ml-connector
Sage 100UKG

Sage 100 and UKG integration

Sage 100 manages your accounting and procurement on premises. UKG handles your payroll and HR in the cloud. Connecting them keeps your general ledger and employee records in sync. When UKG runs payroll, the labor cost journals post directly into Sage 100's GL without manual re-entry, allocated to the cost centers where the work happened. Employee changes in UKG automatically sync to Sage 100 so your payroll headcount always matches your GL control accounts. ml-connector handles the bridge between Sage 100's on-premises SOAP layer and UKG's cloud REST APIs, managing both the authentication schemes and the GL mapping that makes the data land in the right accounts.

How Sage 100 works

Sage 100 is an on-premises ERP that exposes GL accounts, journal entries, vendors, invoices, purchase orders, and items through SOAP eBusiness Web Services (at a customer-hosted endpoint) or through a local Windows agent wrapping the BOI COM layer. SOAP covers customers and sales orders only; full access to AP, GL, PO, and vendors requires the local agent. Authentication uses username and password passed per SOAP call with no token refresh or OAuth. There are no webhooks or push events, so data is read by polling the DateLastUpdated and DateCreated fields. The platform requires a company code (three-character identifier) on every call, and GL accounts use a multi-segment format that varies per customer. Concurrent writes are subject to COM record-locking, so high-frequency operations need backoff and retry logic.

How UKG works

UKG is a cloud-based HR and payroll platform that exposes employees, compensation details, pay statements, cost centers, and GL payroll journal export through REST APIs at tenant-specific hostnames, with optional SOAP legacy endpoints. Authentication uses either HTTP Basic Auth plus two custom API key headers (US-CUSTOMER-API-KEY and US-USER-API-KEY) or OAuth 2.0 client credentials with tokens expiring in one hour. The platform supports webhooks via the UKG Webhooks platform with HMAC SHA-256 signatures and 14-day event retention, or polling via a delta endpoint for employee changes. GL journals are exported in a structured format with GL account segments and debit/credit amounts. UKG does not expose AP, ERP, or general ledger accounts directly; integration happens through the third-party pay interface and GL export templates.

What moves between them

The main flow runs from UKG into Sage 100. After each payroll period, ml-connector reads the UKG GL payroll journal export and posts the labor cost entries into Sage 100's GL, mapped to the matching GL accounts and cost centers. Employee records flow the same direction so Sage 100 headcount reflects UKG hires, terminations, and rehires. Cost centers and pay groups are aligned from UKG into Sage 100 GL dimensions before journal posting so every line item references an existing GL account. The sync runs on a schedule tied to your payroll calendar, typically daily or after each payroll run, rather than in real time. Sage 100 general ledger entries are read-only from the UKG side, so ml-connector never writes financial data back into Sage 100 outside the GL journal post itself.

How ml-connector handles it

ml-connector stores both credential sets encrypted. On the Sage 100 side, it connects to the customer's on-premises SOAP endpoint or local Windows agent using the provided username and password, and includes the required company code on every API call. It polls Sage 100 for GL account structures and existing journal entries using the DateLastUpdated field to detect changes. On the UKG side, it manages OAuth 2.0 client credential authentication with automatic token refresh before the one-hour expiry, and reads GL journal exports and employee data from the REST API. It uses UKG webhooks for near-real-time notifications when available, falling back to polling the delta endpoint for employee changes if webhooks are not enabled. Cost centers from UKG are mapped to Sage 100 GL segments before posting, so every payroll journal line references a valid multi-segment GL account. Because Sage 100 uses stateless per-call authentication and COM record-locking, ml-connector applies exponential backoff on write retries and tracks the company code and endpoint hostname per customer. Every record carries a full audit trail, so failed GL posts can be replayed once the downstream issue is resolved.

A real-world example

A mid-sized services firm runs Sage 100 on premises for accounting and procurement, and uses UKG Workforce Now for payroll across three regional offices. Before the integration, the finance team ran payroll in UKG and exported a report of gross wages by department every two weeks, then manually journalized those amounts into Sage 100, splitting labor costs across the correct GL accounts and cost centers for each office. Reconciling gross wages between the two systems at month-end took days of manual comparison, and headcount changes in UKG were not reflected in Sage 100 until the finance team manually updated the employee list. With Sage 100 and UKG connected, each payroll GL export flows directly into Sage 100 automatically, allocated to the cost centers for each office, and UKG employee changes sync immediately to Sage 100. The finance team no longer re-keys payroll, month-end close starts with labor accounts already reconciled, and Sage 100 headcount stays current.

What you can do

  • Post UKG payroll GL journals into Sage 100's general ledger after each pay run, allocated to the correct GL accounts and cost centers.
  • Keep Sage 100 employee records aligned with UKG hires, terminations, and rehires.
  • Map UKG cost centers and pay groups to Sage 100 multi-segment GL dimensions before posting so journal lines land on valid accounts.
  • Authenticate Sage 100 via local agent or SOAP endpoint with username and password, and UKG with OAuth 2.0 client credentials and automatic token refresh.
  • Sync on a schedule tied to your payroll calendar, with exponential backoff on writes, full audit trail, and replay capability for failed posts.

Questions

How does ml-connector handle Sage 100's on-premises architecture?
Sage 100 has no cloud API, so ml-connector connects either to the customer's SOAP endpoint or to a local Windows agent running on the customer's server. The agent wraps the BOI COM layer and exposes the full ERP data model. ml-connector stores the endpoint hostname or agent address encrypted and includes the required company code on every call.
Does the integration need to handle both UKG's Basic Auth and OAuth schemes?
ml-connector uses OAuth 2.0 client credentials to reduce credential surface area and get automatic token refresh. OAuth tokens expire in one hour, so ml-connector checks the expiry on every request and refreshes if needed before making the call. This avoids the complexity of managing two separate auth mechanisms in production.
What happens when UKG webhooks are not enabled?
UKG webhooks are optional. If webhooks are not configured, ml-connector falls back to polling the UKG delta endpoint for employee changes on a regular schedule. This ensures employee sync continues even without webhooks, with the tradeoff of slightly higher latency between a change in UKG and its appearance in Sage 100.

Related integrations

More Sage 100 integrations

Sage 100 and Adobe CommerceSage 100 and ADPSage 100 and AdyenSage 100 and AirbaseSage 100 and Amazon Seller CentralSage 100 and AnaplanSage 100 and SAP AribaSage 100 and AsanaSage 100 and AvalaraSage 100 and AvidXchangeSage 100 and BambooHRSage 100 and Basware

Other systems that connect to UKG

Acumatica and UKGDATEV and UKGDeltek and UKGMicrosoft Dynamics 365 Business Central and UKGMicrosoft Dynamics 365 F&O and UKGMicrosoft Dynamics GP and UKGMicrosoft Dynamics NAV and UKGEpicor Kinetic and UKGExact Online and UKGFreshBooks and UKGIFS Cloud and UKGInfor CloudSuite and UKG

Connect Sage 100 and UKG

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started