The challenge

In enterprise employee management, human resources (HR) teams work in tandem with information technology (IT) teams on an ad hoc basis to provision accounts for new hires and deprovision accounts when employees leave. Besides that, there are constant updates to employee profiles based on team or location changes that need to be addressed immediately. This dependency on external teams can create bottlenecks in employee onboarding and increase security risks when the access rights of former employees are not revoked in time.

The solution

Integrating UKG Pro with ADManager Plus allows you to synchronize data stored in UKG Pro's employee information fields with data in AD's corresponding fields. ADManager Plus' integration with UKG Pro aims to improve the efficiency and security of employee onboarding, modification, and offboarding processes. This process can protect data integrity, prevent data entry errors, tighten security, and save time typically spent managing account properties.

Benefits of HR-driven life cycle management

1. Accelerate the employee onboarding process.

2. Mitigate potential compromise of ex-employees' accounts.

3. Synchronize updates in the HR system with AD.

4. Align business needs with IT processes.

5. Keep your stakeholders informed via real-time alerts.

6. Eliminate dependency on external teams.

Integration overview

When ManageEngine ADManager Plus is integrated with UKG Pro, it can perform the following actions based on the users' attribute values in UKG Pro.

When this integration is in place, admins will be able to provision, modify, and deprovision AD users automatically based on their respective details entered in UKG Pro.

The two APIs used in the ADManager Plus–UKG Pro integration are Person Details and Employee Employment Details. The API integration is unidirectional by default. However, bidirectional API integration can be configured and used in the Orchestration feature if needed.

Prerequisites

You must have View permission for Employee Person Details and Personnel Integration for the web service account configured to use the UKG Pro integration.

Having View permission lets ADManager Plus fetch information from the following data fields in UKG Pro.

Configuration steps

Steps to configure UKG Pro settings in ADManager Plus

1. Log in to the ADManager Plus console, navigate to the Automation tab, and select HCM Integrations.

2. Click UKG Pro listed under HCM applications.

3. Enter the UKG Pro account details, like Web Service Account Username, Web Service Account Password, and Customer API KEY, in their respective fields under the Service Account Administration tab. Additional details like Company ID can be provided under the Advanced tab.

4. Click Test Connection and Save.

5. On the Data Source - LDAP Attribute Mapping tab, map the AD attributes to the predefined database column names provided in the UKG Pro database from the settings.

1. Click + Add New Configuration.

2. Provide a name and description for the configuration for which you wish to map the attributes.

3. Select the Automation Category.

4. In the Attribute Mapping field, the DB Column Name drop-down box contains all the predefined database column names provided in the UKG Pro database. Map the LDAP Attribute Name to the DB Column Name. 

5. Click the <plus> icon to add a new mapping entry and click the <delete> icon to remove an existing entry.

6. Click Add once you have added all the attributes you wish to map.

How does the integration work?

In ADManager Plus, create an automation that will run at a set frequency to provision users or modify access permissions. When the automation is executed, ADManager Plus will fetch user data in UKG Pro by initiating the following API calls.

https://<Customer Subdomain>.ultipro.com/personnel/v1/employment-details

https://<Customer Subdomain>.ultipro.com/personnel/v1/person-details/

Once ADManager Plus receives the information from the UKG Pro database, the data is stored in the product's built-in PostgreSQL database (or in your Microsoft SQL database), and the corresponding changes are made in the AD environment.

What information is stored in ADManager Plus?

When you integrate UKG Pro and ADManager Plus, the Web Service Account Username, Web Service Account Password, and Customer API KEY information is encrypted and stored in the ADManager Plus database.

After the initial configuration is complete, ADManager Plus will fetch the data from UKG Pro at the scheduled time. The fetched data is stored in ADManager Plus' database, which is located within your premises. The stored data is used to perform any management action, such as provisioning, reprovisioning, or deprovisioning users, based on the type of change configured in the automation setting.