Implement an authentication policy for Workday security

Workday provides an extra layer of security through their authentication policy. Not only does this help protect your data but it allows you to determine how and where data is shared depending on how it’s accessed.

Whether you’re signing up for a new credit card or distilling information down to employees within your organization, everyone is conscious about keeping their data safe and out of the hands of those who don’t need it. And in today’s growing and constantly changing cyber world, it’s important to keep up with these changes and take the necessary steps to ensure your personal, employee and customer data is safe and secure.

See how an authentication policy can improve your data security.

Overview

Keeping your data safe and secure in today’s growing and changing cyber world is a top priority. Anytime a company’s data or system(s) is compromised it hurts their reputation and often leads to a lack of confidence for both employees and customers. To help prevent this, Workday provides another layer of security that helps protect your data.

This added level of security provides you with additional protection against data exposure and gives you the ability to restrict access to Workday. Workday’s authentication policy, a powerful tool to help defend against unwanted parties accessing your system, ensures only the appropriate data is shared. The most critical and important piece of security is to make sure your data is safe and secure. If you have not already implemented Workday’s authentication policy, now’s the time to learn more so you can get started on it.

What is an authentication policy?

Authentication policies determine how users can access your Workday tenant either by blocking networks or establishing setup rules that determine how users sign in. Workday’s authentication policy allows you to restrict access to your system by:

• Only allowing users to access from a list of approved IP addresses or ranges.

• Limiting access to users based upon method of authentication. For example, you can limit what employees can do when off your company network versus what they can do while on your company network. Considerations on what to restrict when off your company network include:

  • Sensitive information whether it needs to be viewed and/or transacted upon.

  • Certain transactions such as payment elections or tax elections where the unmasked Social Security number (SSN) is viewable.

  • Phone numbers, addresses, dependents and beneficiaries.

  • Any non-applicable data and transactions for former employees or other groups of employees.

Authentication policies can be setup for each of your tenants allowing for the flexibility to give different access in your implementation, sandbox and production tenant.

Breaking down the benefits

The benefits of using Workday’s authentication policy include the ability to:

• Lock down the system to only allow appropriate users access.
• Restrict viewable data and actions based on how the user is accessing the system.
• Secure your data further by adding an extra layer of protection.
• Validate where the identity is coming from.
• Drop traffic that isn’t allowed and prevent it from taking up any more processing power.

In addition, the authentication policy adds another layer of protection to mitigate risk of unwanted users getting access to critical data. Such a security breach could lead to any or all of the following:

• Data leakage—critical information shared with unwanted parties.
• Theft—use of stolen data for identify theft.
• Brand and reputation damage.
• Fines due to non-compliance.
• Loss of confidence and satisfaction.

Architecting a safe and smart solution

Implementing an authentication policy will provide you with a more granular level of control with user authentication. You can configure the following to tailor the authentication policy to your company’s requirements.

• The restrict environment functionality allows you to select which tenants the policy should apply to.
• Network blacklist options allows you to manage IP addresses or IP ranges which are allowed to access your Workday system.
• Authentication whitelist defines the networks and authentication types that selected security groups can use to access Workday or set access restrictions that limit user access after sign in.
  • Setup a security group which defines the population the authentication rule should apply to.
  • For that security group define which networks are allowed (on network, off network, etc.) and the authentication type allowed (SAML, user name, password, any, none, etc.) for that population.
  • Define access restrictions to only allow users logging in with this method to have access to certain security groups and specify functionality that is excluded.

Tip: Arrange your authentication rules in decreasing levels of restriction as Workday evaluates the rules in the order they are listed. The first rule that the user matches will be the authentication policy that is applied.