Overview
To authenticate Hibob using a Service Account, you will need to provide the following information:
Service Account User ID
Service Account Token
Prerequisites
Please ensure you fulfill all the requirements to set up the integration:
You have Administrator permissions in your company's Hibob instance
Video Guide
Instructions
Step 1: Create the Service User in your Hibob Account
Navigate to your Hibob System Settings
In your settings, go to integrations and click Manage Service Users
Create a new Service User and save the Service User ID and Token
Step 2: Create a Permission Group
Back in your settings, go to Account > Permission Groups and select Add Permission Group
Name the group, then, in the Group members section, choose Select people by condition and select Edit
In the Select people by condition pop-up, first delete the existing condition. Under Add Specific Employees, select the Service User you created in the previous step.
Please do not simply select all Employees in this step, as otherwise all of your employees will have access to the data being synced. Click Apply once done
Finish the initial creation of the Group by selecting Create. If a pop-up appears, Confirm the creation of the group.
Under the People's data tab of the created Permission Group, edit the data that can be accessed by choosing Select people by condition and selecting Edit.
In the Select people by condition pop-up, select all Lifecycle Statuses.
In most cases Hired, Employed, and Terminated must be selected at the minimum.
Back in the People's Data add the following permissions.
Please note the permissions below are the required permissions for the full HRIS API. You only need to configure the permissions based on your use case.
People > Basic Info
This is required
People > Email
Edit selected employees' email addresses
People > Employment
View selected employees' Employment sections
View selected employees' Employment section histories
People > History
View selected employees' profile changes history
People > Identification
View selected employees' Identification sections
Edit selected employees' Identification sections (only applicable if you want full unobscured SSN numbers.)
People > Lifecycle
View selected employees' Lifecycle sections (This is needed to surface Employment Status)
Edit selected employees' Lifecycle sections
View selected employees' Lifecycle section histories
People > Personal
View selected employees' Personal sections
Edit selected employees' Personal sections (Note: This is needed to surface Date of Birth. We will NOT edit any employee sections)
People > Personal contact details
View selected employees' Personal contact details sections
Edit selected employees' Personal contact details sections
People > Work
View selected employees' Work section histories
If the use case of the customer you are integrating with does not require Payroll, Address, EEO, Home, or Time Off, you do not need to include those, you can ignore the below permissions
People > Address
View selected employees' Address sections
View selected employees' Address section histories
People > EEO
View selected employees' EEO sections
People > Home
View selected employees' Home sections
People > Payroll
View selected employees' Payroll sections
View selected employees' Payroll section histories
Timeoff > Balance
See selected people's time off and sick leave balances
Timeoff > Requests
Create, edit, and cancel people's requests that haven't been approved yet
Edit and cancel people's future requests that have been approved
Edit and cancel people's past requests that have been approved
View, approve or decline requests that are pending approval of others
Timeoff > See who's out today
See who's out today
Once done adding the above permissions, finish creating the Permission Group by selecting Save.
Step 3: Link your Hibob account
Copy and paste the Service Account User ID and Token created in part 1 into the linking flow
