> ## Documentation Index
> Fetch the complete documentation index at: https://conductorone-docs-mcp-bridge-private-server.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.
# Set up a Gusto connector
> C1 provides identity governance and just-in-time provisioning for Gusto. Integrate your Gusto instance with C1 to run user access reviews (UARs), enable just-in-time access requests, and automatically provision and deprovision access.
## Capabilities
The Gusto connector syncs the following resources:
| Resource | Sync | Provision |
| :--------- | :------------------------------------------------------------ | :------------------------------- |
| Company | | Grant (Company Admin) |
| Contractor | | |
| Employee | | Create, Delete (onboarding only) |
**Notes:**
* **Company Admin** is modeled as an entitlement on the **Company** resource. Granting adds a company admin; Gusto exposes no API to revoke an admin, so admin removal must be done in the Gusto UI.
* **Delete employee** succeeds only for employees who have not yet completed onboarding. Already-onboarded employees must be deprovisioned manually in the Gusto UI.
* **Single company per credential.** Each Gusto OAuth credential is bound to exactly one Gusto company.
* **Production vs. demo environment.** By default the connector targets Gusto production using ConductorOne's managed OAuth app. To connect to Gusto's demo environment (`https://api.gusto-demo.com`), choose **Custom App (Demo Environment)** during setup and provide your own Gusto developer app's Client ID and Client Secret — Gusto requires a developer-owned app for the demo environment.
## Gather Gusto credentials
To configure the Gusto connector, you need administrator permissions in the Gusto company you are connecting. The connector authenticates via OAuth brokered by C1 — you do not need to create or manage an API key.
Confirm you can sign in to the Gusto company as an admin. You will authorize C1's access during connector setup.
## Configure the Gusto connector
Follow these instructions to use a built-in, no-code connector hosted by C1.
In C1, navigate to **Integrations** > **Connectors** and click **Add connector**.
Search for **Gusto** and click **Add**.
Choose how to set up the new Gusto connector:
* Add the connector to a currently unmanaged app
* Add the connector to a managed app
* Create a new managed app
Set the owner for this connector.
Click **Next**.
Find the **Settings** area of the page and click **Edit**.
Choose the authentication method:
* **OAuth Authentication** (default) — connect to Gusto **production** using ConductorOne's managed OAuth app. No credentials to enter.
* **Custom App (Demo Environment)** — connect to Gusto's **demo** environment. Enter your own Gusto developer app's **Client ID** and **Client Secret** (both required for this option).
Click **Authorize** and complete the Gusto OAuth consent flow while signed in as a Gusto admin. C1 negotiates and stores the OAuth tokens for you — there is no API key to enter.
Click **Save**.
The connector's label changes to **Syncing**, followed by **Connected**. You can view the logs to ensure that information is syncing.
**Done.** Your Gusto connector is now pulling access data into C1.
Follow these instructions to use the [Gusto](https://github.com/conductorone/baton-gusto) connector, hosted and run in your own environment.
When running in service mode on Kubernetes, a self-hosted connector maintains an ongoing connection with C1, automatically syncing and uploading data at regular intervals.
### Resources
* [Official download center](https://dist.conductorone.com/ConductorOne/baton-gusto): For stable binaries (Windows/Linux/macOS) and container images.
* [GitHub repository](https://github.com/conductorone/baton-gusto): Access the source code, report issues, or contribute to the project.
### Step 1: Set up a new Gusto connector
In C1, navigate to **Integrations** > **Connectors** > **Add connector**.
Search for **Baton** and click **Add**.
Choose how to set up the new Gusto connector:
* Add the connector to a currently unmanaged app
* Add the connector to a managed app
* Create a new managed app
Set the owner for this connector.
Click **Next**.
In the **Settings** area of the page, click **Edit**.
Click **Rotate** to generate a new Client ID and Secret.
Carefully copy and save these credentials.
### Step 2: Create Kubernetes configuration files
Create two Kubernetes manifest files for your Gusto connector deployment:
#### Secrets configuration
```yaml expandable theme={"theme":{"light":"css-variables","dark":"css-variables"}}
# baton-gusto-secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: baton-gusto-secrets
type: Opaque
stringData:
# C1 credentials
BATON_CLIENT_ID:
BATON_CLIENT_SECRET:
# Gusto credentials
# Add connector-specific credentials here
```
See the connector's README or run `--help` to see all available configuration flags and environment variables.
#### Deployment configuration
```yaml expandable theme={"theme":{"light":"css-variables","dark":"css-variables"}}
# baton-gusto.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: baton-gusto
labels:
app: baton-gusto
spec:
selector:
matchLabels:
app: baton-gusto
template:
metadata:
labels:
app: baton-gusto
baton: "true"
baton-app: gusto
spec:
containers:
- name: baton-gusto
image: public.ecr.aws/conductorone/baton-gusto:latest
imagePullPolicy: IfNotPresent
env:
- name: BATON_HOST_ID
value: baton-gusto
envFrom:
- secretRef:
name: baton-gusto-secrets
```
### Step 3: Deploy the connector
Create a namespace in which to run C1 connectors (if desired), then apply the secret config and deployment config files.
Check that the connector data uploaded correctly. In C1, click **Applications**. On the **Managed apps** tab, locate and click the name of the application you added the Gusto connector to. Gusto data should be found on the **Entitlements** and **Accounts** tabs.
**Done.** Your Gusto connector is now pulling access data into C1.
***
All versions of this connector are available at [dist.conductorone.com](https://dist.conductorone.com/ConductorOne/baton-gusto).