Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
Client ID - follow “Generate API Credentials” instructions here to generate Client ID and Client Secret
Client Secret - from step 2
Company Name - enter your company name in UPPER_SNAKE_CASE format e.g. THE_HONEST_CO, MICROSOFT, etc
ADP Workforce Now
To connect ADP integration to OnRamp, you must get ADP's information: Client ID, Client secret, Private key, and Certificate.
Here are the instructions from ADP to generate the certificate pair: ADP Developer Resources - follow the “Manual Process Steps (Client Process Steps)” instructions in this link.
For Client ID and Client Secret contact your ADP client representative if you don't have this information.
Once you have the above information, configure the connection in OnRamp using the “Connections” menu:
OnRamp uses ADP Notification Events to retrieve hire and terminate events. This document from ADP provides more information. ADP Developer Resources . This approach provides a reliable approach to get information on employees. By default a Flow configured with ADP Workforce Now Events trigger handles events like hires, terminations, time off requests, etc. You can set the below configuration parameter in the trigger mapping config to filter events: config:event=worker.hire or config:event=worker.terminateor config:event=timeoffRequest.submit. Be sure to first include these events in your API client “Event Subscriptions” in ADP portal in Marketplace - Integrations area.
OnRamp is a Forge app which means all processing and data storage occurs within Atlassian ecosystem. There are some rare exceptions when we may need to invoke a service hosted in our AWS instance. Connecting to ADP requires one such additional step to bypass a known limitation in Forge. No data is ever stored in our AWS instance and the lambda function acts as a proxy passthrough.
Dayforce
Here are the parameters you need to connect to Dayforce web services (Ref - may need login).
Dayforce URL: The URL is constructed as follows: https://<prefix>.dayforcehcm.com/api/<company-name> To get the “prefix”, first login via browser to your Dayforce HCM instance. Once logged in, the URL will contain the prefix - use the same prefix that appears in the browser. It should be something like “us232” or “ustest242” (for sandbox). This number changes based on Dayforce’s current release version. You may need to include “-services” after the prefix (e.g. us232-services.dayforcehcm.com). The company-name in the URL is the same name you use when you log in via browser. You can also skip the prefix number and just use www e.g. www.dayforcehcm.com)
Username: the username of a Web service user defined in Dayforce
Password: the password of the Web service user defined in Dayforce
Dayforce Web Services Security Config:
Follow instructions here to ensure the user has right level of permissions. In order to interact with Dayforce system via Web Services, the relevant role needs to have access to HCM Anywhere feature with the relevant sub-features (check web services HCM read access, Field level access, Location access, etc).
Oracle HCM
Configure the connection to Oracle HCM by going to Connections tab - use the Other Connections option. Please review relevant Oracle documentation. You will need username, password and URL (e.g. url - https://domain.oraclecloud.com, https://servername.fa.us2.oraclecloud.com) to connect. Set Connection Attribute to Oracle HCM Employees API -hcmRestApi/resources/11.13.18.05/emps (ref).
SAP SuccessFactors
Here are the settings you need to connect to SuccessFactors:
OnRamp supports Basic or OAuth authentication mechanism.
Basic Auth:
API Username: format is username@company_id, provide user access via: Admin Center >> Manage Permission Roles >> Manage Integration Tools >> Enable Allow Admin to Access OData API through Basic Authentication. OnRamp requires access to these entities: User, UserAccount, EmpJob, EmpEmployment, EmpEmploymentTermination, PerPerson, PerEmail. See this link for instructions on finding your Company ID.
API Password: <api user’s password>
OAuth:
API Username: format is username@company_id, provide user access via: Admin Center >> Manage Permission Roles >> Manage Integration Tools >> Enable Allow Admin to Access OData API through Basic Authentication. OnRamp requires access to these entities: User, UserAccount, EmpJob, EmpEmployment, EmpEmploymentTermination, PerPerson, PerEmail. See this link for instructions on finding your Company ID.
Create key pair using openssl command described here - create certificate. Copy the Public and Private keys from this step.
Register OAuth2 client application using instructions here - register application. Copy the API Key from this step.
Though Basic Auth is deprecated, SAP SuccessFactors officially supports it until end of 2026. SuccessFactors recommends adding IP address restrictions with Basic Auth for additional security. Here are the Atlassian IP addresses you need to whitelist.
UKG Now
To configure connection to UKG Now, use Other Connections:
Username - Ultipro service account username; Permissions - service account must have the "View" role for the "Personnel Integration" Web Service, “EmployeeExport” Web Service and "Employee Person Details".
Password - Ultipro service account password
Key - Pro Customer API key which is unique to each Pro HR Tenant and can be found by navigating to System Configuration > Security > Web Services and referring to the value for Customer API Key.
Connection Attribute - set to “/personnel/v1/employee-employment-details” (used for testing the connection)
UKG Ready
To configure connection to UKG Now, use Other Connections:
