ml-connector
Sage IntacctADP

Sage Intacct and ADP integration

Sage Intacct runs your general ledger and AP. ADP runs payroll and HR. Connecting the two keeps your labor costs and headcount synchronized with your financial records. After each payroll run, ADP's GL documents post automatically into Sage Intacct's general ledger mapped to the correct cost centers, and worker hires, terminations, and rehires update both systems so your headcount stays in agreement. ml-connector bridges the XML gateway on the Sage Intacct side and the OAuth plus mandatory mutual TLS on ADP, moving data on your payroll schedule.

How Sage Intacct works

Sage Intacct is a cloud-based ERP and accounting system that exposes vendors, AP bills, AP payments, GL accounts, and dimensions through a single XML gateway endpoint at https://api.intacct.com/ia/xml/xmlgw.phtml. Authentication is session-based: senderId, senderPassword, companyId, userId, and userPassword are exchanged for a sessionid that caches for 50 minutes and is automatically refreshed on the next call. The adapter serializes all requests through this single XML POST connection, parses response bodies for application-level errors in errormessage tags, and handles forbidden XML control characters by stripping C0 controls before escaping. Sage Intacct has no native webhooks, so all data flows are polling-driven or manually triggered. Retried operations use a uniqueid flag in the control block for server-side deduplication.

How ADP works

ADP is a payroll and HR platform that exposes workers, payroll processing, pay distributions, pay statements, general ledger documents, validation tables, work assignments, and worker payroll instructions via ADP API Central, a paid REST/JSON add-on. Authentication requires OAuth 2.0 client credentials and a mandatory mutual TLS client certificate that must be presented at the TLS handshake; without it the connection fails. Tokens come from https://accounts.adp.com/auth/oauth/v2/token and are obtained via client_id, client_secret, mTLS certificate, and private key. Most collection endpoints support OData query parameters with pagination limits of 100 records per request for Workforce Now and 2500 for Vantage HCM. All mutations go through dedicated event endpoints under /events/hr/v1/ and /events/payroll/, not direct PUT or PATCH. General ledger documents are output-only from payroll; ADP does not accept direct GL writes. Webhooks are supported for worker hires, terminations, rehires, legal-name and legal-address changes, marital-status changes, pay-data input, deduction-instruction changes, and tax-profile events; ADP retries failures 10 times at 1-minute intervals then 10 times at 6-hour intervals. Client certificates expire and must be re-issued before they become invalid, and rate limits are per-node in a 4-node cluster at 75-195 calls per minute depending on tier; HTTP 429 signals rate limit exceeded.

What moves between them

The primary flow moves from ADP into Sage Intacct. After each payroll run, ml-connector reads ADP's general ledger documents and workers, then posts payroll GL entries into Sage Intacct's general ledger, mapped to the matching GL accounts and cost centers. Worker records flow in the same direction so Sage Intacct headcount reflects ADP hires, terminations, and rehires. Cost centers, departments, and job codes are aligned in both directions. Sage Intacct GL postings are never written back to ADP because ADP's general ledger documents are read-only output from payroll processing. The sync cadence is tied to your payroll calendar and runs on a schedule you control.

How ml-connector handles it

ml-connector presents the ADP mTLS client certificate at the TLS layer on every call and refreshes the OAuth bearer token when a call returns a 401 response. On the Sage Intacct side, it caches the session ID for up to 50 minutes and automatically requests a fresh one when the session expires, serializing all operations through the single XML gateway endpoint. Payroll GL entries from ADP are mapped first to existing cost centers and GL accounts in Sage Intacct, ensuring every journal line references valid dimensions before posting. Because both systems have rate limits, ml-connector backs off on HTTP 429 from either system and retries with exponential backoff. The ADP mTLS certificate's expiry date is tracked so renewal can be planned before it causes an outage. Sage Intacct's lack of webhooks means polling runs on your payroll schedule rather than waiting for a push. Every record carries a full audit trail and can be replayed if a downstream call fails.

A real-world example

A mid-market professional services firm uses Sage Intacct for project accounting and labor cost tracking and ADP Workforce Now for payroll and HR across multiple offices. Before the integration, the accounting team manually exported labor cost reports from ADP each pay period and re-entered them into Sage Intacct's general ledger by hand, allocating costs to projects by office. Headcount reconciliation at month-end close was slow because hire and termination data had to be verified manually against two systems. With Sage Intacct and ADP connected, payroll GL entries flow into Sage Intacct automatically, allocated to the correct project cost center per office, and worker changes sync both directions, keeping the two systems aligned. Month-end close starts with labor accounts already reconciled, and the re-keying step is eliminated.

What you can do

  • Post ADP payroll general ledger documents into Sage Intacct's GL after each payroll run, allocated to the correct cost centers and projects.
  • Keep Sage Intacct headcount aligned with ADP worker hires, terminations, and rehires.
  • Map ADP cost centers and departments to Sage Intacct GL accounts and dimensions so payroll entries land on valid accounts.
  • Manage ADP OAuth tokens and present the required mutual TLS client certificate on every request, with automatic certificate expiry tracking.
  • Poll ADP and Sage Intacct on a payroll schedule, with retries and full audit trail on every record.

Questions

Which direction does data move between Sage Intacct and ADP?
The main flow is ADP into Sage Intacct. Payroll GL documents and worker records move from ADP into Sage Intacct, while cost centers and departments are aligned in both directions. ADP general ledger documents are read-only output from payroll processing, so ml-connector does not write financial entries back into ADP.
What makes ADP's mutual TLS requirement different from standard API authentication?
ADP requires a client certificate presented at the TLS handshake layer in addition to OAuth 2.0 credentials. The TLS handshake fails without the certificate, and the certificate must be kept current because it expires. ml-connector stores the certificate encrypted, presents it on every call, and monitors expiry to prevent outages when the certificate approaches renewal.
How does the integration handle Sage Intacct's single XML gateway and lack of webhooks?
ml-connector connects to Sage Intacct's single XML gateway endpoint at https://api.intacct.com/ia/xml/xmlgw.phtml, caches the session ID for 50 minutes, and automatically requests a fresh one when it expires. Because Sage Intacct has no webhooks, ml-connector polls for payroll GL and worker data on a schedule tied to your payroll calendar rather than waiting for a push.

Related integrations

More Sage Intacct integrations

Sage Intacct and Adobe CommerceSage Intacct and AdyenSage Intacct and AirbaseSage Intacct and Amazon Seller CentralSage Intacct and AnaplanSage Intacct and SAP AribaSage Intacct and AsanaSage Intacct and AvalaraSage Intacct and AvidXchangeSage Intacct and BambooHRSage Intacct and BaswareSage Intacct and BigCommerce

Other systems that connect to ADP

Acumatica and ADPDATEV and ADPDeltek and ADPMicrosoft Dynamics 365 Business Central and ADPMicrosoft Dynamics 365 F&O and ADPMicrosoft Dynamics GP and ADPMicrosoft Dynamics NAV and ADPEpicor Kinetic and ADPExact Online and ADPFreshBooks and ADPIFS Cloud and ADPInfor CloudSuite and ADP

Connect Sage Intacct and ADP

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started