Application security and best practices
As a Workday customer, you have access to Workday’s mobile application to easily access and complete self-service tasks and view reports. Because Workday designs mobile applications for the self-service user, not all features are available based on their security settings and access levels. In this quick reference guide, we will discuss Workday’s mobile application security standards and provide helpful tips and tricks for mobile users.
Getting started with Workday mobile
When it comes to mobile applications, not all user settings are created equal. In order to see which business processes and actions you’re able to complete on each platform (Android, iPhone, etc.), run the List Tasks Available on Mobile report. While the mobile apps have limited functionality, you can access all features on the Workday browser application by entering your tenant URL in a web browser on your mobile device.
Easily enable Workday for mobile for your employees
Enabling the Workday mobile app on different devices is simple and compatible with any device, simply follow these steps below:
- Enable and add users to the following mobile domains in the system functional area:
- Android: mobile usage
- iPad: mobile usage
- iPhone: mobile usage
- Enable single sign-on under Edit Tenant Setup – Security
- To enable Single Sign-on, update the Mobile App Login Redirect URL and Mobile Browser Login Redirect URL as required from your identity provider (IDP).
- Based on your company policy, enable Biometric Authentication, Mobile PIN Authentication, define PIN max/min length, PIN max failed sign-on attempts, and max mobile authentication age.
- Create or edit existing authentication policy to control how users will log in and use Biometric Authentication and mobile PIN.
Workday’s mobile application security model
Workday approaches security with a ‘unified’ model and applies it across all platforms. It is completely independent of device types, so the user will be consistently granted or denied access to functionality regardless of which type of device they are on. Since access is provided based on this security policy, it is consistent across all platforms, including desktop. Some tasks might not be available on the mobile app per the List Task Available on Mobile report.
Access to Workday’s mobile application can be restricted for a user when they log in outside of a whitelisted network. This restriction will apply to all devices; access cannot be limited by device type (i.e. Workday mobile app or desktop off-network.)
Alight's Point of View
On/Off Network Recommendations
Access Restrictions (These recommendations apply to all device types)