C1 provides identity governance for Paycom. Integrate your Paycom instance with C1 for unified visibility and governance over user access.
C1 provides identity governance for Paycom. Integrate your Paycom
instance with C1 for unified visibility and governance over employee access.The Paycom connector is read-only: it syncs employees as identities and the
organizational structures they belong to. Paycom’s API exposes no write
endpoints for employee accounts or assignments, so the connector does not
provision access.
Employees are synced from the Paycom Employee Directory and enriched with each
employee’s master record (work email, manager, position, location, lifecycle
dates, and normalized account status). Positions, Locations, Establishments, and
Departments are synced as groups, and each employee is granted membership in the
position, location, establishment, and department they are assigned to.
Paycom’s API is gated. You must register your connector’s egress IP addresses
with Paycom before credentials are issued, and the endpoints this connector
uses must be enabled. Contact your Paycom Specialist or
automation@paycomonline.com to begin. Sandbox credentials are available from
the automation team.
1
Provide the connector’s WAN egress IP address(es) to your Paycom
representative for IP allow-listing. Requests from non-listed IPs are
rejected with 401 Unauthorized.
2
In Paycom, go to User Options > User Access and Security > API Setup,
edit the API user, and under Function Enablement enable the read
endpoints the connector uses: Employee Directory, Employee, Positions,
Company Locations, and Company Establishments. (Sensitive endpoints are not
required and remain disabled.)
3
From the API Setup page, copy the SID (Client ID / username) and
generate or copy the Token (Client Secret / password). Note which
regional data center (OKC, PHX, or DFW) hosts your tenant.
