Skip to main content

What can we help you with?

As an Admin, you can take a peek into the new Personio experience!

Head to the homepage and switch on the toggle to explore the new Intelligent HR platform, complete with a fresh design and new features. Go ahead and test freely — your changes won't be visible to your employees during this early access phase.

Identity and Access Management

 

This article focuses on workflows. You can start to create and monitor all your workflows from the Automations area.

 

This article explains how you can help automate your identity and access management by integrating it with Personio.

 

Why integrate an identity or access management tool with Personio?

If your company uses identity or access management tools such as Microsoft Entra ID, Okta or Google Single Sign-On (for identity management only), you can integrate them with Personio. These tools can then use the information Personio has about employees to manage their access to the software they use, particularly when onboarding, offboarding, or changing roles.

This can ensure that employees can access the tools they need, and can help prevent security issues caused by outdated employee information.

 

How does it work?

Identity Management

Personio supports authentication via Google Single Sign-On and via the OAuth 2.0 protocol. For more information, read our article Choose the right authentication method for your company.

 

Access Management

1. User provisioning

When you create a new employee in Personio, a new user is automatically created in the active directory of your access management tool, with relevant information that allows you to set rules to automate access management.

 

2. User update

Each time you update a mapped Personio attribute (such as changing role or department), this information will automatically be updated in the integrated tool.

Your access management tool can then grant or block access to tools based on this.

 

3. User deprovisioning

Once an employee’s Status attribute in Personio is set to Inactive, the integration deactivates the user in the active directory and revokes their access permission. You can manually change the Status attribute in Personio, or it will automatically change to Inactive when an employee passes their termination date. 

The employee can no longer log in to their accounts, but their information remains in Personio and your integrated software, ensuring it is retained for your records.

 

Which integrations are available?

You can integrate Personio with Google Single Sign-On, Okta and Microsoft Entra ID. For more information about the possibilities and limitations of these integrations, have a look at the respective Help Center articles.

Help us improve. Is this page helpful?