INTEGRATIONS

WITH
Enterprise HRIS
AI-Powered Knowledge Cloud

Version 1.1

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 Revision History

Version Description Author Date

1.0 First Release,
initial release
1.1 Second release /w
Some corrections

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 1

Enterprise HRIS Integration

 HRIS Integrations with EdCast

 Employee Profile Modelling

 Setting up a Typical User Profile on LXP

 Employee Data Synchronization

 Groups, Users, Managers, Custom Attributes etc

 SSO Integration

 SAML, OAuth, OpenID Connect

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 2

What Is HRIS Integration?

At face value, the concept seems simple - you connect your HRIS (Human Resource
Information System) to other essential HR applications such as payroll.

In other words, you can get a unified platform from a single vendor that covers
everything from recruiting a profit administrator to analytics. You can also choose to
implement point solutions for each HR process and then integrate the system to
achieve a unified platform. Or you can do a combination of both. The latter two
approaches are the ones we will cover.

Before we go on, a quick word about integration vs. interfacing. If you want to
implement HRM integration, be aware of what exactly you are trying to achieve and
that means you will get used to getting there.

Integration API (application programming interface), refers to a seamless connection

of different systems through middleware. Because both systems are plugged into the
same database, data flows from one to the other so they are always in sync and
show real-time data. Any update to your payroll, for example, automatically appears
in your HRIS record.

Interfacing still allows two systems to share information, but is more limited because
each has its own database. An interface acts as a link from which you can transfer
information back and forth.

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 3

Employee Profile Modeling

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 4

Employee Profile Modelling

HRIS packages allow for an employee to have limited user access. Employee users
access a part of the database where they can update their personal information,
review pay scales, change retirement benefit programs, update direct deposit
information or download benefit election documents.

Mandatory Attributes

The LXP can work with the most minimal amount of employee information

only the following attributes are mandatory Email, First Name, Last Name

A consistent user account can be created using these mandatory attributes

Custom Attributes

LXP User Account can be enriched to pass some additional information from

the customer’s HR record such as: Employee ID, Business Unit, Functional Manager

Custom attributes can be populated using any of our integration modes

from the HR record of the Employee

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 5

Employee Data Synchronization

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 6

Employee Data Synchronization

Employee Central serves as the core HR system, and contains relevant information
to manage employees through their lifecycle within an organization. Employee
Profile serves as the platform for talent management activities and modules, and it
requires a mini-master of core employee data in order for the talent processes to
launch and run successfully.

HRIS – Modes of Employee Data Synchronization

For all HRIS Integrations EdCast synchronizes the user’s data from the

customer’s HR system into the LXP

○ It is a unidirectional Integration

There are four modes of Integration

○ Mode #1 - Pre-Built connectors – Workday, SuccessFactors etc.

○ Mode #2 - SFTP based integration

○ Mode #3 - Push Integration - Customer pushes data through EdCast APIs

○ Mode #4 - Pull Integration - EdCast pulls data from the HRIS APIs

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 7

Data Integration – Mode #1 – Pre-Built Connectors

 Workday

 SuccessFactors

Work Day Connector

Supports adding/updating users

● Supports adding/updating custom attributes

● Supports synchronizing user states

● Fetches all the user data on day one and then fetches the delta from second

day onwards

● WorkDay connector runs once in every 24 hours

WorkDay Connector - Things to note

 Doesn’t support fetching profile images

 Doesn’t support fetching and mapping the manager details

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 8

Workday Connector - Configuration Parameters

Name Description Sample Value

API Endpoint API Endpoint of Workday http://acme.sumtotal.host

API version used to fetch users data

API Version from workday 32.1
current 32.1

Username Username to access Workday API’s admin

Encoded Base64 Encoded password to access

Password workday API's asdasfdsadas===

Tenant Name of tenant given by workday acme_corp

Unique ID that represents the user

Global Unique ID (only if SSO is acme_id
enabled)

WorkDay Integration Process (Internal)

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED
 9

1. Customer IT administrator share the WorkDay configuration

parameters (From slide#7) with EdCast customer support team

2. EdCast support team will configure WorkDay job in https://hrms-

prod.edcast.io
○ Create HRMS Source with customer provided values

WorkDay HRMS Source (Internal)

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED
 10

SuccessFactors Connector

● Supports adding/updating users

● Supports adding/updating custom attributes

● Supports synchronizing user states

● Fetches all the user data on day one and then fetches the delta from second
day onwards
● SuccessFactors connector runs once in every 24 hours

SuccessFactors Connector - Things to note

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 11

● Doesn’t support fetching profile images

● Doesn’t support fetching and mapping the manager details

SuccessFactors Connector - Configuration Parameters

SuccessFactors Integration Process

(Internal)

1. Customer IT administrator share the SuccessFactors configuration

parameters(From slide#7) with EdCast customer support team

2. EdCast support team will configure SuccessFactors job in

https://hrms-prod.edcast.io
Create HRMS Source with customer provided values

SuccessFactors HRMS Source (Internal)

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED
 12

Name Description Sample Value

Name Name of the SuccessFactors Source SuccessFactors Acme SB

Configuration parameters for the

source_config SuccessFactors {
connector "host_url":
"https://api4.successfactors.co
m",
"client_id":
"NGUyZjasdasVjZDQzZjYzNW
NjMmR
mOTZhNDBiZmZiZA",
"user_id": "SFAPI_EDCAST",
"company_id": "acmeP",
"private_key": ""
}

optional_config Optional configuration parameters for the {

SuccessFactors connector "sso_enabled": "true",
"external_identifier_key":
"acme_id"}

