UKG PRO
UKG PRO is a comprehensive HRMS that allows the organizations to efficiently manage the personnel data, handle robust payroll tasks, boost scheduling efficiency, and attract, nurture, and grow talent.
Supervisor configuration parameters
To configure the connector, following parameters are required.
-
Connector name
-
Login Username
-
Login Password
-
User API Key for web services
-
Customer API Key for web services
-
Target URL (https://{service_name}.ultipro.com)
-
Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details)
NOTE:
Retrieving credentials to generate token:
- Login to Pro portal
- Access Web Services under System Configuration > Security
- Note the “User API Key”, “Customer API Key” and base URL of the web services listed
Supported objects and operations
Employees
Table 432: Supported operations for Employee
Get Employee by Id |
GET |
List Employees |
GET |
EmpJobs
Table 433: Supported operations for EmpJobs
Get EmpJob by Id |
GET |
List EmpJobs |
GET |
EmpEmployments
Table 434: Supported operations for EmpEmployments
Get EmpEmployment by Id |
GET |
List Employments |
GET |
Attributes Mappings
Different mappings associated with this connector are listed in the tables below.
Table 435: Employee mapping
id |
Person/EmployeeIdentifier/EmployeeNumber/text(), Person/EmployeeIdentifier/CompanyCode/text() |
userName |
Person/EmployeeIdentifier/EmployeeNumber/text() |
name.familyName |
Person/LastName/Text() |
name.givenName |
Person/FirstName/Text() |
name.middleName |
Person/MiddleName/Text() |
name.honorificPrefix |
Person/Prefix/Text() |
name.honorificSuffix |
Person/Suffix/Text() |
name.preferredFirstName |
Person/PreferredFirstName/Text() |
name.formerLastName |
Person/FormerLastName/Text() |
emails.email |
Person/EmailAddress/Text() |
emails.alternateEmail |
Person/AlternateEmailAddress/Text() |
companyCode |
Person/EmployeeIdentifier/CompanyCode/text() |
ssn |
Person/SSN/Text() |
supressSsn |
Person/SuppressSSN/Text() |
Table 436: EmpJob mappings
id |
Job/EmployeeIdentifier/EmployeeNumber/text(),Job/EmployeeIdentifier/CompanyCode/text() |
agricultural |
Job/Agricultural/text() |
alternateTitle |
Job/AlternateTitle/text() |
dateInJob |
Job/DateInJob/text() |
directLabor |
Job/DirectLabor/text() |
effectiveDate |
Job/EffectiveDate/text() |
companyCode |
Job/EmployeeIdentifier/CompanyCode/text() |
employeeNumber |
Job/EmployeeIdentifier/EmployeeNumber/text() |
employeeType |
Job/EmployeeType/text() |
fullOrPartTime |
Job/FullOrPartTime/text() |
hourlyOrSalaried |
Job/HourlyOrSalaried/text() |
jobCode |
Job/JobCode/text() |
jobGroup |
Job/JobGroup/text() |
localUnion |
Job/LocalUnion/text() |
nationalUnion |
Job/NationalUnion/text() |
orgLevel1 |
Job/OrgLevel1/text() |
orgLevel2 |
Job/OrgLevel2/text() |
orgLevel3 |
Job/OrgLevel3/text() |
orgLevel4 |
Job/OrgLevel4/text() |
payFrequency |
Job/PayFrequency/text() |
payGroup |
Job/PayGroup/text() |
payScaleCode |
Job/PayScaleCode/text() |
project |
Job/Project/text() |
promotion |
Job/Promotion/text() |
reasonCode |
Job/ReasonCode/text() |
scheduledHours |
Job/ScheduledHours/text() |
seasonal |
Job/Seasonal/text() |
shiftCode |
Job/ShiftCode/text() |
shiftGroup |
Job/ShiftGroup/text() |
stepNo |
Job/StepNo/text() |
supervisorCompanyCode |
Job/Supervisor/CompanyCode/text() |
supervisorEmployeeNumber |
Job/Supervisor/EmployeeNumber/text() |
timeClock |
Job/TimeClock/text() |
transfer |
Job/Transfer/text() |
youthTraining |
Job/YouthTraining/text() |
Table 437: EmpEmployment mappings
id |
EmploymentInformation/EmployeeIdentifier/EmployeeNumber/text(),EmploymentInformation/EmployeeIdentifier/CompanyCode/text() |
arrearsSuspendedFrom |
EmploymentInformation/ArrearsSuspendedFrom/text() |
arrearsSuspendedTo |
EmploymentInformation/ArrearsSuspendedTo/text() |
beneSeniority |
EmploymentInformation/BeneSeniority/text() |
deceased |
EmploymentInformation/Deceased/text() |
deceasedDate |
EmploymentInformation/DeceasedDate/text() |
earlyRetirement |
