The ADP connector is a Palantir-provided driver for ADP.
To create a new ADP source, follow the standard setup flow for Palantir-provided drivers, then use the sections below for ADP-specific configuration and networking. For the complete property reference, see the official ADP driver documentation ↗.
The properties below are mandatory or recommended.
| Property | Required? | Description | Default |
|---|---|---|---|
SSLClientCert ↗ | Mandatory | Specifies the TLS (SSL) client certificate issued by ADP that your application presents for authentication. | — |
TestConnectionEndpoint ↗ | Mandatory | Specifies the API endpoint that the provider uses to test the connection to ADP. | workers |
UseUAT ↗ | Mandatory | Specifies whether the provider connects to the ADP User Acceptance Testing (UAT) environment instead of production. | FALSE |
IncludeCustomFields ↗ | Recommended | A boolean indicating if you would like to include custom fields in the column listing. | TRUE |
InitiateOAuth ↗ | Recommended | Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working. | GETANDREFRESH |
OAuthClientId ↗ | Recommended | Specifies the client ID (also known as the consumer key) assigned to your custom OAuth application. This ID is required to identify the application to the OAuth authorization server during authentication. | — |
OAuthClientSecret ↗ | Recommended | Specifies the client secret assigned to your custom OAuth application. This confidential value is used to authenticate the application to the OAuth authorization server. (Custom OAuth applications only.) | — |
SSLClientCertPassword ↗ | Recommended | Specifies the password required to access the TLS/SSL client certificate store. Use this property if the selected certificate store type requires a password for access. | — |
SSLClientCertType ↗ | Recommended | The type of key store containing the TLS/SSL client certificate. | PFXBLOB |
The table below lists the domains that the source needs to be able to access in order to successfully run.
For each domain, add a corresponding egress policy. If the source is hosted on-premises and not directly reachable from Foundry, use an agent proxy egress policy instead; the agent host itself must also be able to reach the listed domains. See using an agent as a proxy for details.
| Domain | Required |
|---|---|
| api.adp.com | If UseUAT=FALSE |
| accounts.adp.com | If UseUAT=FALSE |
| uat-api.adp.com | If UseUAT=TRUE |
| uat-accounts.adp.com | If UseUAT=TRUE |