Skip to main content

Zenefits HR systems

The Zenefits integration provides integration with HR data from Zenefits, such as group memberships, employment status, out of the office, etc.

caution

The external data sources we provide are meant to be examples and inspiration for users to create their own data sources. We won't maintain these integrations in perpetuity, and changes to the APIs they interact with may break them in the future.

The datasource project is open-source, and if the community wishes to provide contributions to keep it working in the future, we will shepherd those updates.

Install

  1. Create a Zenefits API key by navigating to Admin AppsCompany ProfileCustom Integrations, and adding a new API Token in the REST API ACCESS box.

    Make sure to only select scopes that you need. At a minimum, People, Status and Work email scopes are required.

In order to correctly parse dates returned by Zenefits API you will need to provide a time zone - either an UTC or IANA Time Zone database name, i.e. America/New_York.

These instructions assume a local testing environment using Docker Compose. Adjust as needed for your deployment environment.

  1. Add the datasource docker image to Docker Compose:
version: "3"services:  zenefits:    image: docker.cloudsmith.io/pomerium/datasource/datasource:main    command:      - zenefits      - --zenefits-api-key=YOUR_API_KEY      - --time-zone=America/New_York      - --address=:8080    container_name: zenefits    restart: always    expose:      - 8080

Configure Pomerium Enterprise Console

  1. In the Pomerium Enterprise Console, navigate to CONFIGUREExternal Data and click + ADD EXTERNAL DATA SOURCE.

  2. Fill out the following fields:

    FieldContentNotes
    URLhttp://zenefits:8080/employeesAdjust the hostname as needed depending on your local test environment.
    Record typepomerium.io/Zenefits
    Foreign Keyuser.emailPomerium uses the users's email to associate IdP and Zenefits user entries.
  3. Define a new policy. The example policy below only allows persons in the list (i.e. not out of office or on vacation) and in active status (i.e. not terminated or onboarding) to pass.

    Example Zenefits Policy in the Builder view

You may add a similar policy around type field to i.e. differentiate between employees and contractors.

Reference

The reference Zenefits data source provides the following record details:

  • The Zenefits workEmail field becomes an id of each record, intended to be matched with Pomerium's user.email foreign key.
  • We've only talked about status and type but there are many other fields you can build policies around. See Zenefits People API for details.
  • All persons currently on leave or vacation will not be present in the dataset output.