EmploymentInformation/EarlyRetirement/text() |
companyCode |
EmploymentInformation/EmployeeIdentifier/CompanyCode/text() |
employeeNumber |
EmploymentInformation/EmployeeIdentifier/EmployeeNumber/text() |
employmentStatus |
EmploymentInformation/EmploymentStatus/text() |
fmlaCode |
EmploymentInformation/FMLA_Code/text() |
hcsoEndDate |
EmploymentInformation/HCSOEndDate/text() |
hcsoNotCovered |
EmploymentInformation/HCSONotCovered/text() |
hcsoStartDate |
EmploymentInformation/HCSOStartDate/text() |
job |
EmploymentInformation/Job/text() |
jobStart |
EmploymentInformation/JobStart/text() |
lastHire |
EmploymentInformation/LastHire/text() |
lastPerfReview |
EmploymentInformation/LastPerfReview/text() |
lastSalaryReview |
EmploymentInformation/LastSalaryReview/text() |
leaveReason |
EmploymentInformation/LeaveReason/text() |
nextPerfReview |
EmploymentInformation/NextPerfReview/text() |
nextSalaryReview |
EmploymentInformation/NextSalaryReview/text() |
originalHire |
EmploymentInformation/OriginalHire/text() |
ptoSuspendedFrom |
EmploymentInformation/PTOSuspendedFrom/text() |
ptoSuspendedTo |
EmploymentInformation/PTOSuspendedTo/text() |
payAutomatically |
EmploymentInformation/PayAutomatically/text() |
paySuspendedFrom |
EmploymentInformation/PaySuspendedFrom/text() |
paySuspendedTo |
EmploymentInformation/PaySuspendedTo/text() |
roeIssueReason |
EmploymentInformation/ROEIssueReason/text() |
regularRetirement |
EmploymentInformation/RegularRetirement/text() |
seniority |
EmploymentInformation/Seniority/text() |
statusAnticipatedEnd |
EmploymentInformation/StatusAnticipatedEnd/text() |
statusStartDate |
EmploymentInformation/StatusStartDate/text() |
weeks |
EmploymentInformation/Weeks/text() |
Connector SCIM configurations
While UKG Pro system does not support disabling attributes feature, the Starling Connector for UKG Pro does supports disabling attributes by removing the SCIM mapping in the object GET response.
Connector limitations
-
Target APIs do not support created date and last modified date for employees.
-
The target API does not exactly validate the Id, the results are returned even when some additional characters are added to the end of a valid resource Id.
Atlassian Cloud
Atlassian cloud lets you automate user provisioning from your identity provider to Atlassian Cloud thus ensuring a smooth provisioning/de-provisioning users and groups from an identity provider to Confluence and Jira Cloud. With this, you can write your own integration with an external identity provider using the SCIM 2.0 protocol to manage your Atlassian Cloud users and groups.
Supervisor configuration parameters
To configure the connector, the following parameters are required:
Custom Objects Implementation in connector
NOTE: All schema attributes are considered to be not case-exact and not unique. Mutability and required attributes are set on the basis of target.
NOTE:
-
One Identity is not technically aware about the custom object through the instance since all the information/credentials related to the custom object types are known only to the customer.
-
There is no check put for the required attributes in connector for create and update custom type object. The user can check the schemas and provide the required+editable attribute in a request after getting an error from target.
Supported objects and operations
Users
Table 438: Supported operations for Users
Create User |
POST |
Update User |
PUT |
Get User by id |
GET |
List User |
GET |
Delete User |
DELETE |
Groups
Table 439: Supported operations for Groups
Create Group |
POST |
Update Group |
PUT |
Get Group by Id |
GET |
List Groups |
GET |
Delete Group |
DELETE |
Custom Objects
Table 440: Supported operations for Custom Objects
Get Custom Object by Id |
GET |
LIST Custom Objects |
GET |
Create Custom Objects |
POST |
Update Custom Objects |
PUT |
Mandatory fields
Users
-
userName
-
emails[].value
-
emails[].primary = true
Groups
User mapping
The user and group mappings are listed in the tables below.
