Overview
RansomLeak reads your HiBob directory and turns it into automated security-training lifecycle. The connection is a read-only pull. RansomLeak never writes back to HiBob, and it reads directory fields only, never compensation, national IDs, or date of birth.
These are the moments it acts on, as they happen in HiBob:
- New hires get onboarding training
- Role and department changes reassign curricula
- Departures deactivate access
- Rehires are reactivated
You connect once, as a HiBob admin. There is no per-employee setup and no roster to keep current. Once the connection is live, the changes you already make in HiBob keep RansomLeak in step.
Requirements
- A RansomLeak tenant with admin access
- The "Manage Integrations" permission
- HiBob admin rights to authorize the app
You start the connection from RansomLeak, at Admin → Integrations → HRIS. Each workspace has one HRIS connection. For help during setup, email support@ransomleak.com.
Not on HiBob? The same HRIS tab has Connect another HRIS, one Merge connection that covers Workday, ADP, Rippling, BambooHR, and 80+ other systems.
Connect HiBob
The connection uses HiBob's native OAuth. Authorizing it grants RansomLeak read access to your employee directory and nothing more.
-
In RansomLeak, go to Admin → Integrations → HRIS and select Connect HiBob.
-
You are redirected to HiBob. Sign in as a HiBob admin and approve the requested read permission for employee directory fields.
-
HiBob returns you to RansomLeak with the connection established. An initial sync runs on its own and provisions your current workforce.
Lifecycle updates arrive automatically. RansomLeak's HiBob app subscribes to employee events, so a new hire or a departure is reflected within about a minute. An hourly sync is the safety net if an event is ever missed.
Configuration
Once connected, choose what training the lifecycle assigns. Both settings live on the HRIS tab.
-
Onboarding learning path. The day-one curriculum every new hire is enrolled in. Leave it unset to turn onboarding auto-enrollment off.
-
Role and department map. Rules such as department is Engineering → Secure Coding path. The first matching rule wins, and an optional default covers anyone the rules do not match.
How it works
On every sync, RansomLeak reconciles your directory and acts on what changed. People are matched by work email, so HiBob and RansomLeak always point at the same person.
| In HiBob | In RansomLeak |
|---|---|
| A new employee joins | An account is created, licensed, placed on their department team, and enrolled in the onboarding curriculum. |
| Job title or department changes | The user is enrolled in the curriculum mapped to their new role or department. |
| An employee is terminated or deactivated | Their account is disabled. Their training history is preserved. |
| A former employee is rehired | Their account is reactivated and re-licensed. |
| Manager relationships | Mirrored to RansomLeak so manager dashboards and alerts work. |
The initial sync is a baseline, not a flood. The first full sync provisions your existing workforce and records them as already onboarded. Only genuinely new hires after that baseline receive onboarding training.
Using HRIS alongside SCIM
If you also provision from your identity provider over SCIM, the two sources are reconciled by work email so they do not work against each other.
- HRIS owns directory and org fields
- SCIM owns identity and access
HiBob is authoritative for names, job title, department, and manager. Your identity provider stays authoritative for login identity and role membership, and HRIS never overwrites those. For the cleanest setup, pick one source for directory fields.
Permissions and data handling
The app asks HiBob for one scope, read access to employee data, and uses it to read the directory fields that drive training. Each field maps to one job.
| What RansomLeak reads | Why |
|---|---|
| Name and work email | Create the account and match the person. |
| Job title and department | Assign role-based curricula and the department team. |
| Manager | Build the reporting line for manager dashboards. |
| Employment status and dates | Detect joins, departures, and rehires. |
- Directory fields only, never pay or national IDs
- Stored credentials encrypted at rest
- Mirror cleared on disconnect
The connection is read-only and one-directional. RansomLeak never writes to HiBob. For how RansomLeak handles data, see the privacy policy and the security and compliance page.
Troubleshooting
| Symptom | Fix |
|---|---|
| A new hire is not in RansomLeak | Confirm they have a work email in HiBob and are active. The hourly sync reconciles too, so without webhooks a brand-new hire can take up to an hour. |
| A departure is not reflected | Check the employee's status in HiBob. A status change is caught on the next sync; a hard delete is caught on the next full reconcile. |
| No onboarding enrollment | Set an onboarding learning path on the HRIS tab. With it unset, new hires are provisioned but not enrolled. |
Disconnecting at Admin → Integrations → HRIS stops all syncing, removes the stored credential, and clears the mirrored directory. Existing RansomLeak users and their training history are kept. Only the automation stops.
Need a hand?
Email support@ransomleak.com and we will help you connect HiBob to your tenant.