Why Connect an HR Integration
Compliance frameworks require organizations to maintain an accurate personnel directory with evidence of:- Employee onboarding and offboarding procedures (ISO 27001 A.7, SOC 2 CC6.1)
- Background verification (SOC 2 CC1.4, HIPAA)
- Security awareness training completion (ISO 27001 A.7.2.2, PCI-DSS 12.6)
- Access reviews tied to active employees (ISO 27001 A.9, SOC 2 CC6.2)
Supported Providers
- Popular
- HRIS / Payroll
- Background Checks
| Provider | Category | Description |
|---|---|---|
| Google Workspace | Identity / HR | Users, groups, MFA status, and directory data |
| BambooHR | HRIS | Full employee lifecycle management |
| Workday | HRIS | Enterprise HR and finance |
| Gusto | Payroll | Payroll, benefits, and HR for SMBs |
| Rippling | HRIS | Unified HR, IT, and Finance |
| Okta | Identity | User directory with employment attributes |
What Data Is Synced
When you connect an HR integration, LowerPlane syncs the following employee fields into the People directory:| Field | Description | Used For |
|---|---|---|
| Full name | Employee first and last name | Personnel records, access reviews |
| Email address | Work email | Matching to identity provider accounts |
| Department | Organizational department | Scoping controls and training by team |
| Job title | Current role | Risk-based access review prioritization |
| Employment status | Active, terminated, on leave | Offboarding compliance, access revocation |
| Start date | Date employment began | Onboarding procedure verification |
| End date | Date employment ended (if applicable) | Offboarding and access revocation tracking |
| Manager | Reporting manager (when available) | Approval workflows |
LowerPlane only reads employee data from your HR system. It never writes, modifies, or deletes records in the source system.
How the Sync Works
Connect your HR provider
Navigate to Integrations, find your HR tool, and authenticate using OAuth or API key.
Initial sync runs
LowerPlane fetches your full employee directory. Depending on the size of your organization, this takes between a few seconds and a few minutes.
People directory populates
Synced employees appear in Personnel > People. Each record is linked to the source integration.
Employee Matching
LowerPlane matches HR records to identity provider accounts using email address as the primary key. When a match is found:- The employee record is enriched with identity data (MFA status, last login, SSO enrollment).
- Access reviews automatically associate the correct identity accounts with each person.
- Offboarding checklists verify that terminated employees have had access revoked across all connected systems.
Compliance Impact
Connecting an HR integration directly contributes to control coverage across frameworks:| Framework | Controls Addressed |
|---|---|
| ISO 27001 | A.7.1 (Prior to employment), A.7.2 (During employment), A.7.3 (Termination) |
| SOC 2 | CC1.4 (Competence), CC6.1 (Access provisioning), CC6.2 (Access removal) |
| HIPAA | Workforce security, Information access management |
| GDPR | Data processor staff management, access controls |
| PCI-DSS | 12.7 (Employee screening), 12.6 (Security awareness) |
Troubleshooting
Employee data is missing or incomplete
Employee data is missing or incomplete
Verify that the API key or OAuth scope grants access to the full employee directory. Some HR platforms require admin-level access to read all fields. Check that the integration user has the necessary permissions.
Terminated employees still show as active
Terminated employees still show as active
Check the sync frequency. If set to weekly, there may be a delay between the termination in your HR system and the update in LowerPlane. Trigger a manual sync to update immediately.
Duplicate employee records
Duplicate employee records
Duplicates can occur if the same person exists in multiple connected systems with different email addresses. Use the People page to merge duplicate records manually.