Table 441: User mapping
id |
id |
userName |
userName |
name.formatted |
name.formatted |
name.givenName |
name.givenName |
name.familyName |
name.familyName |
name.middleName |
name.middleName |
name.honorificSuffix |
name.honorificSuffix |
name.honorificPrefix |
name.honorificPrefix |
emails[].value |
emails[].value |
emails[].type |
emails[].type |
emails[].primary |
emails[].primary |
phoneNumbers[].value |
phoneNumbers[].value |
phoneNumbers[].type |
phoneNumbers[].type |
phoneNumbers[].primary |
phoneNumbers[].primary |
active |
active |
externalId |
externalId |
timezone |
timezone |
title |
title |
preferredLanguage |
preferredLanguage |
nickname |
nickName |
displayName |
displayName |
enterpriseExtension.organization |
enterpriseExtension.organization |
enterpriseExtension.department |
enterpriseExtension.department |
atlassianExtension.atlassianAccountId |
enterpriseExtension.atlassianAccountId |
meta.created |
meta.created |
meta.lastModified |
meta.lastModified |
Groups
Table 442: Group mapping
id |
id |
displayName |
displayName |
externalId |
externalId |
members[].value |
members[].value |
members[].type |
members[].type |
members[].display |
members[].display |
meta.created |
meta.created |
meta.lastModified |
meta.lastModified |
Custom Objects
Table 443: Custom Object type mapping
id |
id |
meta.lastModified |
Updated |
meta.created |
Created |
All other attributes will have same names on both sides.
Connector limitations
Appendix: Creating a service account in Google Workspace
Creating a service account in Google Workspace
You must obtain a JSON file with Private Key to authorize the APIs to access data on Google Workspace domain. Create and enable the service account to obtain the private key (JSON file).
To create a project and enable the API
-
Login to Google Cloud Platform.
-
Click on the drop-down list next to the Google Cloud Platform label and select an organization.
The Select a Project window is displayed.
- Click New Project.
The New Project page is displayed.
-
Enter the specific details in the relevant text field.
- Click Create.
-
Click on the drop-down list next to the Google Cloud Platform label and select the project you created.
-
Click APIs & Services tab.
- Click Library tab.
-
Search for the phrase Admin SDK in the search bar and select Admin SDK from the results.
The API Library page is displayed.
- Click Enable to enable the API.
To create a service account
-
Click APIs & Services tab.
- Click Credentials.
-
On the Credentials tab, click Manage Service Accounts available at the bottom right corner.
The Service Accounts window is displayed.
-
Click + CREATE SERVICE ACCOUNT.
Create service account window is displayed.
-
Enter the name of the service account in Service account name text field.
- Select Owner as the Role from the drop-down menu.
-
Select the service JSON as an account Key type.
IMPORTANT: A JSON file is required to generate an access token and it is downloaded automatically after selecting the above option.
- Click Create.
To select and authorize the API scopes
-
Login to the Google workspace admin console with your domain.
-
On the Admin console home page, click Security.
-
Click Advanced settings.
-
Click Managed API client access.
-
Enter the client name and the description in the Name and Description text field respectively.
-
Enter the email in the Email text field.
-
Add the preferred API scopes that you want to use.
For example, API scopes can be
-
https://www.googleapis.com/auth/admin.directory.user
-
https://www.googleapis.com/auth/admin.directory.group
-
https://www.googleapis.com/auth/admin.directory.group.member
-
https://www.googleapis.com/auth/admin.directory.domain
-
https://www.googleapis.com/auth/admin.directory.domain.readonly
-
https://www.googleapis.com/auth/admin.directory.rolemanagement
For more information on API scopes, see https://developers.google.com/identity/protocols/googlescopes
- After adding the API scoes, click Authorize.
The unique Id and the scopes added is displayed.
Appendix: Setting a trial account on Salesforce
Setting a trial account on Salesforce
To login to the Saleforce application, you must create a trial account. The sections below briefs about the process to create a trial account .
To setup a trial account
-
Login to the Salesforce developer edition link: https://developer.salesforce.com/signup?d=70130000000td6N.
- Provide the relevant details and click Sign me up.
A trial account is created and an instance is assigned.
- Switch the view to Saleforce classic view by clicking Switch to Salesforce Classic.
- Click the Setup tab.
- Click Build | Create | Apps.
- In the Connected Apps section, click New.
- In the Basic Information section, enter the relevant details.
- In the API (Enable OAuth Settings) section, select Enable OAuth Settings checkbox.
- Provide the url text https://app.getpostman.com/oauth2/callback in the Callback URL text field.
NOTE: This url must be used just to configure the trial account and not as a browsing link.
- From the Selected OAuth Scopes drop-down menu, select Access and manage your data(api).
- Click Save.
- From the API (Enabel OAuth Settings) section, retrieve the Consumer Key and Consumer Secret.
To generate a security token
A security token is sent to the registered email address. If not received, follow the below steps to generate a token.
-
On the home page, click My Settings.
- Click Personal | Reset My Security Token.
- Review the information displayed on the screen and click Reset Security Token.
- Provide the relevant information such as: