• Commodity
  • vii minutes to read

In this tutorial, you lot'll learn how to integrate ADP with Azure Agile Directory (Azure AD). When you integrate ADP with Azure Advertizement, you tin:

  • Control in Azure Advertising who has admission to ADP.
  • Enable your users to be automatically signed-in to ADP with their Azure Advertizing accounts.
  • Manage your accounts in one central location - the Azure portal.

Prerequisites

To get started, you need the post-obit items:

  • An Azure AD subscription. If you lot don't have a subscription, you can get a costless business relationship.
  • ADP single sign-on (SSO) enabled subscription.

Note

This integration is besides available to use from Azure AD U.s.a. Government Cloud surround. Yous tin find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.

Scenario description

In this tutorial, you configure and examination Azure AD SSO in a test environment.

  • ADP supports IDP initiated SSO.

Note

Identifier of this application is a fixed cord value so only one example can be configured in i tenant.

To configure the integration of ADP into Azure Advertizement, you need to add ADP from the gallery to your listing of managed SaaS apps.

  1. Sign in to the Azure portal using either a work or schoolhouse account, or a personal Microsoft business relationship.
  2. On the left navigation pane, select the Azure Agile Directory service.
  3. Navigate to Enterprise Applications and and so select All Applications.
  4. To add new application, select New application.
  5. In the Add together from the gallery section, blazon ADP in the search box.
  6. Select ADP from results panel and then add the app. Await a few seconds while the app is added to your tenant.

Configure and test Azure AD SSO with ADP using a examination user called B.Simon. For SSO to work, yous need to plant a link relationship betwixt an Azure Advertizing user and the related user in ADP.

To configure and test Azure Advertisement SSO with ADP, perform the post-obit steps:

  1. Configure Azure Advertisement SSO - to enable your users to use this feature.
    1. Create an Azure Advert exam user - to exam Azure AD single sign-on with B.Simon.
    2. Assign the Azure Ad test user - to enable B.Simon to employ Azure Advertisement single sign-on.
  2. Configure ADP SSO - to configure the Single Sign-On settings on application side.
    1. Create ADP test user - to have a counterpart of B.Simon in ADP that is linked to the Azure Advertizement representation of user.
  3. Test SSO - to verify whether the configuration works.

Follow these steps to enable Azure Ad SSO in the Azure portal.

  1. In the Azure portal, on the ADP application integration folio, click on Properties tab and perform the following steps:

    Single sign-on properties

    a. Set the Enabled for users to sign-in field value to Yes.

    b. Copy the User access URL and yous have to paste it in Configure Sign-on URL section, which is explained later in the tutorial.

    c. Set the User assignment required field value to Yep.

    d. Set the Visible to users field value to No.

  2. In the Azure portal, on the ADP application integration page, notice the Manage section and select Single sign-on.

  3. On the Select a Single sign-on method folio, select SAML.

  4. On the Set Single Sign-On with SAML folio, click the pencil icon for Basic SAML Configuration to edit the settings.

    Edit Basic SAML Configuration

  5. On the Basic SAML Configuration section, perform the following steps:

    In the Identifier (Entity ID) text box, type the URL: https://fed.adp.com

  6. On the Gear up Single Sign-On with SAML page, in the SAML Signing Certificate section, notice Federation Metadata XML and select Download to download the certificate and salvage it on your computer.

    The Certificate download link

  7. On the Gear up up ADP section, copy the appropriate URL(s) based on your requirement.

    Copy configuration URLs

Create an Azure AD test user

In this section, you'll create a test user in the Azure portal called B.Simon.

  1. From the left pane in the Azure portal, select Azure Active Directory, select Users, and and so select All users.
  2. Select New user at the top of the screen.
  3. In the User backdrop, follow these steps:
    1. In the Name field, enter B.Simon.
    2. In the User proper name field, enter the username@companydomain.extension. For example, B.Simon@contoso.com.
    3. Select the Testify password cheque box, and so write downwardly the value that'due south displayed in the Countersign box.
    4. Click Create.

Assign the Azure Advertizing test user

In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ADP.

