Limit overprivileged users
Map users’ roles to detect permission sprawl and identify over-privileged users:
- Group users by roles and permissions
- Identify users with access to multiple domains
- Identify unfunctional users with high permissions who are inactive
×
![]()
×
![]()
Enforce a strong access control policy
Prevent unauthorized users from accessing sensitive employee and financial data:
- Enforce MFA
- Implement a limited MFA grace period
- Enforce a 15-minute automated session timeout for inactive users
Silo Workday data effectively
Limit the number of domains granted to a security group:
- Identify security groups with access to an excessive number of domains
- Remove unnecessary domains from the security group
×
![]()
