/
Connections and System Triggers

Connections and System Triggers

Owned by Girish Reddy
Last updated: Apr 17, 2025
5 min read

System

Setup Instructions

System

Setup Instructions

Workday
https://onwardb.atlassian.net/wiki/spaces/ONLINK/pages/18808857
BambooHR

 

https://onwardb.atlassian.net/wiki/spaces/ONLINK/pages/18841610
Greenhouse
https://onwardb.atlassian.net/wiki/spaces/ONLINK/pages/18677800

 

Personio

Here are the four connection parameters you will need to connect to Personio

  1. URL - set to https://api.personio.de/

  2. Client ID - follow “Generate API Credentials” instructions here to generate Client ID and Client Secret

  3. Client Secret - from step 2

  4. Company Name - enter your company name in UPPER_SNAKE_CASE format e.g. THE_HONEST_CO, MICROSOFT, etc

ADP Workforce Now

To connect ADP integration to OnRamp, you must get ADP's information: Client ID, Client secret, Private key, and Certificate.

Here are the instructions from ADP to generate the certificate pair: https://developers.adp.com/learn/how-to-articles/generate-a-certificate-signing-request#manual-process-steps-(client-process-steps) - follow the “Manual Process Steps (Client Process Steps)” instructions in this link.

For Client ID and Client Secret contact your ADP client representative if you don't have this information.

Once you have the above information, configure the connection in OnRamp using the “Connections” menu:

image-20240823-230143.png

OnRamp uses ADP Notification Events to retrieve hire and terminate events. This document from ADP provides more information. https://developers.adp.com/learn/key-concepts/adp-event-apis-and-event-notification-guide#use-cases . This approach provides a reliable approach to get information on employees. By default a Flow configured with ADP Workforce Now Events trigger handles events like hires, terminations, time off requests, etc. You can set the below configuration parameter in the trigger mapping config to filter events: config:event=worker.hire or config:event=worker.terminateor config:event=timeoffRequest.submit. Be sure to first include these events in your API client “Event Subscriptions” in ADP portal in Marketplace - Integrations area.

OnRamp is a Forge app which means all processing and data storage occurs within Atlassian ecosystem. There are some rare exceptions when we may need to invoke a service hosted in our AWS instance. Connecting to ADP requires one such additional step to bypass a known limitation in Forge. No data is ever stored in our AWS instance and the lambda function acts as a proxy passthrough.

Dayforce

Here are the parameters you need to connect to Dayforce web services (Ref - may need login).

  • Dayforce URL: The URL is constructed as follows: https://<prefix>.dayforcehcm.com/api/<company-name> To get the “prefix”, first login via browser to your Dayforce HCM instance. Once logged in, the URL will contain the prefix - use the same prefix that appears in the browser. It should be something like “us232” or “ustest242” (for sandbox). This number changes based on Dayforce’s current release version. You may need to include “-services” after the prefix (e.g. us232-services.dayforcehcm.com). The company-name in the URL is the same name you use when you log in via browser. You can also skip the prefix number and just use www e.g. www.dayforcehcm.com)

  • Username: the username of a Web service user defined in Dayforce

  • Password: the password of the Web service user defined in Dayforce

Dayforce Web Services Security Config:

Follow instructions here to ensure the user has right level of permissions. In order to interact with Dayforce system via Web Services, the relevant role needs to have access to HCM Anywhere feature with the relevant sub-features (check web services HCM read access, Field level access, Location access, etc).

image-20240801-165635.png

 

Oracle HCM

Configure the connection to Oracle HCM by going to Connections tab - use the Other Connections option. Please review relevant Oracle documentation. You will need username, password and URL (e.g. url - https://domain.oraclecloud.com, https://servername.fa.us2.oraclecloud.com) to connect. Set Connection Attribute to Oracle HCM Employees API -hcmRestApi/resources/11.13.18.05/emps (ref).

SAP SuccessFactors

Here are the settings you need to connect to SuccessFactors:

API URL: e.g. https://apisalesdemo8.successfactors.com - see this for more info SAP SuccessFactors URLs

OnRamp supports Basic or OAuth authentication mechanism.

image-20240417-141444.png

Basic Auth:

  • API Username: format is username@company_id, provide user access via: Admin Center >>  Manage Permission Roles >> Manage Integration Tools >> Enable Allow Admin to Access OData API through Basic Authentication. OnRamp requires access to these entities: User, UserAccount, EmpJob, EmpEmployment, EmpEmploymentTermination, PerPerson, PerEmail. See this link for instructions on finding your Company ID.

  • API Password: <api user’s password>

OAuth:

  • API Username: format is username@company_id, provide user access via: Admin Center >>  Manage Permission Roles >> Manage Integration Tools >> Enable Allow Admin to Access OData API through Basic Authentication. OnRamp requires access to these entities: User, UserAccount, EmpJob, EmpEmployment, EmpEmploymentTermination, PerPerson, PerEmail. See this link for instructions on finding your Company ID.

  • Create key pair using openssl command described here - create certificate. Copy the Public and Private keys from this step.

  • Register OAuth2 client application using instructions here - register application. Copy the API Key from this step.

Though Basic Auth is deprecated, SAP SuccessFactors officially supports it until end of 2026. SuccessFactors recommends adding IP address restrictions with Basic Auth for additional security. Here are the Atlassian IP addresses you need to whitelist.

UKG Now

To configure connection to UKG Now, use Other Connections:

image-20241017-135351.png

Then set the below parameters:

  • System - UKG Now

  • URL - To determine URL, see Service Endpoint information in Web Service Account ; typically something like https://service4.ultipro.com

  • Username - Ultipro service account username; Permissions - service account must have the "View" role for the "Personnel Integration" Web Service, “EmployeeExport” Web Service and "Employee Person Details".

  • Password - Ultipro service account password

  • Key - Pro Customer API key which is unique to each Pro HR Tenant and can be found by navigating to System Configuration > Security > Web Services and referring to the value for Customer API Key.

  • Connection Attribute - set to “/personnel/v1/employee-employment-details” (used for testing the connection)

UKG Ready

To configure connection to UKG Now, use Other Connections:

image-20241017-135327.png

Then set the below parameters (Developer Hub):

  • System - UKG Ready

  • URL - Set to https://secure.saashr.com/ta/rest/v2/companies/{cid}/, replace {cid} with Company ID

  • Password - Set the OAuth2 client_secret value from UKG Ready

  • Client ID - Set the Client ID value from UKG Ready

  • Connection Attribute - set to “personnel/v1/person-details?page=1&per_Page=1“ (used for testing the connection)

 

 

Related content