  1. In the Azure portal, select Enterprise Applications, and then select All applications.
  2. In the applications list, select ADP.
  3. In the app'due south overview folio, find the Manage section and select Users and groups.
  4. Select Add user, then select Users and groups in the Add Assignment dialog.
  5. In the Users and groups dialog, select B.Simon from the Users list, and then click the Select button at the lesser of the screen.
  6. If you are expecting a part to be assigned to the users, yous can select it from the Select a role dropdown. If no role has been prepare for this app, you encounter "Default Access" part selected.
  7. In the Add Assignment dialog, click the Assign button.

Configure ADP SSO

To configure single sign-on on ADP side, you lot need to upload the downloaded Metadata XML on the ADP website.

Note

This procedure may have a few days.

Configure your ADP service(s) for federated access

Important

Your employees who require federated access to your ADP services must be assigned to the ADP service app and subsequently, users must be reassigned to the specific ADP service. Upon receipt of confirmation from your ADP representative, configure your ADP service(southward) and assign/manage users to control user admission to the specific ADP service.

  1. Sign in to the Azure portal using either a work or schoolhouse business relationship, or a personal Microsoft account.

  2. On the left navigation pane, select the Azure Active Directory service.

  3. Navigate to Enterprise Applications and then select All Applications.

  4. To add together new awarding, select New application.

  5. In the Add together from the gallery section, blazon ADP in the search box.

  6. Select ADP from results panel and so add the app. Expect a few seconds while the app is added to your tenant.

  7. In the Azure portal, on your ADP awarding integration folio, click on Properties tab and perform the following steps:

    Single sign-on linked properties tab

    1. Set up the Enabled for users to sign-in field value to Yes.

    2. Set the User assignment required field value to Yep.

    3. Fix the Visible to users field value to Yes.

  8. In the Azure portal, on the ADP awarding integration folio, find the Manage section and select Unmarried sign-on.

  9. On the Select a Single sign-on method dialog, select Mode equally Linked. to link your application to ADP.

    Single sign-on linked

  10. Navigate to the Configure Sign-on URL department, perform the following steps:

    Configure Single sign-on

    1. Paste the User access URL, which yous have copied from to a higher place backdrop tab (from the master ADP app).

    2. Following are the 5 apps that support different Relay State URLs. You have to suspend the appropriate Relay State URL value for particular application manually to the User access URL.

      • ADP Workforce Now

        <User admission URL>&relaystate=https://fed.adp.com/saml/fedlanding.html?WFN

      • ADP Workforce Now Enhanced Time

        <User access URL>&relaystate=https://fed.adp.com/saml/fedlanding.html?EETDC2

      • ADP Vantage HCM

        <User access URL>&relaystate=https://fed.adp.com/saml/fedlanding.html?ADPVANTAGE

      • ADP Enterprise Hr

        <User access URL>&relaystate=https://fed.adp.com/saml/fedlanding.html?PORTAL

      • MyADP

        <User access URL>&relaystate=https://fed.adp.com/saml/fedlanding.html?REDBOX

  11. Save your changes.

  12. Upon receipt of confirmation from your ADP representative, begin test with one or ii users.

    1. Assign few users to the ADP service App to exam federated access.

    2. Examination is successful when users access the ADP service app on the gallery and tin can access their ADP service.

  13. On confirmation of a successful test, assign the federated ADP service to individual users or user groups, which is explained afterwards in the tutorial and roll it out to your employees.

Create ADP test user

The objective of this department is to create a user called B.Simon in ADP. Work with ADP support squad to add the users in the ADP business relationship.

Test SSO

In this section, you test your Azure Advertizing unmarried sign-on configuration with post-obit options.

  • Click on Test this application in Azure portal and you should be automatically signed in to the ADP for which you lot ready the SSO.

  • You lot can use Microsoft My Apps. When y'all click the ADP tile in the My Apps, yous should be automatically signed in to the ADP for which y'all set the SSO. For more information about the My Apps, see Introduction to the My Apps.

Next steps

Once you configure ADP you tin can enforce session control, which protects exfiltration and infiltration of your organization's sensitive data in real fourth dimension. Session control extends from Provisional Access. Learn how to enforce session control with Microsoft Defender for Cloud Apps.