Microsoft Dynamics 365 Business Central and ADP integration

What moves between them

The main flow runs from ADP into Microsoft Dynamics 365 Business Central. After each payroll run, ml-connector reads the ADP general ledger documents and posts the labor cost journal lines into Business Central general ledger journals, mapped to the matching GL accounts and dimensions. Worker records flow the same direction so Business Central employees reflect ADP hires, terminations, and rehires. Reference data such as cost centers, departments, and job codes is aligned so payroll allocations land on dimensions that already exist in Business Central. ADP general ledger documents are read-only, so ml-connector never writes financial entries back into payroll.

How ml-connector handles it

ml-connector stores both credential sets encrypted and presents the ADP client certificate at the TLS layer on every request, refreshing the ADP bearer token when a call returns 401. On the Business Central side it holds a Microsoft Entra ID client credentials token for the tenant and targets the company id on the configured environment name, since the environment is part of the URL. Because the Business Central chart of accounts and general ledger entries are read-only over the API, each ADP labor line is written as a journal line that references an existing GL account and dimension, so cost centers and departments are mapped first. The connector polls ADP general ledger documents and worker data on a schedule tied to your payroll calendar, and can also receive ADP worker and payroll event notifications where they are enabled. For employee changes it reads ADP workers and updates Business Central employees, and it can renew the three-day Business Central subscriptions before they expire so the change feed never goes dark. ADP rate limits return HTTP 429 per gateway node, so the connector backs off and retries, and it tracks the ADP certificate expiry so a renewal does not turn into an outage. Every record carries a full audit trail and can be replayed if a downstream call fails.

A real-world example

A mid-sized engineering services firm of about four hundred staff runs Microsoft Dynamics 365 Business Central for finance and project accounting and uses ADP for payroll across three offices. Before the integration, the finance team exported the payroll register from ADP every pay period and re-entered the labor totals into Business Central by hand, then spent the first days of month-end close chasing differences between HR headcount and the labor accounts in the ledger. With the two systems connected, each payroll run's general ledger document flows into Business Central automatically, allocated to the dimension for each office, and worker changes keep the two systems aligned. Month-end close starts with the labor accounts already reconciled and the manual re-keying step is gone.

What you can do

• •Post ADP payroll general ledger documents into Business Central journals after every pay run, allocated to the correct GL accounts and dimensions.
• •Keep Business Central employee records aligned with ADP hires, terminations, and rehires.
• •Map ADP cost centers, departments, and job codes to Business Central dimensions so payroll lands on valid accounts.
• •Authenticate ADP with OAuth2 and the required mutual TLS certificate, and Business Central with a Microsoft Entra ID client credentials token.
• •Poll on a schedule tied to your payroll calendar, renew the three-day Business Central subscriptions, and keep a full audit trail on every record.

Questions

Which direction does data move between Microsoft Dynamics 365 Business Central and ADP?

The main flow is ADP into Business Central. Payroll general ledger documents and worker records move from ADP into Business Central, while cost centers and departments are aligned so postings reference valid dimensions. ADP general ledger documents are read-only, so ml-connector does not write financial entries back into payroll.

How does the integration post payroll if the Business Central chart of accounts is read-only over the API?

The Business Central GL accounts and general ledger entries cannot be written directly through the API. ml-connector instead writes each ADP labor line as a journal line that targets an existing GL account and dimension, which is the supported path for posting financial data. Cost centers and dimensions are mapped first so every line lands on an account that already exists.

Does ADP's mutual TLS certificate requirement need special setup?

Yes. ADP requires a client certificate at the TLS layer on every call in addition to OAuth2 credentials, and the connection fails without it. ml-connector stores the certificate encrypted, presents it on each request, and tracks its expiry so a renewal is handled before it can cause an outage.