Certified: May 07, 2025
Solution Summary
This guide describes ADP integration with RSA ID Plus using SAML 2.0. Use this information to determine which use case and integration type your deployment will employ.
The ADP SAML Direct Application in RSA is used to integrate with any/all ADP SAML SP applications. The ADP SAML Direct application has all of the configuration for ADP SAML SP applications pre-configured except for the Connection/Relay State URL. The Connection/Relay State URL is specific to each ADP SAML SP application.
If you are integrating with more than one ADP application using SAML, then an instance of the ADP SAML Direct application should be deployed for each application. All deployed ADP SAML Direct applications should use the same certificate and Issuer Entity ID. Each ADP SAML Direct application will have Connection URLs that are specific to the corresponding ADP application.
Refer to the table below for a list of supported ADP services and their Relay State URLs.
| ADP Service Name | Relay State/Connection URL |
| ADP Workforce Now® | https://fed.adp.com/saml/fedlanding.html?WFN |
| ADP Workforce Now® Enhanced Time | https://fed.adp.com/saml/fedlanding.html?EETDC2 |
| ADP Vantage HCM® | https://fed.adp.com/saml/fedlanding.html?ADPVANTAGE |
| ADP Enterprise HR® (ADP Portal) | https://fed.adp.com/saml/fedlanding.html?PORTAL |
| MyADP® | https://fed.adp.com/saml/fedlanding.html?REDBOX |
Use Case
ADP can be integrated with RSA using My Page SSO. When integrated, ADP users must authenticate with RSA to sign in to ADP.
Integration Types
My Page SSO provides Single-Sign-On (SSO) to ADP users leveraging RSA self-service portal My Page. IdP-initiated SSO is supported.
Modern Cloud-hosted SSO with My Page replaces the existing SAML SSO support with the IDR.
Supported Features
This section shows all the supported features by integration type and by RSA components. Use this information to determine which integration type and RSA component your deployment will use. The next section in this guide contains the instruction steps for how to integrate RSA with ADP using each integration type.
ADP Integration with RSA Cloud Authentication Service
| Authentication Methods | RSA MFA API (REST) | RADIUS | Relying Party | My Page SSO |
| Approve | - | - | - | |
| LDAP Password | - | - | - | |
| SecurID OTP | - | - | - | |
| Authenticate OTP | - | - | - | |
| Device Biometrics | - | - | - | |
| SMS OTP | - | - | - | |
| Voice OTP | - | - | - | |
| FIDO Security Key | - | - | - | |
| QR Code | - | - | - | |
| Emergency Access Code | - | - | - |
ADP Integration with RSA Authentication Manager
| Authentication Methods | RSA MFA API (REST) | RADIUS | Authentication Agent |
|---|---|---|---|
| RSA SecurID | - | - | - |
| On Demand Authentication | - | - | - |
| Risk-Based Authentication | - | - | - |
| Supported | |
| - | Not supported |
| n/t | Not yet tested or documented, but may be possible |
| n/a | Not applicable |
Configuration Summary
This section contains instruction steps that show how to integrate ADP with RSA for cloud administrators using all of the integration types.
This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products to install the required components.
All RSA and ADP components must be installed and working prior to the integration.
This section of the guide includes links to the appropriate sections for configuring both sides for each use case.
Integration Configuration
RSA Cloud Authentication Service
RSA Terminology Changes
The following table describes the differences in the terminologies used in the different versions of RSA products and components.
| Previous Version | New Version | Examples/Comments |
| Company ID | Organization ID | |
| Account | Credential | |
| Token | OTP Credential | SecurID OTP Credential |
| Tokencode | OTP/Access Code | SecurID OTP, SMS OTP, Voice OTP Emergency Access Code, Disable Access Code |
| Hardware Token | Hardware Authenticator | |
| Device Serial Number | Binding ID | |
| Device | Credential/Authenticator | |
| Device Registration Code | Registration Code | |
| Authenticate App | Authenticator App |
Certification Details
RSA Cloud Authentication Service
ADP
Known Issues
- SP-Initiated flow for My Page is not supported by ADP.
- Relying Party integration is not supported.
