Read this before you enable SAML
Enabling SAML will affect all users who use this application, which means that users will not be able to sign-in through their regular log-in page. They will only be able to access the app through the Okta service.
Backup URL
BambooHR does not provide a backup log-in URL where users can sign in using their username and password. A BambooHR admin can disable SAML by uninstalling the Okta SAML application in BambooHR to allow username and password sign in.
The Okta/BambooHR SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Navigate to BambooHR at https://<your_subdomain>.bamboohr.com where <your_subdomain> is your organization's subdomain, and sign in with your existing credentials. This URL is the default relay state for your organization.
Scroll down to Okta, then click Install:
Enter the following:
SSO Login Url: Copy and paste the following:
Sign into the Okta Admin dashboard to generate this value.
x.509 Certificate: Copy and paste the following (be sure to include the Begin Certificate and End Certificate lines:
Sign in to the Okta Admin app to generate this value.Click Install:
In Okta, select the Sign On tab for the BambooHR SAML app, then click Edit:
Saml Name ID: Select the Name ID that will be used in the SAML SSO mode (either Email or User Name).
Click Save:
Done!
Make sure that you entered the correct value in the Subdomain field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to BambooHR.
This integration can be used with European accounts in the same manner as US accounts, no additional action is required.
Go to your BambooHR URL (for example, https://<your_subdomain>.bamboohr.com).
You will be prompted to sign in to Okta (if there is no active Okta session). You will then be automatically logged in to your BambooHR account.