Overview
To authenticate Hibob using a Service Account, you will need to provide the following information:
Service Account User ID
Service Account Token
Prerequisites
Please ensure you fulfill all the requirements to set up the integration:
You have Administrator permissions in your company's Hibob instance
Video Guide
Note: The written instructions below are updated more frequently than our video guide, which may not always reflect the latest changes to Hibob's own user interface.
Instructions
Step 1: Create the Service User in your Hibob Account
Navigate to your Hibob System Settings
On the Settings screen, open Integrations and click Manage on the Service Users tile
Click on Create service user
Enter any Display name and click Create
On the next screen, Hibob display the credentials for your new service user. Make a note of both the ID and the Token, then click on Go to permission groups and proceed with the next step
Step 2: Create a Permission Group
Click Add permission group, then Service user
Enter any Group name, select your new service user under Select service users and click Create
When asked to confirm the changes, click Confirm
Switch to the People's data tab of the new Permission Group, pick "Select people by condition" under Whose data can members access?, then click on Edit to select the people the integration can access
In the Select people by condition pop-up, select all relevant Lifecycle Statuses. In most scenarios this will include Hired, Employed, and Terminated. Click Apply twice once done:
Back in the People's Data add the following permissions.
Please note the permissions below are the required permissions for the full HRIS API. You only need to configure the permissions based on your use case.
People > Basic Info
View selected employees' Basic info sections (This is required to surface employees)
People > Email
Edit selected employees' email addresses
People > Employment
View selected employees' Employment sections
View selected employees' Employment section histories
People > History
View selected employees' profile changes history
People > Identification
View selected employees' Identification sections
Edit selected employees' Identification sections (only applicable if you want full unobscured SSN numbers.)
People > Lifecycle
View selected employees' Lifecycle sections (This is needed to surface Employment Status)
Edit selected employees' Lifecycle sections
View selected employees' Lifecycle section histories
People > Personal
View selected employees' Personal sections
Edit selected employees' Personal sections (Note: This is needed to surface Date of Birth. We will NOT edit any employee sections)
People > Personal contact details
View selected employees' Personal contact details sections
Edit selected employees' Personal contact details sections
People > Work
View selected employees' Work section histories
If the use case of the customer you are integrating with does not require Payroll, Address, EEO, Home, or Time Off, you do not need to include those, you can ignore the below permissions
People > Address
View selected employees' Address sections
View selected employees' Address section histories
People > EEO
View selected employees' EEO sections
People > Home
View selected employees' Home sections
People > Payroll
View selected employees' Payroll sections
View selected employees' Payroll section histories
Timeoff > Balance
See selected people's time off and sick leave balances
Timeoff > Requests
Create, edit, and cancel people's requests that haven't been approved yet
Edit and cancel people's future requests that have been approved
Edit and cancel people's past requests that have been approved
View, approve or decline requests that are pending approval of others
Timeoff > See who's out today
See who's out today
Once done adding the above permissions, finish creating the Permission Group by selecting Save
Step 3: Link your Hibob account
Copy and paste the Service Account User ID and Token created in part 1 into the linking flow
