The Complete UKG Ready Integration Guide

Before you start clicking around in your system, it is vital to understand the strategy behind enterprise-level integrations.

You are building a secure pipeline that will handle your most sensitive employee demographic and payroll data. Because of this, we cannot take shortcuts.

Following these steps precisely ensures that your data flows smoothly, accurately, and with bank-level security protections in place.

Using UKG Pro? See the UKG Pro Integration Guide

Step 1: Create a Security Profile

The very first phase of this integration requires you to establish the correct permission boundaries.

First, you'll need to create a security profile that will grant API access with the necessary permissions. By creating a dedicated security profile, you compartmentalize exactly what Benefit Cloud is allowed to see and do within your UKG Ready ecosystem.

Follow these precise steps to configure the profile:

• Navigate to: Maintenance > Admin Company > Configurations > Security Profiles.

  
  

• Click the "New Security Profile" button.

  
  

• Select the first option: "Default: Used for {COMPANY NAME} Admin".

  
  

• Enter a descriptive name (e.g., "API User Account" or "Benefit Cloud API Access").

  
  

• Check the "Full Access" checkbox under Security Items.

  
  

• Click Save.

  
  

CRITICAL WARNING: You must select the default admin profile type; other security profile types will not work for API access. If you skip this critical detail, the connection will fail.

Step 2: Create a Company Group (Optional But Recommended)

Depending on your corporate structure, you might manage multiple distinct entities or sub-companies within your overarching UKG Ready account.

If you want to grant Benefit Cloud access to only specific companies rather than all companies, create a custom company group. Conversely, if you are granting access to all companies, you can safely skip this step.

For those who need to segment their data access, here is the exact process:

• Navigate to: Maintenance > Admin Company > Company Groups.

  
  

• Click the "New Group" button.

  
  

• Select "Regular" from the pop-up window.

  
  

• Enter a name (e.g., "Benefit Cloud Access").

  
  

• Enter a description (e.g., "Companies accessible by Benefit Cloud API").

  
  

• Add companies by clicking the blue plus icon next to each one.

  
  

• Click Save.

  
  

Keep in mind: if you skip this step, you'll use the "All Companies" group in the next step, which grants access to all your companies.

Step 3: Create a Dedicated Service Account

Now that the security parameters and company boundaries are drawn, it is time to build the digital courier.

Create a dedicated service account that Benefit Cloud will use to access your payroll data via the API. This is an incredibly important security best practice. You should never use your personal login credentials to connect third-party software.

Follow this path to construct the service account correctly:

• From the "All System Companies" report, locate your Admin company.

  
  

• Click the "Edit Company" icon.

  
  

• Find the "Service Accounts" widget (add it via "Edit Tabs" if not visible).

  
  

• Click "Add Service Account" at the bottom of the widget.

  
  

• Fill in the service account details (see below).

  
  

• Click Save.

  
  

You must carefully fill out the configuration fields. Here is the exact data mapping required for the service account configuration:

• Username: Choose a username (e.g., benefitcloud, payfusion, or api_user).

  
  

• Password: Create a strong, unique password.

  
  

• Security Profile: Select the profile you created in Step 1.

  
  

• Category: Client.

  
  

• Type: Client.

  
  

• Company Access: Check "Login as Account" and "Login as SA", then select your company group (or "All Companies").
  

• Account Access: Check "Edit", then select "All Company Employees" group.

  
  

You must choose your own secure username and password, as you'll share these with Benefit Cloud in Step 5.

Step 4: Locate/Generate Master API Key

You have built the service account, but you still need the master skeleton key to unlock the data flow.

The Master API Key is required for Benefit Cloud to authenticate API requests to your UKG Ready system. Think of this sequence of characters as a highly secure, encrypted digital handshake.

Here is how to locate or generate this critical credential:

• Navigate to: Maintenance > Admin Company > Company Configuration.

  
  

• Scroll to the bottom of the page.

  
  

• Find the "API Keys" widget.

  
  

• If no key exists, click the "Generate" button.

  
  

• If a key already exists, click the eye icon to reveal it.

  
  

• Copy the API key for use in the next step.

  
  

You must keep this API key secure. It provides access to your payroll data when combined with the service account credentials. Treat it with the same level of care as a corporate credit card.

Step 5: Send Credentials to Benefit Cloud

The heavy lifting inside your UKG Ready portal is completely finished. Now, you simply need to pass the baton.

Securely provide the credentials to Benefit Cloud so they can establish the integration. This is the final step before you can permanently say goodbye to dual entry and manual CSV uploads.

You will need to gather the following information:

• Service Account Username (from Step 3).

  
  

• Service Account Password (from Step 3).

  
  

• Master API Key (from Step 4).

  
  

• Master Company Short Name (also called "Admin Company Short Name").

  
  

Additionally, for each company integration, you must also provide the Company Short Name for each group you want access to.

Once you have gathered this checklist, send these credentials securely to Benefit Cloud support.

DO NOT USE STANDARD EMAIL. You must send credentials through a secure channel. Consider using encrypted email, a password manager with sharing capabilities, or Benefit Cloud's secure portal.

Critical Security Best Practices

Because you are dealing with PII (Personally Identifiable Information), maintaining a rigorous security posture is non-negotiable.

Ensure your team adheres strictly to the following security best practices:

• Use Strong Passwords: Create a unique, complex password for the service account that's at least 16 characters long.

  
  

• Limit Access Scope: If you don't need to share all companies, use a custom company group to limit access.

  
  

• Secure Credential Sharing: Never send credentials via unencrypted email; use secure channels provided by Benefit Cloud.

  
  

• Periodic Review: Regularly audit service account access and rotate credentials annually.

  
  

Ready to Reclaim Your Friday Afternoons?

You now hold the exact blueprint to free your HR team from the crushing weight of manual data entry.

Every day you operate your tech stack in isolated silos is another day of lost productivity and increased risk of compliance errors. Take 20 minutes today to execute this setup, and you will reap the rewards of seamless automation for years to come.

If you get stuck, or if you simply prefer to have an expert verify your setup, we are here for you.

If you have any questions or encounter any issues during the integration process, our support team is here to help.