Directory Sync Integration Overview

How our Directory Sync integration works.

Written By Toby Egbuna

Last updated 12 months ago

While working on our HRIS integration, we work with our customers to import their HRIS data directly into our system.

WorkOS Overview

We utilize a third-party solution called WorkOS to offer a directory sync integration via SCIM.

Find documentation for commonly used directories below:

How the HRIS data is used

To ensure that ERG leads and Admins can schedule company-wide events and track company-wide engagement, we use the HRIS data to create placeholder user accounts for employees. As employees log-in, these placeholder accounts are deleted and replaced with the user's actual account.

Here is an architecture diagram of how the HRIS data is used:

An image of how the HRIS data is used.

What HRIS data do you use?

We do not intake any personal identifiable information (PII). Here are the fields that we will capture with our HRIS integration/from the exports from your HRIS system:

  • First Name

  • Job Title

  • Last Name

  • Email

  • Start date

  • EmployeeID (optional)

  • Selected HRIS attributes (ex: Level, Department, Unit, Location, Office)

These are attributes that the Admins will be able to make visible for reporting and sending targets communications/events.

HRIS Data Transfer Using Signed URLs

To facilitate secure and cost-effective HRIS data transfers, we use AWS S3 pre-signed URLs. This method provides the same level of security as traditional SFTP while significantly reducing operational costs.

Security of Signed URLs

Signed URLs offer robust security comparable to, if not exceeding, traditional SFTP transfers.

  • Time-Limited Access: Each signed URL is valid only for a specific period, ensuring access expires after the defined timeframe.

  • No Persistent Credentials: Unlike SFTP, which requires storing and managing access credentials, signed URLs eliminate the need for persistent authentication, reducing potential security vulnerabilities.

  • Controlled Access: URLs are generated with specific permissions and can be restricted by IP address or other conditions to enhance security.

  • Encryption: All data uploaded via signed URLs is encrypted in transit and at rest using AWS's built-in security features.

Ease of Use for IT Teams

From an IT operations perspective, the workflow remains the same as with SFTP.

Process Overview

  1. Receive Signed URL: We generate a secure, pre-signed URL and provide it to your team.

  2. Upload the HRIS File: Your team uploads the HRIS file using the provided URL. This can be done manually or automated within your existing processes.

  3. Repeat on a Regular Cadence: The only requirement is to send the file at the agreed-upon frequency, just like with SFTP.

Why We Use Signed URLs Instead of SFTP

Using signed URLs significantly reduces costs while maintaining the same security and ease of use.

  • Lower Cost: No need to maintain expensive SFTP infrastructure.

  • Simplified Access Control: No need to manage SSH keys or long-term credentials.

  • Improved Security: Short-lived credentials minimize the risk of unauthorized access.

For any questions regarding signed URLs or implementation, please contact our support team - support@chezie.co.