Gusto Onboarding
Before gaining access to Gusto’s production API, all developers are subject to Gusto’s standard security and compliance review. As an official Gusto development partner, Finch will work closely with you to support you through your onboarding journey. The onboarding process consists of the following steps:
Step 1: Inform Finch and vet security requirements
Step 2: Create an account in Gusto’s Developer Portal
Step 3: Complete the Gusto Onboarding Questionnaire
Step 4: Assist Gusto Security Review
Step 5: Enable your Gusto Integration
Step 6: Connect your Employers!
The remainder of this page outlines these steps in greater detail.
Step 1: Inform Finch and Vet Security Requirements
[1-2 Days]
For all integrations with Gusto through Finch, Finch will be coordinating the required security review process between your team and Gusto. To initiate this process, contact your Developer Success Engineer. If you do not have an assigned Developer Success Engineer, please send an email to developers@tryfinch.com.
The security requirements vary based on the data fields you request so please include those in your communication. Here is a template you can use to reach out to us:
We will share the Gusto Security requirements with you and confirm that you have the requisite controls in place in order to be able to pass Gusto’s Security Review. During this stage of the process we can answer questions about any specific security requirements. If you do not have all of the requirements we will pause the process. Once you have confirmed you meet all the requirements you can continue with the following steps.
Step 2: Create an account in Gusto’s Developer Portal
[5 minutes]
Gusto requires that all developers be set up in their Developer Portal. Finch offers a managed service by default where we will create and manage your DevPortal “organization” - all you need to do is sign up for a DevPortal account and we’ll take it from there.
If you are prompted to create an organization, select “I am joining an existing developer organization”.
Note: Gusto will create your organization and add both your and our user accounts as a part of the onboarding process
Please reach out to your Developer Success Representative or developers@tryfinch.com if you have any questions.
Step 3: Complete Gusto’s Onboarding Questionnaire
[30 minutes to 1 hour]
Once Finch has confirmed that you have the required security measures in place (Step 1) we will send you a link to the Gusto Onboarding Questionnaire. The questionnaire will ask you about your company, Gusto integration requirements, and your security and control environment (such as whether you have physical security controls, if data is encrypted, etc.). Please ensure to include all supporting documents as they will be necessary for Gusto to complete the review.
The requirements for each developer will depend upon the sensitivity of the data access requested. If you have a SOC 2 Type 2 Report, ISO 27001 Certificate, or PCI Certificate, you will be shown a simplified questionnaire and your review process will be expedited. If you do not have one of these reports, and you require data access to sensitive PII (e.g., benefits data), please contact your Developer Success representative to discuss further.
We understand that answering the questionnaire can be time-consuming but it is a necessary step in ensuring that your application meets Gusto’s data security requirements. In rare cases, Gusto may not approve an application for production access for a reason other than security concerns, such as for a use case Gusto prohibits on their platform (e.g. mature content, etc.). If you have questions on how to respond to a specific question, please don’t hesitate to reach out to our Developer Success team.
Step 4: Assist Gusto Security Review
[1 to 2 weeks]
After you submit the questionnaire, Gusto will conduct a security review via a third party called VISO Trust. The VISO Trust process typically takes one week. In most cases, nothing further will be needed from you; however, we, Gusto or VISO Trust may reach out for additional information or clarification. Please respond to these requests timely, as any delays could impact when production access will be made available to you.
Once you have been approved, the Gusto team will enable production access and issue production credentials within their Developer Portal. Gusto will then apply the appropriate data scopes that were requested as part of the security questionnaire to your configuration, thereby adhering to the security principle of least privilege. Finch will be notified by Gusto as soon as your account credentials are ready for use.
If you are not approved for production access for security reasons, Gusto will work with us and you to resolve those issues within a reasonable timeframe.
Step 5: Enable your Gusto Integration
[1 Day]
Once you pass Gusto’s security review, Gusto and Finch will work together behind the scenes to finish configuring on your behalf.
Once configured, Finch will notify you that your Gusto integration can be enabled in the developer dashboard using the following directions.
Navigate to the Integrations tab of your developer dashboard. Search for Gusto and click Edit.
Toggle Integration Status to Enabled and click Done.
Your Gusto integration is now configured and enabled! Your customers will now see Gusto in Finch Connect.
Step 6: Connect your Employers!
Your employers can then go through Finch Connect and connect to their Gusto account to authorize your application for data access!
Additional resources
If you have any questions, please do not hesitate to reach out to your Finch Developer Success representative. We look forward to working with you to provide a seamless integration with Gusto. We understand that this process can be complex and we are here to help you every step of the way.
Was this page helpful?