HRIS & IdP

👤 Import & Sync Users

Goal Keep your User Directory in Cakewalk automatically in sync with your source of truth.

How it works

• Imports user data (name, email).

• Syncs automatically every 2 hours.

• Lifecycle events (joiners, movers, leavers) trigger workflows in real time.

• Set specific default assignees for onboarding and offboarding tasks based on your company's requirements.

Supported systems

• Cakewalk integrates with 100+ HRIS and IdP. Popular examples include:

  • HRIS: Personio, HiBob, BambooHR, Rippling, Gusto, CharlieHR, Workday (and many more).

  • IdPs: Okta, Entra ID, Google Workspace.

How to set it up

• Go to Settings → Data Sources → Users.

• Select your HRIS or IdP.

• Authenticate with an admin account (must have rights to read user profiles, reporting lines and groups). No sensitive information such as payroll, health data or details about sexual and religious orientation is needed.

• Approve requested scopes/permissions → Save → sync starts immediately.

Why it matters

• Eliminates manual user creation.

• Ensures accuracy for access decisions.

• Powers reliable JML automation.

📘 Learn more: User Management and Joiner Mover Leaver (JML)

👥 Import & Sync User Groups

Goal Leverage your IdP groups to drive Role-Based Access Control (RBAC) in Cakewalk.

How it works

• Sync groups directly from IdPs like Okta, Entra or Google Workspace.

• Assigned Groups: static memberships synced into Cakewalk.

• Dynamic Groups: rule-based memberships remain read-only in Cakewalk.

• Groups can assign default apps, hidden apps or policies.

• Membership changes in IdP flow into Cakewalk automatically.

• Optional bidirectional sync for assigned groups.

Supported systems

• IdPs: Okta, Entra ID, Google Workspace.

How to set it up

• Go to Settings → Data Sources → User groups.

• Select your IdP.

• Authenticate with an admin account (requires rights to read groups and memberships; bidirectional sync requires write permissions for group memberships in the IdP).

• Approve requested scopes → Save → sync starts.

Why it matters

• Mirrors your real org structure.

• Automates access assignment & reviews.

• Keeps RBAC aligned with organizational changes.

📘 Learn more: Groups & Role-Based Access Control (RBAC)

📦 Import Apps

Goal Automatically pull the apps your users connect to via IdP into Cakewalk’s app governance.

How it works

• Google Workspace: Cakewalk reads OAuth tokens employees have granted to third-party apps.

• Microsoft Entra ID: Cakewalk pulls enterprise app assignments and sign-in logs.

• Imported apps appear in App Governance → Discovered Apps.

• Admins can change app status (Managed, Tracked, Restricted, Ignored).

Supported systems

• Google Workspace

• Microsoft Entra ID

How to set it up

• Import your apps into Cakewalk right after the initial user import is completed.

• Select Google Workspace or Entra ID.

• Authenticate with an admin account (requires rights to read enterprise apps, OAuth grants and sign-in logs).

Why it matters

• Surfaces Shadow IT apps discovered through SSO/OAuth.

• Expands your catalog instantly without manual entry.

• Ensures visibility for audits and security reviews.

📘 Learn more: App Discovery and App Governance