This blog compares options available to have ADP WorkforceNow as a source with Okta which have been designed and implemented by Okta Professional Services(PS). The blog dives into the architecture for leveraging Okta’s Anything as a source (XaaS) platform with ADP APIs, Workflows and an API Gateway.

Why It Matters

As of today, Okta does not have a pre-built OOTB connector for ADP WorkforceNow as a source. This article establishes various ways, with a specific focus on an architecture for leveraging Okta’s native XaaS Integration Pattern with ADP Workforce Now APIs.

Key Takeaways

1. Okta’s XaaS integration pattern can be leveraged to connect to any Source of Truth/HR system - on-prem or cloud
2. Okta Workflows can help orchestrate source data and feed it into Okta’s Import Pipeline
3. Okta XaaS and Workflows can easily integrate with any API Gateway to broker mTLS connection for API authentication needs

Getting Started

Here are the current options to Integrate with ADPaaS with Okta -

1. CSVaaS 
2. Anything as a Source with ADP APIs and Workflows with an API Gateway*
3. Anything as a Source with ADP APIs and Custom Client hosted by the customer
4. Partner Connectors via ADP Marketplace

Comparison of Level Of Effort & Architecture

A deep dive into XaaS integrating with ADP APIs

Since Okta workflows do not support mTLS today which is needed to connect to ADP APIs, we need an API Gateway in the middle to proxy the mTLS connection. Alternatively we can use Custom Client instead of workflows and handle the mTLS piece in custom code (hosted)

Pre-requisites to implement the above architecture

• Customer to buy ADP Workforce Now APIs
• Buy the minimum 50 workflows pack (solution needs between 6-8 workflows)
• Any API Gateway which supports mTLS eg AWS API Gateway - How to connect to REST API using mTLS 

Contact IaaS Sales for the API Gateway licensing. There may be free tiers available based on your usage. As an example, the customer can procure an API Gateway license for free depending on the number of requests eg with Amazon API Gateway

• The free tier is 1 mil calls per month, up to 12 months
• If you exceed 1 mil calls per month, you are bumped up to 300 mil calls/month and the cost is $1/million
• In order to take advantage of free tier - you need to create a new AWS ID

Helpful Resources

• Options to integrate HR systems with Okta along with pros and cons and rough LOE
• ADP API Dictionary

Wrapping Up and Next Steps

The above approach can be leveraged for any HR system which needs a mTLS connection.

Do you need help with implementing the architecture described in this blog or similar use cases with Okta XaaS? Click here to contact Okta Professional Services.