# HRIS & IdP ### πŸ‘€ Import & Sync Users **Goal**\ Keep your User Directory in Cakewalk automatically in sync with your source of truth. **How it works** * Imports user data (name, email, manager). * Syncs automatically every 2 hours. * Lifecycle events (joiners, movers, leavers) trigger workflows in real time. * **Manager Sync**: Automatically syncs manager relationships to streamline approval workflows and reporting. * Set specific default assignees for onboarding and offboarding tasks based on your company's requirements. **Supported systems** * Cakewalk integrates with 100+ HRIS and IdP. Popular examples include: * **HRIS**: Personio, HiBob, BambooHR, Rippling, Gusto, CharlieHR, Workday (and many more). * **IdPs**: Okta, Entra ID, Google Workspace. **How to set it up** * Go to Settings β†’ Data Sources β†’ *Users*. * Select your HRIS or IdP. * Authenticate with an **admin account** (must have rights to read user profiles, reporting lines and groups). No sensitive information such as payroll, health data or details about sexual and religious orientation is needed. * Approve requested scopes/permissions β†’ Save β†’ sync starts immediately. **Why it matters** * Eliminates manual user creation. * Ensures accuracy for access decisions. * Powers reliable JML automation. πŸ“˜ Learn more: [User Management](/how-to-guides/users-and-groups/user-management.md) and [Joiner Mover Leaver (JML)](/how-to-guides/users-and-groups/joiner-mover-leaver-jml.md) *** ### πŸš€ No-Touch Onboarding **Goal**\ Onboard synced users automatically without a manual review step. **How it works** * By default, every user synced from your HRIS/IdP triggers a *Review onboarding* task that must be confirmed before onboarding starts. * With No-Touch Onboarding enabled, users who belong to the designated IdP group skip the review task entirely. All default apps from their assigned groups are provisioned immediately. **Requirements** * Manager Sync must be enabled on your Users integration. * The designated group must be a synced IdP group (not a Cakewalk-managed group). * One group can be designated per Users integration. **How to set it up** 1. Go to Settings β†’ Data Sources β†’ *Users*. 2. Open *Manage integration settings* for your Users integration. 3. Enable **Sync managers** (required). 4. Toggle on **No-Touch Onboarding**. 5. Select the IdP group you want to auto-onboard (e.g., "Engineering"). 6. Click **Confirm**. New users synced into that group will now be onboarded automatically. All default apps assigned to the user's groups at the time of onboarding are provisioned without any manual confirmation. **Why it matters** * Removes the onboarding bottleneck for high-growth teams doing many hires per month. * Reduces time-to-productivity: new employees get access from their first day without waiting for manual approval. * Works alongside auto-provisioning (Agent Cake or IdP-based) for fully hands-off onboarding. πŸ“˜ Learn more: [Joiner Mover Leaver (JML)](/how-to-guides/users-and-groups/joiner-mover-leaver-jml.md) and [Introduction to Auto Provisioning](/how-to-guides/auto-provisioning/introduction/introduction-to-auto-provisioning.md) *** ### πŸ‘₯ Import & Sync User Groups **Goal**\ Leverage your IdP groups to drive Role-Based Access Control (RBAC) in Cakewalk. **How it works** * Sync groups directly from IdPs like Okta, Entra or Google Workspace. * **Assigned Groups**: static memberships synced into Cakewalk. * **Dynamic Groups**: rule-based memberships remain read-only in Cakewalk. * Groups can assign default apps, hidden apps or policies. * Membership changes in IdP flow into Cakewalk automatically. * Optional **bidirectional sync** for assigned groups. **Supported systems** * IdPs: Okta, Entra ID, Google Workspace. **How to set it up** * Go to Settings β†’ Data Sources β†’ *User groups*. * Select your IdP. * Authenticate with an **admin account** (requires rights to read groups and memberships; bidirectional sync requires write permissions for group memberships in the IdP). * Approve requested scopes β†’ Save β†’ sync starts. **Why it matters** * Mirrors your real org structure. * Automates access assignment & reviews. * Keeps RBAC aligned with organizational changes. πŸ“˜ Learn more: [Groups & Role-Based Access Control (RBAC)](/how-to-guides/users-and-groups/groups-and-role-based-access-control-rbac.md) *** ### πŸ“¦ Import Apps **Goal**\ Automatically pull the apps your users connect to via IdP into Cakewalk’s app governance. **How it works** * **Google Workspace**: Cakewalk reads OAuth tokens employees have granted to third-party apps. * **Microsoft Entra ID**: Cakewalk pulls enterprise app assignments and sign-in logs. * Imported apps appear in *App Governance β†’ Discovered Apps*. * Admins can change app status (Managed, Tracked, Restricted, Ignored). **Supported systems** * Google Workspace * Microsoft Entra ID **How to set it up** * Import your apps into Cakewalk right after the initial user import is completed. * Select Google Workspace or Entra ID. * Authenticate with an **admin account** (requires rights to read enterprise apps, OAuth grants and sign-in logs). **Why it matters** * Surfaces Shadow IT apps discovered through SSO/OAuth. * Expands your catalog instantly without manual entry. * Ensures visibility for audits and security reviews. πŸ“˜ Learn more: [App Discovery](/how-to-guides/apps/app-discovery.md) and [App Governance](/how-to-guides/apps/app-governance.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.getcakewalk.io/connections-and-integrations/hris-and-idp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.