SuccessFactors HRMS Source (Internal)

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED
 13

Name Description Sample Value

Map the EdCast LXP schema

Field Mapping to customer’s { "first_name": {
SuccessFactors schema "external_key":
"worker_data_data_fir
st_name"
}, "last_name": {
"external_key":
"worker_data_last_na
me"
}}

Organization of the customer

Organization deployment 1908

The option enables the

is_enabled SuccessFactors connector Yes

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 14

Employee Data Sync – Mode #2 – SFTP

Based
● Customer uploads CSV file to EdCast SFTP folder

● CSV files need to be encrypted using EdCast Public Key

(using PGP encryption)

● Sample CSV file : https://s3.amazonaws.com/ed-

general/bulk_import_sample.csv

● File with all records on initial launch followed by new or

changed (delta) records daily

● Customer is in control of the users that will be added on to the LXP

● EdCast platform processes these files on a daily basis

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 15

Employee Data Sync – Mode #3 – Push

Integration
● https://documenter.getpostman.com/view/1465156/RW8FERBE?version=late
st

● Customer uses Developer API to create/update users/groups

● Customer is in control of the users that will be added on to the LXP

● Real time create/update

Employee Data Sync – Mode #4 – Pull

Integrations
● Customer to provide 2 API’s

● API which provides list of all users along with their

attributes

● First Name, Last Name, Email are mandatory

● API which provides the delta of users

(added/deleted) for a given time range

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 16

SSO Integration

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 17

SSO Integration

Single sign-on (SSO) is system that enables users to securely authenticate with
multiple applications and websites by logging in only once—with just one set of
credentials (username and password). With SSO, the application or website that the
user is trying to access relies on a trusted third party to verify that users are who they
say they are.

How does SSO work?

Authentication with SSO relies on a trust relationship between domains (websites).

With single sign-on, this is what happens when you try to log in to an app or website:

The website first checks to see whether you’ve already been authenticated by the
SSO solution, in which case it gives you access to the site.

If you haven’t, it sends you to the SSO solution to log in.

You enter the single username/password that you use for corporate access.

The SSO solution requests authentication from the identity provider or authentication
system that your company uses. It verifies your identity and notifies the SSO
solution.

The SSO solution passes authentication data to the website and returns you to that
site.

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 18

SSO Integration
● EdCast supports two types of SSO integrations

● Integration with Customers Identity Provider

● Integration with Content providers

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 19

SSO integration with Customer’s

Identity Provider (SP Initiated SSO
Flow)

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 20

SSO Authentication through SAML (SP

Initiated)

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 21

SSO Integration Process

1. EdCast Support team creates basic Identity Provider profile

for the customer and share below artifacts with customer
○ Service Provider Metadata file
○ ACS URL
○ Entity ID

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 22

2. Customer’s IT administrator creates the Service Provider profile

in their Identity Provider software and share below artifacts with
EdCast Support team
○ Identity Provider Metadata file
○ Single Sign On URL

3. Customer’s IT administrator also updates their Identity Provider

software and send SAML assertion with firstName, lastName, email
and globally unique identifier (like employee ID) as subjectNameID

EdCast Support team updates the customer’s Identity Provider profile

with right customer supplied information from step #3

SSO Integration Process (Internal)

1. Note down the IDP Id from the customer’s Identity Provider profile
2. EdCast Support team creates OKTA API token for the
customer from OKTA Admin Console->Security->API -
>Tokens (Make sure to copy the token offline)
3. Enable OKTA for this customer using below steps
○ Go to organization specific settings page in LXP Super
Admin Console
○ Go to OKTA tab and Enable OKTA

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 23

○ Update OKTA domain (Production - https://edcast.okta.com and

SandBox-
https://edcast.oktapreview.com)

○ Update the API Token with value from Step#2

○ Enable SAML checkbox and update the IDP value with the
value from Step#1
4. Go to Customer’s LXP Admin Settings page and enable SAML
(Admin->Settings->Login Page Settings-> Okta saml)

For more detailed information, visit

https://confluence.edcastcloud.com/display/EP/EP+-+SSO+with+Okta

SSO integration with Content Provider

(IDP Initiated SSO Flow)

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 24

SSO Authentication through SAML (IDP

Initiated)

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 25

SSO Integration Process

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED

 26

1. EdCast Support team creates basic SAML 2.0 application for the
content provider application (OKTA Admin Console-> Applications-
>Add Application->Create New App) and share below artifacts with
the provider
○ Identity Provider Single Sign-On URL
○ Identity Provider Issuer
○ EdCast public key certificate

2. Content providers IT administrator use the above information and

configure their SAML integration and share below artifacts with
EdCast Support team
○ Single Sign On URL
○ Service Provider Entity ID (Audience URI)
○ Required Attributes in SAML assertion

3. EdCast Support team updates the content providers

application with right customer supplied information from
step #3

EdCast Support team to assign the customers group to SAML

application created in Step#1

PRIVATE AND CONFIDENTIAL – EDCAST 2019 ALL RIGHTS RESERVED