Gusto
Org-level connection
Gusto is connected once at the org level by an admin. The credential is shared across all groups that have been granted access — individual team members don't need to connect their own accounts.
How to connect
Go to dev.gusto.com → Applications → Create application
Copy the Client ID and paste it below
Note: Full OAuth flow coming soon.
Ready to connect?
Go directly to the integrations page in your dashboard.
Permissions (scopes)
These are the data scopes On Belay can be granted for Gusto. Your org admin controls which scopes are enabled per group.
| Scope | Description | Access |
|---|---|---|
employees:read | Read employees | Read only |
payroll:read | Read payroll | Read only |
benefits:read | Read benefits | Read only |
company:read | Read company info | Read only |
Troubleshooting
"redirect_uri_mismatch" error during OAuth
Your OAuth app's authorized redirect URIs don't include the On Belay callback URL. Add https://app.onbelay.ai/api/oauth-callback/gusto to the allowed redirect URIs in your OAuth app settings.
"invalid_scope" error
The API or scope isn't enabled in your cloud project. For Google integrations, make sure the relevant API (e.g., Google Ads API, Search Console API) is enabled in Google Cloud Console for your project.
Connected but Claude can't access data
Check that your group has been granted access to this integration in On Belay → Groups → [your group] → Integrations. Also verify the specific scopes your group is permitted to use match what your query requires.
Still stuck? We're happy to help.
Contact support →