BambooHR Integration Guide
The PhishingBox + BambooHR integration empowers your organization to:
Sync employees (targets) from BambooHR to PhishingBox.
Push phishing test results and training data from PhishingBox back to BambooHR.
Automatically keep employee metadata and training/risk posture up to date.
Purpose
This integration provides a seamless bridge between your HR directory and your phishing awareness platform.
Core Capabilities:
-
Directory Sync
Imports employees from BambooHR into PhishingBox as targets.
Syncs fields like name, address, phone number, job title, etc.
-
Push to BambooHR
PhishingBox simulated phishing test results are written to employee records in BambooHR.
Completed security awareness training is also pushed to BambooHR.
Risk score data and training history are preserved for compliance or HR reporting.
Create a BambooHR API Key
To create a BambooHR API key, follow the steps in the Authentication section of the BambooHR Getting started with the API article.
Copy the API key (you'll need it in the next step).
Tip: Create a dedicated “API user” for integration access to avoid tying the integration to a specific employee’s account.
Provide Subdomain and API Key to PhishingBox
Before configuring your field mappings, you’ll need to activate and connect the integration.
In the PhishingBox platform, go to Integrations.
Locate the BambooHR integration card.
-
Click the Setup button on the card.
Ensure the integration is set to Active.
-
Enter the following:
Subdomain: Your BambooHR subdomain (e.g., if your BambooHR login URL is
example.bamboohr.com, your subdomain isexample)API Key: Paste the API key you generated in Step 1.
Once entered, continue with field mapping and testing as shown in the next step.
Map Fields (Optional But Recommended)
PhishingBox can push specific test/training data to BambooHR. These mappings tell the integration where to place that data in BambooHR.
Under Optional Field Mapping, map each System Field from PhishingBox to the corresponding Integration Field in BambooHR.
Suggested Field Mappings:
| System Field | Description |
|---|---|
| Certificate File Category | A file category for course training certificates (HTML) |
| Last Phishing Test | Date of the last phishing test |
| Last Phishing Test Status | Result of the last phishing test (pass/fail) |
| Last Training Completed | Date of last completed training |
| Risk Score | Target (employee) risk score |
| Risk Score Last Updated | Date of last risk score update |
| Test Category | Training category for simulated phishing test and training campaign results |
| Training Category | Training category for PhishingBox courses completed |
| Training Completed Last 12 Months | Number of training courses completed in last 12 months |
| Training Completed Last 24 Months | Number of training courses completed in last 24 months |
| Training Completed All | Number of training courses completed all-time |
You can remove or add more fields as needed using the Remove or Add Field buttons.
Test the Integration
Click the Test button at the bottom of the configuration.
If successful, you’ll see the “Last tested” date update.
Click Save.
If the test fails, double-check:
The API key is correct.
The API user has the necessary permissions.
The subdomain is entered correctly.
Sync Behavior Summary
| Function | Direction | Description |
|---|---|---|
| Employee sync (directory) | ← | Pulls employee profiles from BambooHR into PhishingBox |
| Metadata sync (phone, etc.) | ← | Keeps target metadata in PhishingBox updated from BambooHR |
| Phishing test results | → | Pushes test names, results, and categories to BambooHR |
| Training completion history | → | Sends completed trainings (last 12mo/24mo/all) to BambooHR |
| Risk score + updates | → | Pushes current risk score and timestamp to BambooHR |
Need Help?
Contact PhishingBox support or consult your customer success representative if:
You're unsure how to structure custom fields in BambooHR.
You need help troubleshooting field mappings.
You require historical backfilling of training or phishing test data.
Comments
Please sign in to leave a comment.