To provide our client with additional security for 25,000 employees who had payment elections enabled in Workday Payroll, Agilysis implemented Okta’s multi-factor authentication tool. Okta, a software platform that enables organizations to secure the identities of their customers and their workforce, was deployed in front of Workday.
A large healthcare and life sciences firm was experiencing hundreds of hacking attempts, which targeted employee logins on Workday. The firm realized it was only a matter of time before an employee’s Workday access was hacked and their payroll compromised. In order to prevent this, the firm needed a strong security mechanism to protect employee payment information. They reached out to Agilysis for a custom solution.
The client needed an authentication mechanism that was easy for their employees to use yet secure enough to protect their system. Agilysis provided a consulting team that, in conjunction with the client, investigated various multi-factor authentication (MFA) solutions available on the market. The team eventually settled on the software platform Okta because of its scalability, ease of use, and integration with Workday.
Agilysis began implementing Okta with Workday by developing a custom RaaS API with a list of custom fields, generated URL, and credentials that were shared with Okta to allow them to import the client’s employee population from Workday. Next, a core connector was developed with Okta template integration to enable Okta API endpoint URL with required credentials.
After APIs were developed, the SSO needed to be configured. Agilysis configured two Single Sign-On links to Okta with authentication based on the Employee ID (name identifier) along with the X509 certificate. Payment elections and security settings were also configured.
Agilysis then enabled Okta IDP in Workday and configured Step-up to display an MFA when an employee selected Payment Election on Pay Worklet. The final step was to add a to-do task in the Payment Elections Worklet that took the user back to Okta to enter the MFA.
Ultimately, any employee that needed to make a Workday Payroll update, such as revising payment elections, was required to authenticate their identity based on a number of knowledge or possession factors. The addition of two-factor authentication added an extra level of security for the client’s workforce. This extra layer of security was used only for critical updates, not for activities such as viewing paystubs, so as not to create an unnecessary burden on the client’s employees.
The Okta MFA was configured to use the following multi-factor authentication elements:
The entire project took about six weeks with critical inputs from Okta and the client’s business and technical teams. With 25,000 employee accounts now secured through Okta, the team is planning to deploy this solution to employees around the world.