ml-connector
Microsoft Dynamics 365 F&OADP

Microsoft Dynamics 365 F&O and ADP integration

Microsoft Dynamics 365 F&O runs financials, procurement, and supply chain. ADP runs payroll and HR. Connecting the two keeps the general ledger and the workforce in agreement. After each ADP pay run, the labor cost journals ADP produces post into the D365 general ledger without re-keying, and ADP hires and terminations stay reflected in D365 reference data. ml-connector bridges the very different authentication and API styles on each side and moves the records on a schedule tied to your payroll calendar.

How Microsoft Dynamics 365 F&O works

Microsoft Dynamics 365 F&O exposes its data through the OData v4 REST service at a tenant-specific operations.dynamics.com host, so there is no shared base URL. Connectors authenticate with OAuth2 client credentials issued by Microsoft Entra ID against a per-environment scope, and the bearer token expires roughly hourly. Key finance entities include VendorsV2, MainAccounts, GeneralJournalAccountEntries, the general journal write entities, and DimensionAttributeValues for financial dimensions. D365 can push outbound Business Events over HTTPS, but those payloads are lightweight stubs that carry a ControlNumber and require a follow-up OData read, so most finance reads use OData polling.

How ADP works

ADP exposes workers, payroll pay-data input, pay distributions, cost center validation tables, and general ledger documents through ADP API Central, a paid REST add-on that also accepts OData query parameters. Every call to api.adp.com requires OAuth2 client credentials and a mutual TLS client certificate, and the TLS handshake fails without the certificate. Writes to ADP go through event endpoints under /events rather than direct field updates, and the GL documents ADP generates after each payroll run are read-only. ADP can also push worker and payroll event notifications to a registered endpoint.

What moves between them

The main flow runs from ADP into Microsoft Dynamics 365 F&O. After each payroll run, ml-connector reads ADP general ledger documents and posts the labor cost journals into the D365 general ledger through the journal entities, mapped to the matching main accounts and financial dimensions. Worker records flow the same direction so D365 reference data reflects ADP hires, terminations, and rehires. Reference data such as cost centers, departments, and job codes is aligned so every payroll allocation lands on a valid D365 dimension. GL documents are read-only in ADP, so ml-connector never writes financial entries back into payroll.

How ml-connector handles it

ml-connector stores both credential sets encrypted, presents the ADP client certificate at the TLS layer on every request, and refreshes the ADP bearer token when a call returns 401. On the D365 side it requests an Entra ID client-credentials token scoped to each tenant operations.dynamics.com host, which it accepts as a credential field since there is no shared URL. ADP cost centers from the validation tables are mapped to D365 financial dimensions first, and each dimension is written as the formatted display string D365 expects, so every payroll journal line references a main account and dimension that already exist. Because ADP GL documents are output artifacts, ml-connector polls them on a schedule tied to your payroll calendar and can also receive ADP event notifications where enabled. ADP rate limits return HTTP 429 per gateway node and D365 returns 429 with a Retry-After header, so ml-connector backs off and retries, and it tracks the ADP certificate expiry so a renewal does not become an outage. Posted journals carry a unique journal number so a replay does not double-post, and every record carries a full audit trail.

A real-world example

A mid-sized manufacturer with about 600 employees runs Microsoft Dynamics 365 F&O for finance, procurement, and supply chain across three legal entities, and uses ADP Workforce Now for payroll. Before the integration, the finance team exported payroll registers from ADP each pay period and re-keyed the labor totals into D365 by hand, then spent the first days of month-end close chasing differences between headcount and the labor accounts in the ledger. With the two systems connected, each pay run's ADP GL document posts into D365 automatically, allocated to the financial dimension for each plant and legal entity, and worker changes keep the reference data aligned. Close starts with the labor accounts already reconciled and the manual re-keying step is gone.

What you can do

  • Post ADP payroll GL documents into the Microsoft Dynamics 365 F&O general ledger after every pay run, allocated to the correct main accounts and financial dimensions.
  • Keep D365 worker and vendor reference data aligned with ADP hires, terminations, and rehires.
  • Map ADP cost centers, departments, and job codes from the validation tables to D365 financial dimensions so payroll lands on valid accounts.
  • Authenticate ADP with OAuth2 and its required mutual TLS certificate, and D365 with Entra ID client credentials against each tenant operations.dynamics.com host.
  • Poll on a schedule tied to your payroll calendar, with retries on HTTP 429 and a full audit trail on every record.

Questions

Which direction does data move between Microsoft Dynamics 365 F&O and ADP?
The main flow is ADP into D365. Payroll GL documents and worker records move from ADP into Microsoft Dynamics 365 F&O, while cost centers and departments are aligned so allocations stay valid. ADP general ledger documents are read-only, so ml-connector does not write financial entries back into payroll.
Does ADP's mutual TLS certificate requirement need special setup?
Yes. ADP requires a client certificate at the TLS layer on every call to api.adp.com in addition to OAuth2 credentials, and the handshake fails without it. ml-connector stores the certificate encrypted, presents it on each request, and tracks its expiry so a renewal is handled before it can cause an outage.
How does the integration handle the D365 tenant-specific host and Business Events?
ml-connector accepts each environment's operations.dynamics.com host as a credential field, since D365 publishes no shared base URL, and requests an Entra ID client-credentials token scoped to that host. D365 Business Events are lightweight stubs that only carry identifiers, so the connector reads payroll GL data on a schedule and uses OData to fetch full records when needed.

Related integrations

More Microsoft Dynamics 365 F&O integrations

Microsoft Dynamics 365 F&O and Adobe CommerceMicrosoft Dynamics 365 F&O and AdyenMicrosoft Dynamics 365 F&O and AirbaseMicrosoft Dynamics 365 F&O and Amazon Seller CentralMicrosoft Dynamics 365 F&O and AnaplanMicrosoft Dynamics 365 F&O and SAP AribaMicrosoft Dynamics 365 F&O and AsanaMicrosoft Dynamics 365 F&O and AvalaraMicrosoft Dynamics 365 F&O and AvidXchangeMicrosoft Dynamics 365 F&O and BambooHRMicrosoft Dynamics 365 F&O and BaswareMicrosoft Dynamics 365 F&O and BigCommerce

Other systems that connect to ADP

Acumatica and ADPDATEV and ADPDeltek and ADPMicrosoft Dynamics 365 Business Central and ADPMicrosoft Dynamics GP and ADPMicrosoft Dynamics NAV and ADPEpicor Kinetic and ADPExact Online and ADPFreshBooks and ADPIFS Cloud and ADPInfor CloudSuite and ADPSage Intacct and ADP

Connect Microsoft Dynamics 365 F&O and ADP

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started