Objective   

This article explains how to configure a seamless Active Directory integration between Ceridian Dayforce and ManageEngine ADManager Plus to automate your user provisioning and keep employee information consistently updated across IT systems.

This HCM integration helps bridge the gap between HR and IT by enabling real-time synchronization of employee data, ensuring that updates in Ceridian Dayforce—such as new hires or role changes—are automatically reflected in Active Directory, Exchange, Microsoft 365, and other connected platforms.

With this HR system integration, organizations can:

• Streamline operations: Establish a connected HR-IT ecosystem that boosts organizational efficiency and enhances the employee experience.

• Increase productivity: Automatically provide new hires with access to essential resources and simplify group permission management using workflows.

Powered by secure API integration, this solution eliminates manual data entry and minimizes errors, enabling consistent and compliant identity management across your infrastructure.

Prerequisites 

• Please ensure you have your Ceridian Dayforce account's username and password.

• To import users (inbound action):

• Your user role must be assigned access to the Read Data subfeature under HCM Anywhere > Web Services in the Features tab of System Admin > Roles.

• In addition, for security, you must enable XRefCode under RESTful Services > Human Resources > Employee in the Web Services Field-Level Access tab of System Admin > Roles.

• To perform any action or query in Ceridian Dayforce (outbound action): 

• Your user role must be assigned access to the PATCH/POST Employee HR Data sub-feature under HCM Anywhere > Web Services in the Features tab of System Admin > Roles.

• In addition, for security, you must enable Can Create for the applicable Authorizations tab of System Admin > Roles.

Note: ADManager Plus comes with a preconfigured set of APIs that helps perform basic actions with the integration. If the action you require is not available, please gather the necessary API details from the Ceridian Dayforce API documentation to configure the inbound or outbound webhooks to perform the required actions.

 Steps to follow 

 Step 1: Authorization configuration 

1. Log in to ADManager Plus and navigate to Directory/Application Settings.

2. Go to Application Integrations, then search and select Dayforce.

3. Toggle the Enable Dayforce Integration button on.

4. In the Dayforce Configuration page, click Authorization.

5. Enter the Username and Password associated with your Ceridian Dayforce account.

6. Click Configure.

 Step 2: Inbound webhook configuration  

1. Under Inbound Webhook, click Dayforce Endpoint Configuration.
   

2. Ceridian Dayforce follows a nested call design, requiring two endpoints for retrieving user data: Dayforce Users List Endpoint which collects user IDs and Dayforce Users Endpoint which fetches details for each collected user ID.

3. To use these preconfigured endpoints, in both endpoints replace {subdomain} and {clientNamespace} with your respective sub-domain and clientNamespace from your Ceridian Dayforce instance.

4. Each endpoint must be tested and saved individually before proceeding. If you would like to use a new endpoint to import users, you can configure one using the + Add API endpoint button and filling in the required fields as per Ceridian Dayforce's API references. Click here to learn how.

5. You can use the filterUpdatedStartDate and filterUpdatedEndDate parameters to fetch only filtered responses from Dayforce. This allows you to retrieve data specific to your environment's needs.
   

Note:

• The API key value pair is preconfigured as a header for authenticating API requests during the Authorization configuration process. 

• You can add macros to your endpoint configuration to dynamically change it as per your requirement using the macro chooser component.

• Refer to the Ceridian Dayforce's API references and configure additional Headers and Parameters, if required.
  

6. Once done, click Test & Save. A response window will display all the requested parameters that can be fetched using the API call. Click Proceed.

Note:

• Refer to the Ceridian Dayforce's API references to know the Parameters that must be configured to fetch only specific parameters.

• You can configure multiple endpoints for Ceridian Dayforce using the + Add API endpoint button. Click here to learn how.

7. Click Data Source - LDAP Attribute Mapping to match endpoints and to map AD LDAP attributes with the respective attributes in Ceridian Dayforce. ADManager Plus also enables you to customize the attribute format from Ceridian Dayforce.
   

8. Click + Add New Configuration and perform the following:

• Enter the Configuration Name and Description and select the Automation Category from the drop-down menu.

• In the Select Endpoint field, select the desired endpoint and a Primary Key that is unique to a user (for example, employeeIdentifier).

Note: When multiple endpoints are configured, this attribute must hold the same value in all the endpoints.

• In the Attribute Mapping field, select the attribute from the LDAP Attribute Name drop-down menu and map it with the respective column in Ceridian Dayforce.

• If you would like to create a new custom format for this, click Add New Format.

• Click Save.

 Step 3: Outbound webhook configuration 

Outbound webhook enables you to update the changes made in AD using ADManager Plus to Ceridian Dayforce and synchronize them with AD. To configure an outbound webhook for Ceridian Dayforce:

1. Under Outbound Webhook, click Dayforce Webhook Configuration.

2. Click Dayforce Add User Endpoint to use the preconfigured endpoint. Replace {subdomain} and {clientNamespace} with your respective sub-domain and clientNamespace from your Ceridian Dayforce instance.

3. The endpoint must be tested and saved before proceeding. If you would like to use a new endpoint to import users, you can configure one using the + Add Webhook button and filling in the following fields as per Ceridian Dayforce's API references.

1. Enter a name and description for this webhook.

2. Decide on the action that has to be performed and refer to Ceridian Dayforce's API references for the API details, such as the URL, Headers, Parameters, and other requirements that will be needed.

3. Select the HTTP method that will enable you to perform the desired action on the endpoint from the drop-down menu.

4. Enter the endpoint URL.

5. Configure the URL, Headers, Parameters, and Body Message in the appropriate format based on the API call that you would like to perform.

6. Click Test and Save.

7. A pop-up window will then display a list of AD users and groups to test the configured API call. Select the desired user or group from which this API request has to be tested and click OK. This will make a real-time call to the endpoint URL, and the selected objects will be modified as per the configuration.

8. The webhook response and request details will then be displayed. Verify them for the expected API behavior and click Save.

4. The configured webhooks can be integrated into Orchestration Templates—enabling scheduled or Event-driven Automation—to consecutively perform the action configured in the outbound webhook among of actions on a group of users or on individual users.

Note: Use macros to send the data of the object for which the webhook is executed.

 Tips 

• Leverage filterUpdatedStartDate and filterUpdatedEndDate in Dayforce endpoints to fetch only modified records and avoid unnecessary data syncing.

• When mapping attributes, use a unique and common identifier (like employeeIdentifier) across all endpoints to maintain data integrity.

• Always validate and save each API endpoint (both user list and user detail) before mapping attributes or using them in automation.

• Take advantage of macros in the webhook configuration to dynamically construct URLs and payloads based on the user or group context.