Skip to main content

Who is this article for?

Incydr Professional, Enterprise, Horizon, and Gov F2
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, yes.

Incydr Basic, Advanced, and Gov F1, yes.

CrashPlan Cloud, no.

CrashPlan for Small Business, no.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Configure vendor systems for use with Incydr Flows

Overview

Incydr Flows streamline your operations by automating tasks between vendor systems and Incydr:

  • When you update your HR systems after an employee has put in a resignation notice, an Incydr Context Flow can automatically add that employee to the Departing watchlist in Incydr for additional monitoring.
  • When a user's activity triggers an alert in Incydr, a Response Flow generates a message in Slack for your security analysts. They can then use the message to quickly respond to the possible incident and contain data loss.

You must first configure vendor systems to allow information to flow between those tools and Incydr. This article describes the configuration you need to complete in the following systems in preparation for Incydr Flows:

  • Workday
  • BambooHR
  • Slack

Considerations

  • Incydr Flows are a paid service on some product plans.  
  • Incydr Flows are not available in the Code42 federal environment.
  • Incydr Flows require assistance and setup from Code42 Professional Services. Contact your Customer Success Manager (CSM) to engage the Code42 Professional Services team.

Set up HR systems for use with Incydr Flows

After you configure either Workday or BambooHR for use with an Incydr Context Flow, users in Incydr can automatically be added to the Departing watchlist based on information in those HR systems. In this instance, information flows between the HR system and Incydr as follows:

  1. You enter information about an employee's resignation (such as their email address and departure date) into either Workday or BambooHR.
  2. Incydr Flows accesses that information in either a Workday report or a table in BambooHR.
  3. From that information, Incydr Flows:
    • Determines if there is a departure date associated with the employee. If not, Incydr emails you to request one.
    • Determines whether that employee has a username in Incydr. If not, Incydr emails you to add the employee as a user.
  4. If the employee has a username in Incydr, Incydr Flows then completes these tasks (if needed):
    1. Adds them to the Departing watchlist in Incydr.
    2. Updates their departure date.

Before a Context Flow can access your HR systems to complete this automation, you need to complete some configuration steps in those tools.

Configure Workday 

  1.  In Workday, create a report that is filtered to the employees that are leaving your company. The report must:
    • Include the employee's email address and departure date.
    • Update dynamically to add and remove employees as you enter and update departure dates or as those departure dates are reached.
  2. Provide that report URL (in JSON format) to Code42 Professional Services.
  3. In Workday, create an API account for Code42.
    Incydr Flows uses this account to log in to your Workday environment, authenticate the Context Flow, and access the Workday report.
  4. In Incydr, create a new user for the Context Flow and assign it the Departing Employee Manager role.
    Incydr Flows uses this Code42 user and role to add users to the Departing watchlist in Incydr based on the information in the Workday report.

Configure BambooHR

  1. Contact BambooHR support to turn on webhooks in your BambooHR environment.
  2. Work with your BambooHR administrator and Code42 Professional Services to configure a webhook for the Context Flow.
  3. Identify the sub-domain you use to access your BambooHR environment (such as https://exampleorg.bamboohr.com).
    Generally, this subdomain is your organization's name.
  4. In BambooHR, generate an API key or token for Code42.
    Incydr Flows uses this API key to log in to your BambooHR environment, authenticate the Context Flow, and access information about departing employees. API keys can be generated at a URL similar to the following: https://exampleorg.bamboohr.com/settings/permissions/api.php
  5. Provide an email address to use for the workflow to Code42 Professional Services.
    Incydr Flows sends information about any errors that occur to this address.
  6. In Incydr, create a new user for the Context Flow and assign it the Departing Employee Manager role.
    Incydr Flows uses this Code42 user and role to add users to the Departing watchlist in Incydr based on the information in your BambooHR environment.

Set up Slack for use with Incydr Flows

The Slack Response Flow helps you optimize how your security teams respond to potential risk. When user activity triggers an Incydr alert rule, a Response Flow can post details about that alert to your security team's Slack channel. Alerts are color-coded according to severity and include controls to:

  • Close the alert
  • Start an investigation or create a case
  • Request more information about the activity from the user or send links to security training refreshers

The Response Flow requires that you first complete some initial configuration in Slack.

  1. Work with your Slack administrator to create a private channel in Slack for your security team where alerts from the Response Flow can be posted.
  2. Work with your Slack administrator to set up an API user account in Slack for Code42, and make this new user a member of the new channel.
    Incydr uses this account to posts messages to the security team channel in Slack when user activity triggers an alert.
  3. In Incydr, create a new user for the Response Flow and assign it the Insider Risk Analyst role.
    Incydr Flows uses this Code42 user and role to receive alert notifications and post these alerts to the new Slack channel.
  • Was this article helpful?