Set up the UKG spoke

Rversion finale: Australia

Mis à jour 12 mars 2026

5 minutes de lecture

Integrate your Kronos application with your ServiceNow instance. Register an OAuth application in Kronos and authenticate requests from ServiceNow.

Avant de commencer

Request an Integration Hub subscription.
Activate the UKG spoke.
Kronos manager user or superuser credentials.
Role required: admin.

Remarque :

Make sure that the application registry, connections, and credentials are within the application scope.

You can choose to set up the UKG spoke using the connection template or using connection and credentials records according to your requirement.

Option 1: Configure a connection for the UKG spoke

Add and configure a connection using the connection template to authenticate ServiceNow requests in UKG spoke.

Avant de commencer

Role required: admin

Remarque :

If you're updating from a previous version (before version 3.3.0) of the spoke, first you need to remove the current connection record, credentials record, and Kronos user credentials. Then, you can set up the connection using the template.

Procédure

Navigate to All > Process Automation > Flow Designer.
Select the Connections tab.
Locate the UKG connection alias and click View Details.
Remarque :
Don't click Add Connection.
Click Edit.
If you are configuring the spoke for the first time, click Configure.

On the form, fill in the fields.


Field	Description
Connection Name	Name to uniquely identify the connection record. For example, enter Kronos Conn.
Connection URL	URL of the Kronos instance.
App Key	Application key of the Kronos instance.
OAuth Entity Name	Unique name to identify the OAuth entity profile of the UKG spoke. For example, select `UKG OAuth entity`.
OAuth Client ID	Client ID created during the application configuration in Kronos.
OAuth Client Secret	Client Secret created during the application configuration in Kronos.
Token URL	OAuth server token endpoint. For example, `https://<Kronos-Instance>.com/api/authentication/access_token`.

Click Configure and Get OAuth Token.
A modal page displays to enter your Kronos credentials.
Enter your Kronos username and password and click Get OAuth Token.

Résultats

Once your OAuth token has been successfully fetched, you can begin using your UKG spoke connection.

Option 2: Using connection and credentials records for UKG spoke setup

Create a connection record and credential record for setting up the UKG spoke.

Avant de commencer

Role required: admin

Remarque :

If you have already configured a connection using the connection template, you can ignore this procedure.

Register Kronos as an OAuth provider

Use the information generated during the Kronos application creation and configuration to register Kronos as an OAuth provider and allow the instance to request OAuth 2.0 tokens.

Avant de commencer

Role required: admin

Procédure

Navigate to All > System OAuth > Application Registry.
Open the record for the Kronosspoke.

On the form, fill in the fields.


Field	Value required
Name	Name to uniquely identify the record. For example, enter `Kronos OAuth profile`.
Client ID	Client ID created during the application configuration in Kronos.
Client Secret	Client Secret created during the application configuration in Kronos.
Default Grant type	Grant type used to establish the token. Select Resource Owner Password Credentials.
Application	Application scope that contains this record. Select Kronos Spoke.
Accessible from	Application scope that this registry is accessible from.
Active	Option to actively use the application registry. Select the option.
Token URL	OAuth server token endpoint. For example, `https://<Kronos-Instance>.com/api/authentication/access_token` .
Redirect URL	OAuth callback endpoint. For example, `https://<ServiceNow-Instance>.com/oauth_redirect.do`.

Right-click the form header, and click Save.

In the OAuth Entity Scopes tab, insert a row and provide these values.


Field	Value
Name	Kronos
OAuth scope	givenName mail nonce openid profile sn uid

Click Update.
In the OAuth Entity Profile tab, click the default profile, Kronos oAuth default_profile.
Insert a record in the OAuth Entity Scope related list and select the default entity scope for the Kronos spoke, for example, Kronos.
Click Update.

Create Credential record for the Kronos spoke

Authorize the Kronos spoke actions by creating credential records for the application registered in Kronos. The Kronos spoke connection and credential alias uses these credentials to authorize actions.

Avant de commencer

Role required: admin.

Procédure

Navigate to All > Connections & Credentials > Credentials.
Click New.
The system displays the message What type of Credentials would you like to create?.
Select OAuth 2.0 Credentials.

On the form, fill in the fields.


Field	Value required
Name	Name to uniquely identify the record. For example, `Kronos Cred`.
Active	Option to actively use the credential record. Select the option.
OAuth Entity Profile	Default OAuth entity profile of the Kronos spoke. For example, select Kronos oAuth default_profile.
Order	Order that the credentials are used. For example, enter `100`.

Right-click the form header and click Save.

Provide Kronos user credentials

Create a record to provide details and credentials of the required Kronos user. The Kronos spoke uses these user credentials to perform actions in Kronos.

Avant de commencer

Role required: admin.

Pourquoi et quand exécuter cette tâche

Ensure that you provide credentials of a manager user or Kronos superuser. With these credentials, time off requests of both employee and manager can be managed.

Procédure

Navigate to All > Kronos > Credentials.
Click New.

On the form, fill these values.

Tableau 1. Kronos Credentials form
Field	Descriptions
Name	Name to uniquely identify the record.
Application Key	Application Key of the Kronos user.
User name	User name to log in to the user's account in Kronos.
Password	Password of the Kronos user account.
Connection & Credential Alias	Default alias record associated with the Kronos spoke.
Refresh Token Expires	Date and time by when the Kronos refresh token expires. The Kronos spoke generates a new refresh token periodically, before the current refresh token expires.

Click Submit.
To generate the Kronos token, click the Get Kronos Token related link.

Résultats

The Kronos - Get Kronos Token subflow is triggered. The subflow uses the details provided during spoke setup to retrieve a valid refresh token from Kronos. The subflow then, updates the value of Refresh Token Expires.

Remarque :

To access more details about the Kronos refresh token, navigate to System OAuth > Manage Tokens.. Here, a record is created for each refresh token.

Create Connection record for the Kronos spoke

Create Connection records to your Kronos application. The Kronos spoke connection and credential alias uses these connections to perform actions in Kronos.

Avant de commencer

Role required: admin.

Procédure

Navigate to All > Connections & Credentials > Connection & Credential Aliases.
Open the record for the Kronos spoke.
From the Connections tab, click New.

On the form, fill these values.

Tableau 2. HTTP(s) Connection form
Field	Value required
Name	Name to uniquely identify the connection record. For example, enter `Kronos Conn`.
Credential	Credential record you created for Kronos. For example, select Kronos Cred. See Create Credential record for the Kronos spoke for more information.
Connection alias	Alias record associated with this connection.
URL builder	Remarque : Do not select the check box.
Connection URL	URL of the Kronos instance.
Use MID server	This field isn't applicable.
Active	Option to actively use the connection. Select the option.
Domain	Domain that the action or activity runs in.

In the Attributes tab, fill these values.


Field	Description
u_app_key	Application Key of the Kronos user.
u_version	Kronos version of your instance. Enter `v1`.

Click Submit.