- Overview
- Configuration
Icehrm
Automate Icehrm HR-to-IT sync to simplify employee lifecycle management.
Overview
IceHrm is a human resource management system that supports modules such as employee information management, leave and attendance tracking, payroll, time tracking, document handling, and recruitment. It is used to centralize employee data and streamline HR operations. Integrating IceHrm with ADManager Plus enables the automatic synchronization of employee records with Active Directory, allowing HR-driven identity data to flow directly into IT systems. This integration improves efficiency in user provisioning, updates, and deprovisioning across the employee lifecycle.
Automate AD user creation from IceHrm
Eliminate manual user creation by syncing employee records from IceHrm to Active Directory, speeding up onboarding and reducing IT workload.
Keep user attributes consistent across systems
Automatically update AD user profiles when fields like department, job title, or email are modified in IceHrm, ensuring both HR and IT maintain accurate records.
Streamline offboarding through AD account actions
Trigger account disablement or deletion in AD based on exit data captured in IceHrm, reducing the risk of orphaned accounts and access violations.
Prerequisites:
Please make sure to provide the bearer token to retrieve the desired information and perform tasks in IceHrm. Refer to IceHrm's API references for more details.
Privileges:
- To import users (inbound action): Ensure the account used for authorization has permission to read all user accounts.
- To perform any action or query in IceHrm (outbound action): Ensure the account used for authorization has permission to perform the desired action.
Authorization configuration
- Log in to ADManager Plus and navigate to Directory/Application Settings.
- Navigate to Application Integrations, then search for and select IceHrm.
- On the IceHrm Configuration page, toggle the Enable IceHrm Integration button on.
- Click Authorization.
- Perform the steps to generate Bearer token in IceHrm and paste the Bearer token in the Value field.
- Click Configure.
Inbound webhook configuration
Inbound webhook enables you to fetch user data from IceHrm to ADManager Plus. To configure an inbound webhook for IceHrm:
- Under Inbound Webhook, click IceHrm Endpoint Configuration.
- On the Endpoint Configuration tab, an endpoint called IceHrm- Get Employees ENDPOINT comes preconfigured with the Endpoint URL, API Method, Headers, and Parameters fields filled out to fetch user accounts from IceHrm. If you would like to use this preconfigured endpoint, replace {companyName} with the company name from your IceHrm instance in the Endpoint URL field. However, if you would like to use a new endpoint to import users, you can configure one using the + Add API endpoint button and filling in the required fields as per IceHrm’s API references. Click here to learn how. Note:
- The Authorization Header is preconfigured as a header for authenticating API requests as configured during Authorization Configuration.
- Macros: You can add macros to your endpoint configuration to dynamically change it as per your requirement using the macro chooser component. Refer to IceHrm's API references and configure additional headers and parameters, if required.
- Once done, click Test & Save. A response window will display all the requested parameters that can be fetched using the API call. After verifying if the requested parameters have been called to action, click Proceed. Note:
- Refer to IceHrm’s API references to know the Parameters that must be configured to fetch only specific parameters.
- You can configure multiple endpoints for IceHrm using the + Add API endpoint button. Click here to learn how.
- Click Data Source - LDAP Attribute Mapping to match endpoints and to map AD LDAP attributes with the respective attributes in IceHrm.
- Click + Add New Configuration and perform the following:
- Enter the Configuration Name and Description, and select the Automation Category from the drop-down menu.
- In the Select Endpoint field, select the desired endpoint and a Primary Key that is unique to a user (e.g., id).
- In the Attribute Mapping field, select the attribute from the LDAP Attribute Name drop-down menu and map it with the respective column in IceHrm.
- If you would like to create a new custom format for this, click Mapping Attribute.
- Click Save.
Outbound webhook configuration
An outbound webhook enables you to update the changes made in AD using ADManager Plus to IceHrm or to fetch or forward the required details from IceHrm and synchronize them with AD. You can also apply it directly to the desired users to perform a sequence of actions on them (under Management > Advanced Management > Orchestration).
To configure an outbound webhook for IceHrm:
- Under Outbound Webhook, click IceHrm Webhook Configuration.
- Click + Add Webhook.
- Enter a name and description for this webhook.
- Decide on the action that has to be performed and refer to IceHrm’s API references for the API details, such as the URL, headers, parameters, and other requirements that will be needed.
- Select the HTTP method that will enable you to perform the desired action on the endpoint from the drop-down menu.
- Enter the endpoint URL.
- Configure the Headers, Parameters, and Message Type in the appropriate format based on the API call that you would like to perform.
- Click Test & Save.
- A pop-up window will then display a list of AD users and groups on which to test the configured API call. Select the desired user or group on which this API request has to be tested and click OK. This will make a real-time call to the endpoint URL, and the selected objects will be modified according to the configuration.
- The webhook response and request details will then be displayed. Verify them for the expected API behavior and click Save.