Before gaining access to Gusto’s production API, all developers are subject to Gusto’s standard security and compliance review. As an official Gusto development partner, Finch will work closely with you to support you through your onboarding journey. The onboarding process consists of the following steps:

Step 1: Create an account in Gusto’s Developer Portal

Step 2: Inform your Developer Success Representative

Step 3: Complete the Gusto Onboarding Questionnaire

Step 4: Assist Gusto Security Review

Step 5: Enable your Gusto Integration

Step 6: Connect your Employers!

The remainder of this page outlines these steps in greater detail.

Step 1: Create an account in Gusto’s Developer Portal

[5 minutes]

Gusto requires that all developers be set up in their Developer Portal. Finch offers a managed service by default where we will create and manage your DevPortal “organization” - all you need to do is sign up for a DevPortal account and we’ll take it from there.

If you are prompted to create an organization, select “I am joining an existing developer organization”. gusto-create-org-prompt.png

Note: Gusto will create your organization and add both your and our user accounts as a part of the onboarding process

Please reach out to your Developer Success Representative or if you have any questions.


Step 2: Inform your Developer Success Representative

[1 minute]

Please let your Finch Developer Success Representative know that you will be requesting access to Gusto. Make sure to let them know of any data fields required for your use case, such as SSN.

Hello [Developer Success Representative Name],
We are reaching out to notify you that we intend to request access to Gusto.

We will require access to [XYZ] data fields.

Your Developer Success representative will then work with you to confirm that you have the requisite controls in place in order to be able to pass Gusto’s Security Review. If any gaps in controls are identified, your Developer Success Representative will flag them to you for remediation.

Step 3: Complete Gusto’s Onboarding Questionnaire

[30 minutes to 1 hour]

Please fill out this Finch-specific onboarding questionnaire. The questionnaire will ask you about your company, Gusto integration requirements, and your security and control environment (such as whether you have physical security controls, if data is encrypted, etc.). Please ensure to include all supporting documents as they will be necessary for Gusto to complete the review.

The requirements for each developer will depend upon the sensitivity of the data access requested. If you have a SOC 2 Type 2 Report, ISO 27001 Certificate, or PCI Certificate, you will be shown a simplified questionnaire and your review process will be expedited. If you do not have one of these reports, and you require data access to sensitive PII (e.g., benefits data), please contact your Developer Success representative to discuss further.

We understand that answering the questionnaire can be time-consuming but it is a necessary step in ensuring that your application meets Gusto’s data security requirements. In rare cases, Gusto may not approve an application for production access for a reason other than security concerns, such as for a use case Gusto prohibits on their platform (e.g. mature content, etc.). If you have questions on how to respond to a specific question, please don’t hesitate to reach out to our Developer Success team.

Step 4: Assist Gusto Security Review

[1 to 2 weeks]

After you submit the questionnaire, Gusto will conduct a security review via a third party called VISO Trust. The VISO Trust process typically takes one week. In most cases, nothing further will be needed from you; however, we, Gusto or VISO Trust may reach out for additional information or clarification. Please respond to these requests timely, as any delays could impact when production access will be made available to you.

Once you have been approved, the Gusto team will enable production access and issue production credentials within their Developer Portal. Gusto will then apply the appropriate data scopes that were requested as part of the security questionnaire to your configuration, thereby adhering to the security principle of least privilege. Finch will be notified by Gusto as soon as your account credentials are ready for use.

If you are not approved for production access for security reasons, Gusto will work with us and you to resolve those issues within a reasonable timeframe.

Step 5: Enable your Gusto Integration

[1 Day]

Once you pass Gusto’s security review, Gusto and Finch will work together behind the scenes to finish configuring on your behalf.

Once configured, Finch will notify you that your Gusto integration can be enabled in the developer dashboard using the following directions.

Navigate to the Integrations tab of your developer dashboard. Search for Gusto and click Edit. developer-dashboard-gusto.png

Toggle Integration Status to Enabled and click Done. enable-gusto.png

Your Gusto integration is now configured and enabled! Your customers will now see Gusto in Finch Connect.

Step 6: Connect your Employers!

Your employers can then go through Finch Connect and connect to their Gusto account to authorize your application for data access!

Additional resources

If you have any questions, please do not hesitate to reach out to your Finch Developer Success representative. We look forward to working with you to provide a seamless integration with Gusto. We understand that this process can be complex and we are here to help you every step of the way.