1. Administering Oracle Payroll Interface
  2. Define Payroll Integrations

Define Payroll Integrations

Identify the payrolls that are processed by ADP Global Payroll. Navigate to the Payroll Integrations page from Data Exchange under My Client Groups. You will require Manage Payroll Integration Setup (HRY_MANAGE_PAYROLL_INTEGRATION_SETUP_PRIV) privilege to access this page.

Before you start

Before You Start

Complete these tasks before you access the Global Payroll Local Data page in ADP:

  • Collaborate with the ADP project team to determine the Audience, Tenant, and REST Endpoint values.

  • Complete the certificate exchange for ADP Global Payroll to authenticate the REST API call.

  • Complete the federation SSO configuration for the Deep Link URL.

  • Verify that the user account of a Payroll Administrator in Oracle HCM Cloud can also access ADP Global Payroll.

On the Payroll Integrations page, provide these details to access the Global Payroll Local Data page in ADP:

Note: Use the Audience and Tenant parameters to establish the JWT authentication. Payroll Administrator uses the Deep Link URL with SSO authentication while navigating to the Global Payroll Local Data page in ADP.

  • Integration Details

    • Issuer: Indicates the source application for this integration.

    • Select the Enabled check box.

  • Target System

    • Audience: Indicates the target application for this integration. Provide a name of the ADP Global Payroll pod that the Oracle HCM Cloud instance will integrate with. You can find the available ADP Global Payroll systems from the list of values. Here are the supported combinations for this integration setup to be complete and functional.

      Environment

      Audience

      Issuer

      Production

      globalview-prod

      oracle-prod

      Demo

      globalview-demo

      oracle-demo

      UAT

      globalview-uat

      oracle-uat

      DEV

      globalview-dev

      oracle-dev

      RDQUA

      globalview-rdqua

      oracle-rdqua

      RDDEV

      globalview-rddev

      oracle-rddev

      Any other unsupported combination of Issuer and Audience will result in authentication failure while connecting the systems for this integration.

    • Tenant: Enter the Client ID provided by ADP.

    • Deep Link URL: Provide the encoded URL to connect to ADP Global Payroll for embedding your application in Oracle HCM Cloud. This URL is encoded and varies with the Identity Provider in use in your organization.

      • For ADFS as an IdP, the URL pattern is,

        https://<external IDP>/adfs/ls/IDPInitiatedSignon.aspx?RelayState=RPID%3D<URL encoded ADP Entity ID>%26RelayState%3D<URL encoded ADP RelayState value>

        For example, if

        external IDP = https://mycompany.idp.com/adfs/ls/IDPInitiatedSignon.aspx
ADP Entity ID = https://companyportal.globalview.adp.com/federate2
ADP Relaystate Value = https://companyportal.globalview.adp.com/adminCentral/abcinc.home

        URL would be,

        https://mycompany.idp.com/adfs/ls/IDPInitiatedSignon.aspx?RelayState=RPID=https://companyportal.globalview.adp.com/federate2&RelayState=https://companyportal.globalview.adp.com/adminCentral/abcinc.home

        Provide the encoded URL of this URL as the Deep Link URL. You can get the encoded URL from any online URL encoding sites like https://www.urlencoder.org.

        Deep Link URL:

        https://mycompany.idp.com/adfs/ls/IDPInitiatedSignon.aspx?RelayState=RPID%3Dhttps%253A%252F%252Fcompanyportal.globalview.adp.com%252Ffederate2%26RelayState%3Dhttps%253A%252F%252Fcompanyportal.globalview.adp.com%252FadminCentral%252Fabcinc.home%253F

      • For Okta as an IdP, the URL pattern is,

        IDP Single Sign-on URL:

        https://mycompany.okta.com/app/myco_adpglobalview/exk86sywoaLvu6ZYr2p7/sso/saml

        ADP RelayState value:

        https://companyportal.globalview.adp.com/adminCentral/abcinc.home

        Encoded URL would be,

        https://mycompany.okta.com/app/myco_adpglobalview/exk86sywoaLvu6ZYr2p7/sso/saml?RelayState=https%3A%2F%2Fportal0023.globalview.adp.com%2FadminCentral%abcinc.home

        Single encoding is used in the RelayState value for Okta, while double encoding is used in the RelayState value for ADFS IdP.

        Note:

        • ADFS encoding pattern requires double-encoding of the query parameters that are appended to the Deep Link URL defined in the Payroll Integrations page. Okta is verified to require single-encoding. So you must verify the required encoding pattern with your IdP vendors.

        • Contact your ADP implementation and IdP administration teams to verify and configure this setup and the IdP SSO URLs, and ADP RelayState values.

        • All the sample URLs provided are for references. You must verify with your SSO and ADP teams for specific URLs for your implementation.

        By default, the encoding pattern is set as double encoded. You can control and specify the encoding pattern honored by your IdP using a lookup code defined as:

        1. In the Setup and Maintenance work area, search for and select Manage Common Lookups.

        2. Search for and select the lookup type ORA_HRY_PI_PROFILE_OPTIONS (Payroll Interface Profile Options).

        3. Add a new lookup code,

          • Lookup Code: IFRAME_URL_ENCODE

          • Meaning

            • SINGLE: If your IdP requires a single encoded URL

            • DOUBLE: If your IdP requires a double encoded URL

    • REST Endpoint: Provide an endpoint URL to call the REST APIs. Gather the URL from your ADP representative. Here's a sample URL:

      https://portalxxx.globalview.adp.com/mnccc/v1/edi

  • Payroll Details

    • Name: Provide a name of the payroll that's processed by ADP and for which this integration is being defined.

    • Rule Name: Provide the payload rule associated with this payroll.

    • Event: New Hire and Termination events can be enabled to publish the payload in real-time to ADP Global Payroll.

      Note: New Hire event should be configured before adding the Termination Event

Enabling Real Time Termination: Important considerations

Consider these points to avoid potential data consistency errors when reporting happens in both real time and batch.

  1. After enabling a payroll for real time termination, when an employee mapped to that payroll is terminated, the employee will stop getting reported in the batch interface also.

  2. Subsequent changes to employee data wont be reported through batch interface once an employee termination has been reported through real time. Changes to terminated employee’s data will need to be synced with ADP outside of the standard interface.