Connections and System Triggers

System

Setup Instructions

System

Setup Instructions

Workday
https://onwardb.atlassian.net/wiki/spaces/ONLINK/pages/18808857
BambooHR

 

Greenhouse

 

Personio

Here are the four connection parameters you will need to connect to Personio

  1. URL - set to “https://api.personio.de/

  2. Client ID - follow “Generate API Credentials” instructions here to generate Client ID and Client Secret

  3. Client Secret - from step 2

  4. Company Name - enter your company name in UPPER_SNAKE_CASE format e.g. THE_HONEST_CO, MICROSOFT, etc

ADP Workforce Now

To connect ADP integration to OnRamp, you must get ADP's information: Client ID, Client secret, Private key, and Certificate.

Here are the instructions from ADP to generate the certificate pair: https://developers.adp.com/learn/how-to-articles/generate-a-certificate-signing-request#manual-process-steps-(client-process-steps) - follow the “Manual Process Steps (Client Process Steps)” instructions in this link.

For Client ID and Client Secret contact your ADP client representative if you don't have this information.

Once you have the above information, configure the connection in OnRamp using the “Connections” menu:

image-20240823-230143.png

OnRamp uses ADP Notification Events to retrieve hire and terminate events. This document from ADP provides more information. https://developers.adp.com/learn/key-concepts/adp-event-apis-and-event-notification-guide#use-cases . This approach provides a reliable approach to get information on employees in real time. By default a Flow configured with ADP Workforce Now Events trigger handles both hires and terminations. However you can set the below configuration parameter in the trigger mapping config to filter events: config:event=worker.hire or config:event=worker.terminate

Here’s sample mapping:

key:workerId=customfield_10051
map:firstName=customfield_10065
map:familyName=customfield_10066
map:originalHireDate=customfield_10064
map:actualStartDate=customfield_10053
map:hireDate=customfield_10054
map:jobTitle=customfield_10055
map:positionID=customfield_10056
map:terminationDate=customfield_10057
map:terminationReason=customfield_10058
map:workerStatus=customfield_10059
map:email=customfield_10104
config:event=worker.hire

OnRamp is a Forge app which means all processing and data storage occurs within Atlassian ecosystem. There are some rare exceptions when we may need to invoke a service hosted in our AWS instance. Connecting to ADP requires one such additional step to bypass a known limitation in Forge. No data is ever stored in our AWS instance and the lambda function acts as a proxy passthrough.

Dayforce

Here are the parameters you need to connect to Dayforce web services (Ref - may need login).

  • Dayforce URL: The URL is constructed as follows: https://<prefix>-services.dayforcehcm.com/api/<company-name> To get the “prefix”, first login via browser to your Dayforce HCM instance. Once logged in, the URL will contain the prefix - use the same prefix that appears in the browser. It should be something like “us232” or “ustest242”. Be sure to include “-services” after the prefix. The company-name in the URL is the same name you use when you log in via browser.

  • Username: the username of a Web service user defined in Dayforce

  • Password: the password of the Web service user defined in Dayforce

Dayforce Web Services Security Config:

Follow instructions here to ensure the user has right level of permissions. In order to interact with Dayforce system via Web Services, the relevant role needs to have access to HCM Anywhere feature with the relevant sub-features (check web services HCM read access, Field level access, Location access, etc).

image-20240801-165635.png

 

SAP SuccessFactors

Here are the settings you need to connect to SuccessFactors:

API URL: e.g. https://apisalesdemo8.successfactors.com - see this for more info SAP SuccessFactors URLs

OnRamp supports Basic or OAuth authentication mechanism.

Basic Auth:

  • API Username: format is username@company_id, provide user access via: Admin Center >>  Manage Permission Roles >> Manage Integration Tools >> Enable Allow Admin to Access OData API through Basic Authentication. OnRamp requires access to these entities: User, UserAccount, EmpJob, EmpEmployment, EmpEmploymentTermination, PerPerson, PerEmail. See this link for instructions on finding your Company ID.

  • API Password: <api user’s password>

OAuth:

  • API Username: format is username@company_id, provide user access via: Admin Center >>  Manage Permission Roles >> Manage Integration Tools >> Enable Allow Admin to Access OData API through Basic Authentication. OnRamp requires access to these entities: User, UserAccount, EmpJob, EmpEmployment, EmpEmploymentTermination, PerPerson, PerEmail. See this link for instructions on finding your Company ID.

  • Create key pair using openssl command described here - create certificate. Copy the Public and Private keys from this step.

  • Register OAuth2 client application using instructions here - register application. Copy the API Key from this step.

Though Basic Auth is deprecated, SAP SuccessFactors officially supports it until end of 2026. SuccessFactors recommends adding IP address restrictions with Basic Auth for additional security. Here are the Atlassian IP addresses you need to whitelist.

UKG Now

To configure connection to UKG Now, use Other Connections:

Then set the below parameters:

  • System - UKG Now

  • URL - To determine URL, see Service Endpoint information in https://developer.ukg.com/hcm/docs/web-service-account

  • Username - Ultipro service account username

  • Password - Ultipro service account password

  • Key - Pro Customer API key which is unique to each Pro HR Tenant and can be found by navigating to System Configuration > Security > Web Services and referring to the value for Customer API Key.

  • Connection Attribute - set to “/personnel/v1/employee-changes?startDate=2024-01-01T00:00:00&endDate=2024-01-01T00:01:00” (used for testing the connection)

UKG Ready

To configure connection to UKG Now, use Other Connections:

Then set the below parameters (https://secure.saashr.com/ta/docs/rest/public/?r=__v2__companies__(cid)__oauth2__token#):

  • System - UKG Ready

  • URL - Set to https://secure.saashr.com/ta/rest/v2/companies/{cid}/, replace {cid} with Company ID

  • Password - Set the OAuth2 client_secret value from UKG Ready

  • Client ID - Set the Client ID value from UKG Ready

  • Connection Attribute - set to “personnel/v1/person-details?page=1&per_Page=1“ (used for testing the connection)