ADP Connector

Intro

ADP Workforce Now is a web-based human resources (HR) application designed especially for midsize businesses.  Use Domo's ADP connector to import reports from ADP Workforce Now. To learn more about the ADP API, visit their page at https://developers.adp.com/.

You connect to your ADP account in the Data Center. This topic discusses the fields and menus that are specific to the ADP connector user interface. General information for adding DataSets, setting update schedules, and editing DataSet information is discussed in Adding a DataSet Using a Data Connector.

Prerequisites

To connect to your ADP account and create a DataSet, you must have the following:

• The network username and password for your ADP account

• The PKCS12-formatted Mutual Authentication Certificate store generated for your ADP account (must be encoded in Base 64)

• The password needed to open your Mutual Authentication Certificate

Connecting to Your ADP Account

This section enumerates the options in the Credentials and Details panes in the ADP Connector page. The components of the other panes in this page, Scheduling and Name & Describe Your DataSet, are universal across most connector types and are discussed in greater length in Adding a DataSet Using a Data Connector.

Credentials Pane

This pane contains fields for entering credentials to connect to your ADP account. The following table describes what is needed for each field:  

Once you have entered valid ADP credentials, you can use the same account any time you go to create a new ADP DataSet. You can manage connector accounts in the Accounts tab in the Data Center. For more information about this tab, see Managing User Accounts for Connectors.

Creating a Mutual Authentication Certificate

A Certificate Signing Request (CSR) is required for accessing ADP Application Programming Interfaces (APIs) and authenticating users with single sign-on (SSO). A private key and matching Web Services (WS) Certificate is required to access ADP web services. The WS Certificate provides client information to ADP and the matching private key confirms the authenticity of the client.

To generate the WS Certificate, a CSR needs to be generated by the client. During the CSR generation, the private key and matching public key are created. The CSR is submitted to the ADP Web Services Certificate Authority (currently run by Sectigo/Comodo) and they return the WS Certificate. Many software tools store the private key and the WS Certificate in one Personal Information Exchange Format (PFX), also known as a P12 file.

Open Secure Sockets Layer (OpenSSL) is an open-source tool. Although ADP has tested the commands based on the OS, configuration settings, and other environmental factors, the commands and configuration may have to be adjusted. Clients will need to check and support the OpenSSL tool from their own IT department.

Clients need to ensure that every time new private and public keys are created, they are managed properly. If they are generated more than once, each key pair must be stored (possibly in different directories) so there is no confusion. In addition, the returned Web Services Certificate (which also contains the public key) must be managed properly (stored in the directory that has the matching private key). For more information, see https://developers.adp.com/articles/general/generate-a-certificate-signing-request.

To complete a Certificate Signing Request, do the following:

1. Download OpenSSL Light for Windows at: http://slproweb.com/products/Win32OpenSSL.html. Mac users can open Terminal and jump to the OpenSSL commands in step 5.
2. To install OpenSSL, follow the instructions in the Install Wizard.
3. Open cmd.exe.
4. Go to the location where you installed OpenSSL and at the command line, type cd C:\Program Files (x86)\OpenSSL-Win32\bin (or C:\Program Files\OpenSSL-Win64\bin for 64-bit).
5. Generate the CSR:
   1. openssl genrsa -out companyname_auth.key 2048
   2. openssl req -new -key companyname_auth.key -out companyname_auth.csr
      
      Note: Your CSR must not request S/MIME capabilities.
6. Enter the following information into your CSR. Leave the challenge password blank.
   1. Country Name.
   2. State or Province Name.
   3. Locality Name.
   4. Organization Name (must be the same string used by your organization when registered with ADP.)
   5. Common Name (use something meaningful, such as CompanyName Corp Mutual SSL or whatever best describes the usage and identifies this as the Mutual SSL Authentication certificate.)
   6. Challenge password (leave this field blank.)
7. After you have created your CSR, you have two options for submitting it to ADP for signing. If you’re currently in the process of implementing ADP APIs, you can email your CSR to your assigned ADP implementation representative for signing. Otherwise, follow these steps to submit your request directly to ADP Security Services:
   1. Open the ADP Certificate Signing Tool (no login is required.)
   2. Choose Authentication and transaction signing for the certificate type.
   3. Enter your technical contact’s email.
   4. Enter your company name and ADP client ID.
      
      Note: If you are an ADP Workforce Now client, your ADP client ID is all the characters to the right of the @ symbol in your ADP Workforce Now login name. If you don't know your ADP client ID, contact your ADP representative.
   5. Enter your technical contact’s first and last name and a group distribution list to be automatically notified when the generated certificate is reaching its two-year expiration date.
   6. Paste the complete contents (including BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST) of your CSR into the CSR text box.
   7. Click Submit.
      
      Note: It might take up to a week to sign the CSR.
8. Save the signed certificate from ADP into a file named companyname_auth.pem in the same location that you initially created the CSR (C:\Program Files (x86)\OpenSSL-Win32\bin).
9. If you are using Windows/IIS, use the following command to get the key and certificate in PKCS12 format:
   openssl pkcs12 -export -out companyname_auth.pfx -name “Company Name Mutual SSL” -inkey companyname_auth.key -in companyname_auth.pem
10. Enter the Export Password.

The resulting certificate and key should be in the file companyname_auth.pfx that you'll reference for Mutual SSL authentication.

To convert the .pfx file to base64 encoded string do the following:

Windows (Use PowerShell):

[convert]::ToBase64String((Get-Content -path "your_pfx_file_path" -Encoding byte)) > "output_file_name.txt"

Linux:

base64 "your_pfx_file_path" > "output_file_name.text"

Details Pane

This pane contains a primary Reports menu from which you select an ADP Workforce Now report to import, along with several other configuration options.

Other Panes

For information about the remaining sections of the connector interface, including how to configure scheduling, retry, and update options, see Adding a DataSet Using a Data Connector.

Using SFTP Export

One of the easiest ways to get your ADP data into Domo is by using ADP's SFTP export capability. To do this, you will first need to request SFTP Export from the ADP Reporting module, then set up an SFTP server for use in pulling reports. You will only need to go through this setup process once. There is a small one-time fee (around $200-$300). Once the server is set up, you can pull any number of reports with no additional fee.

To pull reports, you build them in ADP, specify that they be sent via SFTP, and finally pull them into Domo using the CSV Advanced or SFTP connectors.

Setting up SFTP

To set up an SFTP server for use in pulling ADP reports,

1. Work with your ADP representative to request SFTP Export from the ADP Reporting module.
   
   Your ADP representative will send you a Statement of Work (SOW) to fill out. The following PDF shows an example of this:
    

   
   

2. Enter the details for your SFTP server. 
    
   Note: If you like, Domo can host your SFTP server. If you are interested, please reach out to your CSM for more information.  

3. When requested, send ADP a report to use in testing the setup. (Any ADP report should work.)
   
   ADP will then send a test and ask you to confirm receipt.

4. Confirm receipt of the test you have been sent.

Once you confirm receipt, the server is live and you can begin using it to pull reports into Domo.

Pulling Data into Domo Using SFTP

To pull a report into Domo using the SFTP server you have set up,

1. Build a report in ADP's reporting tool.

2. Schedule the report in step 7 in the ADP report builder.

3. In the Distribution settings, specify that the report be sent via SFTP.

4. Use Domo's CSV Advanced connector or any of our SFTP connectors (SFTP Pull, CSV SFTP Push, Microsoft Excel SFTP, or Microsoft Excel SFTP Push) to pull the report into Domo.