting relationships.

This document includes steps to configure the integration, and details about the collected metadata.

Prerequisites

  • A HiBob administrator account with permissions to create service users and permission groups

  • The required HiBob roles to grant API access scopes:

    • People's data > People permissions

    • Access to employee lifecycle data

  • Service user API credentials (ID and Token)

Configuring HiBob

Create an API Service User, and retrieve the user ID and token for authentication:

  1. In Bob, open Bob products > System settings.

  2. Click Integrations.

  3. From the All categories menu, choose Automation.

  4. Click on Service users > Manage.

  5. Click + New service user. Enter a display name and a description and click Next.

  6. A popup will show the service user info. Copy the ID and Token and securely save them to configure the Veza integration.

  7. Click Done.

See the help topic Manage Service Users for complete instructions.

Create a service user permission group with the required permissions to read default employee fields:

  1. In Bob, go to Bob products > System settings

  2. Choose Account > Permission groups

  3. Click Create permission group

  4. Choose Service user. Give the group a name, description, and optional tags

  5. In the Group members section, choose the Veza service user and click Apply.

  6. Click Create, then Confirm.

  7. The new permission group will have no permissions marked by default. Use the People's data tab to add the following scopes:

    • People's data > People > About > View selected employees' About sections.

    • People's data > People > Basic info > View selected employees' Basic info sections.

    • People's data > People > Work > View selected employees' Work sections.

    • People's data > People > Work contact details > View selected employees' Work contact details sections.

    • People > Lifecycle > View selected employees' lifecycle sections.

  8. Under People's data > Access rights, choose employees these permissions apply to. By default, the permissions apply to all Employed employees.

  9. Click Save, then click Apply.

For more information, see Create and Update Service User Permission Groups.

Configuring HiBob on the Veza Platform

  1. In Veza, go to the Integrations page.

  2. Click Add Integration and search for HiBob. Click on it and click Next to add an integration.

  3. Enter the required information.

  4. Click Create Integration to save the configuration.

Field
Notes

Insight Point

Choose whether to use the default data plane or a deployed Insight Point.

Name

A friendly name to identify the unique integration.

Service User ID

Service user for API authentication.

Service User Token

Authentication token for the service user.

Sandbox

Toggle if connecting to a sandbox environment.

IdP Types

Comma-separated list of IdP types for identity mapping, e.g. (okta,azure_ad,custom,google_workspace,one_login).

Provisioning Source

Toggle to enable HiBob as a source of identity for Lifecycle Management.

Notes and Supported Entities

The integration gathers employee metadata to support identity governance and Access Reviews, automated provisioning/de-provisioning, and access analysis.

HiBob User Attributes:

  • id - Unique identifier for the employee

  • employeeNumber - Company-specific employee identifier

  • name - Display name of the employee

  • firstName - Employee's first name

  • lastName - Employee's surname

  • canonicalName - Full name in standard format

  • displayFullName - Full name as displayed in the system

  • email - Employee's email address

  • isActive - Boolean indicating if the employee is currently active

  • employmentStatus - Status of employment (e.g., "ACTIVE", "WITHDRAWN")

  • jobTitle - Employee's current job title

  • employmentTypes - List of employment type classifications

  • workLocation - Physical work location/site

  • startDate - Employment start date

  • terminationDate - Employment end date (if applicable)

  • department - Department reference containing department ID

  • company - Company identifier

  • supervisor - Reference to the employee's manager (if applicable)

  • is_manager - Boolean indicating if the employee has managerial status

PreviousHashiCorp VaultNextHubspot

Last updated