Most organizations around the world are asking employees to work from home, where possible, as a result of COVID-19. We recommend turning on Workday for mobile to ensure employees can access Workday on their mobile devices in order to continue performing their duties and daily tasks, such as managing their teams from anywhere.
For many organizations and their people this may be unchartered territory, and providing the right tools and support to help your employees effectively continue their work will make the transition as seamless as possible.
This reference guide provides information on turning on Workday’s mobile application, the mobile security standards and helpful tips and tricks for mobile users.
Workday application security and best practices
As a Workday customer, you have access to its mobile application to easily access and complete self-service tasks and view reports. Because Workday designs mobile applications for the self-service user, not all features are available based on their security settings and access levels.
Getting started with the Workday mobile application
When it comes to mobile applications, not all user settings are created equal. In order to see which business processes and actions you’re able to complete on each platform (Android, iPhone, etc.), run the List Tasks Available on Mobile report. While the mobile apps have limited functionality, you can access all features on the Workday browser application by entering your tenant URL in a web browser on your mobile device.
Easily enable Workday for mobile for your employees
Enabling the Workday mobile app on different devices is simple and compatible with any device, simply follow these steps below:
- Enable and add users to the following mobile domains in the system functional area:
- Android: mobile usage
- iPad: mobile usage
- iPhone: mobile usage
- Enable single sign-on under Edit Tenant Setup – Security.
- To enable Single Sign-on, update the Mobile App Login Redirect URL and Mobile Browser Login Redirect URL as required from your identity provider (IDP).
- Based on your company policy, enable Biometric Authentication, Mobile PIN Authentication, define PIN max/min length, PIN max failed sign-on attempts, and max mobile authentication age.
- Create or edit existing authentication policy to control how users will log in and use Biometric Authentication and mobile PIN.
Workday’s mobile application security model
Workday approaches security with a ‘unified’ model and applies it across all platforms. It is completely independent of device types, so the user will be consistently granted or denied access to functionality regardless of which type of device they are on. Since access is provided based on this security policy, it is consistent across all platforms, including desktop. Some tasks might not be available on the mobile app per the List Task Available on Mobile report.
Access to Workday’s mobile application can be restricted for a user when they log in outside of a whitelisted network. This restriction will apply to all devices; access cannot be limited by device type (i.e. Workday mobile app or desktop off-network.)
Alight’s Point of View
On/Off Network Recommendations Access Restrictions (these recommendations apply to all device types).
The recommendations below can be accomplished using Security Group (Who), Authentication Type (How), IP Ranges (Where) and Access Restriction (What) in authentication policy. Please note: Authentication policy cannot differentiate between device types.