Safeguarding sensitive data in today’s digital era is of utmost importance. Workday, an industry leader for enterprise cloud solutions in finance and HR, offers robust authentication measures to safeguard your organization’s information. This article details how you can create an authentication policy within Workday that restricts administrator and manager access while permitting self-service tasks from anywhere via SAML authentication.
Workday offers multiple authentication methods to meet the diverse needs of organizations. The following authentication techniques are included:
SAML Authentication allows users to access Workday using pre-existing credentials from a reputable identity supplier. Corporate Network Access restricts access to certain areas within your corporate network for certain roles, such as HR administrators and managers.
Managed Device Access: Ensuring user access from managed devices equipped with appropriate security parameters.
Role-Based Security Groups: Enabling organizations to form security groups based on user roles, such as Emergency Administrators, to meet specific access needs.
Step 1: Set Up SAML Authentication
1. Select Your SAML Provider: Select an Identity Provider (IdP) for SAML authentication. Popular examples are Okta, Azure Active Directory, and Ping Identity.
2. Set up SAML in Workday: Navigate to “Security” inside Workday and select “SAML Authentication.”
3. Evaluate SAML Configurations: At this step, enter or upload the metadata URL or file provided by your Identity Provider (IdP). Set up SAML configurations incorporating entity ID, ACS URL, and other needed details. Eventually, evaluate this configuration successfully to move forward.
Conduct a test login to check whether SAML settings are operating as expected and ensure users can access Workday using their SAML credentials.
Step 2: Enable Self-Service Access
1. Establish a Security Group for Self-Service Users: Navigating to Workday’s “Security” area will enable you to create and allot a Security Group specifically for self-service users. After making this Group, you must allow it to those requiring self-service capabilities within Workday.
2. Grant Permissions: Assign permissions to the “Self-Service Users” group so they may access self-service functionalities.
Limit these permissions to non-sensitive activities such as viewing pay stubs, updating personal details, or submitting time off requests.
Step 1: Establish the Corporate Network
1. Determine Your IP Range: Establish the range of IP addresses within your company network. This could include both public and private IPs.
2. Set Up Network in Workday: To complete setting up the network within Workday, navigate to the Security area inside Workday and click the Set Up Network button.
Include your business network IP ranges in the Trusted Networks List.
Step 2: Create a Security Group for HR
Administrators and Managers
1. Establish a New Security Group: Navigating to the “Security” area within Workday and creating a new group called HR Administrators and Managers is easy. Once complete, all HR administrators and managers should receive this security group.
2. Restriction to the Corporate Network:
When configuring security group configurations, specify that access should only be permitted to the corporate network and restrict users within that group to log in only from specific IP ranges.
Step 1: Acquire the Managed Device Attribute
Reach Out to Your SAML Provider:
Speak with your SAML provider to acquire the Managed Device Attribute designation. This property indicates whether a device is administered and meets security standards.
Step 2: Integrating Managed Device Access in Workday
1. Add Managed Device Attribute:
Navigating to Workday’s Security area, entering SAML Configuration mode and adding Managed Device Attribute into SAML configuration mode will do this step.
2. Establish a Security Group for Managed Devices: To create a Security Group dedicated to Managed Device Users, create a new security group such as “Managed Device Users.”
Subset Users with Security Administrator Privileges.
3. Compile a Catalogue of Managed Devices: When compiling a roster of approved devices that are allowed access Workday, make sure it is regularly revised and assessed for precision.
Allocate Restricted Permissions by Allocating Conclusion Document.
Workday’s authentication features allow organisations to balance user comfort with stringent security measures.
Workday’s authentication rules enable organizations and devices to restrict access to specific networks, facilitate self-service tasks from any location or monitor access from specific devices.
Organizations can ensure only authorized persons gain access to sensitive data while still offering an excellent user experience by employing technologies like SAML authentication, device access control and role-based security groups.
Workday offers solutions that address various security needs, including pre-hires, emergency administrators and proxy access for non-production tenants.
At a time of increasing cybersecurity concerns, implementing authentication procedures within Workday is paramount for safeguarding data within your organization and adhering to industry standards.
