ml-connector
IFS CloudADP

IFS Cloud and ADP integration

IFS Cloud handles manufacturing, supply chain, and finance across your enterprise. ADP runs payroll and workforce management. Connecting them keeps your ERP headcount aligned with actual payroll status and ensures labor cost journals from each payroll run post into IFS Cloud without manual re-entry. New hires, terminations, and rehires in ADP are mirrored in IFS Cloud, and the general ledger documents ADP generates after payroll automatically flow into your financial records.

How IFS Cloud works

IFS Cloud exposes suppliers, purchase orders, customers, sales orders, GL accounts, journals, payments, and accounting dimensions through an OData v4 REST API with a tenant-specific base URL and OAuth2 client credentials authentication. Token lifetime is approximately 60 minutes. IFS Cloud does not offer a standard webhook subscription API; Event Actions can be configured manually in the IFS admin UI but are not self-registerable through the API, making pull-based polling the recommended pattern. Page size is limited to 5000 elements per request, and rate limits are approximately 1000 requests per minute per tenant. Mutation operations require ETag headers for optimistic concurrency control.

How ADP works

ADP exposes workers, payroll processing, pay distributions, pay statements, general ledger documents, validation tables, work assignments, and cost centers through REST/JSON APIs. All connections require OAuth2 client credentials plus a mutual TLS client certificate and private key; the TLS handshake fails without the certificate. Tokens are obtained from ADP's dedicated token endpoint. ADP supports webhooks for worker hire, termination, rehire, name change, address change, marital status change, pay data input, deduction instruction change, and tax profile events, with retries at 1-minute then 6-hour intervals. General ledger documents are output-only and cannot be written back. Rate limits vary by node in ADP's cluster: 75-195 calls per minute depending on tier, returning HTTP 429 when exceeded. OData pagination limits are 100 records per request for Workforce Now. All mutations go through dedicated event endpoints, not direct PUT or PATCH.

What moves between them

Worker records and general ledger documents flow from ADP into IFS Cloud on a payroll-synchronized schedule, typically after each pay run completes. Worker hires, terminations, and rehires update IFS Cloud headcount and departmental structure to stay in agreement with payroll status. ADP general ledger documents are read after payroll processing and posted into IFS Cloud as journal entries allocated to the correct cost centers and GL accounts. Cost centers and departments are validated in both directions so payroll allocations reference valid IFS accounting dimensions. The integration is pull-based; it does not write financial entries back to ADP since ADP general ledger documents are read-only.

How ml-connector handles it

ml-connector stores both credential sets encrypted and presents the ADP client certificate at the TLS layer on every request, using OAuth2 client credentials to obtain and refresh bearer tokens from both systems. On the IFS Cloud side, it accepts the full tenant-specific base URL per customer and uses OData v4 query filters to retrieve only records modified since the last sync, staying under the 5000-element page size limit by paginating large result sets. Because neither IFS Cloud nor ADP expose a reliable inbound webhook pathway, ml-connector polls both systems on a schedule you define, tied to your payroll calendar. Before posting ADP payroll GL documents into IFS Cloud, it validates that the mapped cost centers and GL accounts already exist in IFS Cloud and captures the ETag header from IFS Cloud entities before mutation to satisfy the optimistic concurrency requirement. ADP rate limits of 75-195 calls per minute are handled with exponential backoff and jitter. Worker records are matched on employee ID and checked for existing records before creation to prevent duplicates. Every record carries a full audit trail and can be replayed if a downstream call fails.

A real-world example

A mid-sized manufacturing company runs IFS Cloud for production planning, procurement, and general ledger operations across three plants and a shared services center. The company uses ADP for payroll and workforce management across all locations. Before the integration, the accounting team manually exported payroll reports from ADP each pay period, calculated labor cost summaries by plant and cost center, and re-entered those totals into IFS Cloud as journal entries-a time-consuming process prone to entry errors. Reconciling payroll headcount in ADP against the labor accounts in IFS Cloud was a month-end bottleneck. With IFS Cloud and ADP connected, worker changes flow automatically to keep ERP headcount in sync, and each payroll run's GL document posts directly into IFS Cloud allocated to the correct cost center, eliminating re-entry and enabling finance teams to start month-end close with labor accounts already reconciled.

What you can do

  • Post ADP payroll general ledger documents into IFS Cloud as journal entries, allocated to the correct cost centers and GL accounts, after every pay run.
  • Keep IFS Cloud workforce headcount aligned with ADP hires, terminations, and rehires, so HR data matches payroll reality.
  • Validate cost centers and departments in both directions, ensuring payroll allocations reference only valid IFS Cloud accounting dimensions.
  • Authenticate ADP with OAuth2 and mutual TLS certificate, and IFS Cloud with OAuth2 against the tenant-specific URL, with automatic token refresh and certificate tracking.
  • Poll on a schedule tied to your payroll calendar, handling rate limits, ETag concurrency headers, and OData pagination, with a full audit trail on every record.

Questions

How does the integration handle ADP's mutual TLS certificate requirement?
ADP requires a client certificate at the TLS layer in addition to OAuth2 credentials on every request. ml-connector stores the certificate and private key encrypted, presents them on each connection, and tracks certificate expiry so renewal happens before it can cause an outage. The TLS handshake fails immediately without the certificate, so this requirement is enforced at the network layer and cannot be bypassed.
Why does ml-connector poll instead of relying on webhooks from IFS Cloud?
IFS Cloud does not offer a standard self-registerable webhook API for cloud connectors. Event Actions exist but require manual configuration in the IFS admin UI by a customer administrator and are not provisioned through the API. ADP does support webhooks for worker and payroll events, but IFS Cloud does not expose inbound hooks reliably, so polling on a schedule tied to your payroll calendar is more predictable and avoids missing records.
Which direction do payroll GL documents flow, and why can they not be written back?
ADP general ledger documents flow into IFS Cloud after payroll processing, posted as journal entries allocated to the correct cost centers. ADP general ledger documents are output-only and read-only; ml-connector cannot write financial entries back to ADP. This is by design in the ADP API, since payroll GL documents are generated deterministically by payroll processing and are not meant to be modified downstream.

Related integrations

More IFS Cloud integrations

IFS Cloud and Adobe CommerceIFS Cloud and AdyenIFS Cloud and AirbaseIFS Cloud and Amazon Seller CentralIFS Cloud and AnaplanIFS Cloud and SAP AribaIFS Cloud and AsanaIFS Cloud and AvalaraIFS Cloud and AvidXchangeIFS Cloud and BambooHRIFS Cloud and BaswareIFS Cloud and BigCommerce

Other systems that connect to ADP

Acumatica and ADPDATEV and ADPDeltek and ADPMicrosoft Dynamics 365 Business Central and ADPMicrosoft Dynamics 365 F&O and ADPMicrosoft Dynamics GP and ADPMicrosoft Dynamics NAV and ADPEpicor Kinetic and ADPExact Online and ADPFreshBooks and ADPInfor CloudSuite and ADPSage Intacct and ADP

Connect IFS Cloud and ADP

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started