Overview

To authenticate with RUN Powered by ADP, you need:
  1. Client ID - A unique identifier for your client.
  2. Client Secret - A confidential key used to authenticate the identity of the application (client).
  3. Client Public Certificate - The public certificate (in PEM format) used for Mutual TLS (mTLS) authentication.
  4. Client Private Key - The private key (in PEM format) associated with the client certificate, used for establishing a secure TLS connection.
This guide will walk you through obtaining these credentials within RUN Powered by ADP.

Prerequisites:

  • You must have an account with RUN Powered by ADP.

Instructions:

Step 1: Finding Your Client Credentials

Step 2: Generating the Private Key and Certificate Signing Request

  • To authenticate with RUN Powered by ADP APIs using Mutual TLS (mTLS), you’ll need to generate a private key and a Certificate Signing Request (CSR). This allows RUN Powered by ADP to issue a signed certificate used for secure communication.
Follow the steps below to complete this process:
  1. Install OpenSSL
  1. Open a Command Prompt and Navigate to OpenSSL
Open cmd.exe and navigate to the OpenSSL binary directory: 
# For 32-bit version
cd "C:\Program Files (x86)\OpenSSL-Win32\bin"

# For 64-bit version
cd "C:\Program Files\OpenSSL-Win64\bin"
  1. Generate the Private Key
Run the following command to generate a 2048-bit RSA private key: 
openssl genrsa -out companyname_auth.key 2048
This creates a file named companyname_auth.key, your private key. Keep it safe and do not share this file.
  1. Generate the Certificate Signing Request (CSR)
Using the private key, generate the CSR by running the following command: 
openssl req -new -key companyname_auth.key -out companyname_auth.csr
When prompted:
  • Leave the Country, State, Locality, and Challenge Password fields blank
  • Use the correct Organization Name that matches your RUN Powered by ADP registration
  • Set the Common Name as your company name followed by MutualSSL (e.g., ExampleCorpMutualSSL)
  • Avoid using special characters in any of the fields
This generates companyname_auth.csr, which you’ll submit to ADP.
  1. Next you will need to submit the CSR to ADP. Open the ADP Certificate Signing Tool (no login required)
  2. Select “Authentication and Transaction Signing” for the certificate type
  3. Paste the full contents of your .csr file, including the header and footer:
-----BEGIN CERTIFICATE REQUEST-----
...
-----END CERTIFICATE REQUEST-----
  1. Provide your:
    • Technical contact’s email address, name, and a group email (for renewal notifications)
    • Company name
    • RUN Powered by ADP Client ID
  2. Receive and Save the Signed Certificate
Once approved, ADP will return a signed certificate. Save it as: 
companyname_auth.pem
Place this file in the same directory where you created the .key and .csr.
✅ Files You’ll Use for Mutual TLS Authentication For API authentication with RUN Powered by ADP, you’ll need the following two files:
  • **companyname_auth.key** — the Client Private Key
  • **companyname_auth.pem** — the Client Public Certificate
Make sure both files are stored securely and access is restricted to authorized systems and personnel.

Step 3: Enter credentials in the Connect UI

Once you have your Client ID, Client Secret, Client Public Certificate and Client Private Key:
  1. Open the form where you need to authenticate with RUN Powered by ADP.
  2. Enter your credentials in their respective fields.
  3. Submit the form, and you should be successfully authenticated.
You are now connected to RUN Powered by ADP.