Define Payroll Integrations
Identify the payrolls that are processed by ADP Global Payroll. Navigate to the Payroll Integrations page from Data Exchange under My Client Groups. You will require Manage Payroll Integration Setup (HRY_MANAGE_PAYROLL_INTEGRATION_SETUP_PRIV) privilege to access this page.
Before you start
Before You Start
Complete these tasks before you access the Global Payroll Local Data page in ADP:
-
Collaborate with the ADP project team to determine the Audience, Tenant, and REST Endpoint values.
-
Complete the certificate exchange for ADP Global Payroll to authenticate the REST API call.
-
Complete the federation SSO configuration for the Deep Link URL.
-
Verify that the user account of a Payroll Administrator in Oracle HCM Cloud can also access ADP Global Payroll.
On the Payroll Integrations page, provide these details to access the Global Payroll Local Data page in ADP:
Use the Audience and Tenant parameters to establish the JWT authentication. Payroll Administrator uses the Deep Link URL with SSO authentication while navigating to the Global Payroll Local Data page in ADP.
-
Integration Details
-
Issuer: Indicates the source application for this integration.
-
Select the Enabled check box.
-
-
Target System
-
Audience: Indicates the target application for this integration. Provide a name of the ADP Global Payroll pod that the Oracle HCM Cloud instance will integrate with. You can find the available ADP Global Payroll systems from the list of values. Here are the supported combinations for this integration setup to be complete and functional.
Environment
Audience
Issuer
Production
globalview-prod
oracle-prod
Demo
globalview-demo
oracle-demo
UAT
globalview-uat
oracle-uat
DEV
globalview-dev
oracle-dev
RDQUA
globalview-rdqua
oracle-rdqua
RDDEV
globalview-rddev
oracle-rddev
Any other unsupported combination of Issuer and Audience will result in authentication failure while connecting the systems for this integration.
-
Tenant: Enter the Client ID provided by ADP.
-
Deep Link URL: Provide the encoded URL to connect to ADP Global Payroll for embedding your application in Oracle HCM Cloud. This URL is encoded and varies with the Identity Provider in use in your organization.
-
For ADFS as an IdP, the URL pattern is,
https://<external IDP>/adfs/ls/IDPInitiatedSignon.aspx?RelayState=RPID%3D<URL encoded ADP Entity ID>%26RelayState%3D<URL encoded ADP RelayState value>
For example, if
external IDP = https://mycompany.idp.com/adfs/ls/IDPInitiatedSignon.aspx ADP Entity ID = https://companyportal.globalview.adp.com/federate2 ADP Relaystate Value = https://companyportal.globalview.adp.com/adminCentral/abcinc.home
URL would be,
https://mycompany.idp.com/adfs/ls/IDPInitiatedSignon.aspx?RelayState=RPID=https://companyportal.globalview.adp.com/federate2&RelayState=https://companyportal.globalview.adp.com/adminCentral/abcinc.home
Provide the encoded URL of this URL as the Deep Link URL. You can get the encoded URL from any online URL encoding sites like https://www.urlencoder.org.
Deep Link URL:
https://mycompany.idp.com/adfs/ls/IDPInitiatedSignon.aspx?RelayState=RPID%3Dhttps%253A%252F%252Fcompanyportal.globalview.adp.com%252Ffederate2%26RelayState%3Dhttps%253A%252F%252Fcompanyportal.globalview.adp.com%252FadminCentral%252Fabcinc.home%253F
-
For Okta as an IdP, the URL pattern is,
IDP Single Sign-on URL:
https://mycompany.okta.com/app/myco_adpglobalview/exk86sywoaLvu6ZYr2p7/sso/saml
ADP RelayState value:
https://companyportal.globalview.adp.com/adminCentral/abcinc.home
Encoded URL would be,
https://mycompany.okta.com/app/myco_adpglobalview/exk86sywoaLvu6ZYr2p7/sso/saml?RelayState=https%3A%2F%2Fportal0023.globalview.adp.com%2FadminCentral%abcinc.home
Single encoding is used in the RelayState value for Okta, while double encoding is used in the RelayState value for ADFS IdP.
Note:-
ADFS encoding pattern requires double-encoding of the query parameters that are appended to the Deep Link URL defined in the Payroll Integrations page. Okta is verified to require single-encoding. So you must verify the required encoding pattern with your IdP vendors.
-
Contact your ADP implementation and IdP administration teams to verify and configure this setup and the IdP SSO URLs, and ADP RelayState values.
-
All the sample URLs provided are for references. You must verify with your SSO and ADP teams for specific URLs for your implementation.
By default, the encoding pattern is set as double encoded. You can control and specify the encoding pattern honored by your IdP using a lookup code defined as:
-
In the Setup and Maintenance work area, search for and select Manage Common Lookups.
-
Search for and select the lookup type ORA_HRY_PI_PROFILE_OPTIONS (Payroll Interface Profile Options).
-
Add a new lookup code,
-
Lookup Code: IFRAME_URL_ENCODE
-
Meaning
-
SINGLE: If your IdP requires a single encoded URL
-
DOUBLE: If your IdP requires a double encoded URL
-
-
-
-
-
REST Endpoint: Provide an endpoint URL to call the REST APIs. Gather the URL from your ADP representative. Here's a sample URL:
https://portalxxx.globalview.adp.com/mnccc/v1/edi
-
-
Payroll Details
-
Name: Provide a name of the payroll that's processed by ADP and for which this integration is being defined.
-
Rule Name: Provide the payload rule associated with this payroll.
-
Event: New Hire and Termination events can be enabled to publish the payload in real-time to ADP Global Payroll.
Note: New Hire event should be configured before adding the Termination Event
-
Enabling Real Time Termination: Important considerations
-
After enabling a payroll for real time termination, when an employee mapped to that payroll is terminated, the employee will stop getting reported in the batch interface also.
-
Subsequent changes to employee data wont be reported through batch interface once an employee termination has been reported through real time. Changes to terminated employee’s data will need to be synced with ADP outside of the standard interface.