ADP Prerequisites and Base Integration Setup
Required prerequisites
There are prerequisite activities that are required to be performed on the ADP portal before the ADP integration is configured on the ObserveID side. Below is a short overview of the prerequisites.
|
Prerequisite |
Description |
|
X.509 certificate |
For the ADP client certificate authentication, the following credentials are needed:
A private key and matching certificate can be generated with some tools, for example, via OpenSSL. For more information, refer to: https://developers.adp.com/getting-started/key-concepts/generate-a-certificate-signing-request |
|
ADP client id |
A public identifier of the ADP client. |
|
ADP client secret |
A credential of the ADP client used together with the client id to obtain an access token. |
|
API product entitlement scope |
|
Connection parameters
The connection parameters specified below must be populated in ObserveID for the Universal Connector to connect to the ADP platform as an authoritative source. The connection parameters are established in: ObserveID > Identity Automation > Integrations > {specific ADP integration} > Details.
To create a new ADP integration, click New integration in the Integrations grid, and then select the REST API integration type. The Details page opens for filling out the connection parameters, described in the table below.
|
Connection parameter |
Description |
|
Environment Type |
Environment the new integration pertains to. The Na option establishes no environment. |
|
Integration Name |
Automatically generated name for the new integration. The name is created by combining the Integration Type with what is established as Environment Type, Alternate Name, and Description for the new integration. |
|
Alternate Name |
Any preferred name for the new integration. |
|
Description |
Any valid text to differentiate one integration from another. This text is displayed in addition to the integration name in several UI elements, e.g., dropdown lists, in the system. |
|
Base API URL |
URL for ADP HR API calls. Usually the URL is |
|
Custom Authentication Header |
An option selected for the Authentication Scheme Type in the connection parameters for a REST API integration. |
|
Get Custom Auth Header Rule |
The authentication method is configured on an ad hoc basis by the ObserveID engineering team using the credentials provided in the prerequisite step above, specifically: - X.509 certificate
|
|
Operation Rules |
Integration Operations are configured on an ad hoc basis by the ObserveID engineering team for a specific ADP integration implementation. Examples include: -
Additional integration operations may be implemented upon request or based on specific business requirements. |
Initial data load
After the connection parameters are established for ADP in ObserveID, and the connection test is successfully completed, next is the first load of data. It allows the systems to set up an initial point starting from which it is possible to determine and synchronize deltas later. For what data is loaded, refer to the schema of ADP integration data.
A Data Import task is used to perform the initial data load as well as all subsequent data imports.
The Data Import task for the ADP integration is created automatically when the integration is saved. If required, the task can also be created manually. To execute the Data Import task, navigate to:
- ObserveID > Identity Automation > Workflows > Tasks
The Data Import task is considered successfully completed when the integration data (including accounts, entitlements, resources, and associated properties) is imported and becomes available within the ADP integration in ObserveID.