>
    Strata Copilot
    Onboard a BambooHR App to SSPM
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Onboard SaaS Apps Supported by SSPM
    4. Onboard a BambooHR App to SSPM
    Download PDF
    SaaS Security

    Onboard a BambooHR App to SSPM

    Table of Contents

    Onboard a BambooHR App to SSPM

    Connect a BambooHR instance to SSPM to detect posture risks.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • SaaS Security Posture Management license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA
    For SSPM to detect posture risks in your BambooHR instance, you must onboard your BambooHR instance to SSPM. Through the onboarding process, SSPM logs in to BambooHR using administrator account credentials. SSPM uses this account to scan your BambooHR instance for misconfigured settings. If there are misconfigured settings, SSPM suggests a remediation action based on best practices.
    SSPM gets access to your BambooHR instance by using Okta SSO credentials that you provide during the onboarding process. For this reason, your organization must be using Okta as an identity provider. The Okta account must be configured for multi-factor authentication (MFA) using one-time passcodes.
    To onboard your BambooHR instance, you complete the following actions:

    Collect Information for Accessing Your BambooHR Instance

    To access your BambooHR instance, SSPM requires the following information, which you will specify during the onboarding process.
    ItemDescription
    User EmailAn email address of an Okta user account.
    Required Permissions: The user must be a BambooHR administrator.
    PasswordThe password for the Okta user account.
    Okta DomainThe Okta subdomain for your organization. The subdomain was included in the login URL that Okta assigned to your organization.
    MFA Secret KeyA key that is used to generate one-time passcodes for multi-factor authentication.
    Company DomainThe custom domain for accessing the BambooHR instance. You specify this domain when you log in to BambooHR, and it is included as part of the URL after you log in.
    As you complete the following steps, make note of the values of the items described in the preceding table. You will need to enter these values during onboarding to access your BambooHR instance from SSPM.
    1. Identify the Okta user account that SSPM will use to access your BambooHR instance. The user account must have administrator privileges in BambooHR. SSPM needs this administrator access to monitor your BambooHR instance.
      Remember which account you will use to access your BambooHR instance through Okta SSO authentication from SSPM. You will provide the login credentials to SSPM during the onboarding process.
    2. To access the administrator account using Okta credentials:
      1. Identify your Okta subdomain.
      2. Generate and copy an MFA secret key.
    3. Make note of your BambooHR company domain.
      You specify this domain when you log in to BambooHR. After you log in to BambooHR, the company domain is a unique subdomain included in the BambooHR URL. The URL format is <subdomain>.bamboohr.com.

    Connect SSPM to Your BambooHR Instance

    By adding a BambooHR app in SSPM, you enable SSPM to connect to your BambooHR instance.
    1. Log in to Strata Cloud Manager.
    2. Select ConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the BambooHR tile.
    3. Under posture security instances, Add Instance or, if there is already an instance configured, Add New instance.
    4. Enter the user credentials, Okta domain, MFA secret key, and company domain for accessing your BambooHR instance and Connect.

    © 2026 Palo Alto Networks, Inc. All rights reserved.