Workday Tenant - Kainos Users

Access of Kainos Consultants to Customer's Workday Tenant

At various stages during a customers Smart subscription,  Kainos consultants will require access to a customers tenant.

It is the customer's responsibility to grant Kainos access to their Workday tenants and to ensure that Kainos has the minimum permissions required to perform their job i.e using the Principle of Least Privilege  (PoPL).

1) Kainos must only ever be granted access to non-production Workday tenants.

2) Kainos consultants must never be granted access to Workday Production Tenants. 

3) Kainos consultants are never granted security administration access to a Workday Tenant.

4) Kainos consultants must only be granted access to the minimal amount of data required on Workday tenants to complete their assigned tasks.

5) Kainos consultants must not be granted the ability to bulk extract sensitive or PII data from Workday tenants.

6) Access to Workday tenants must be time bound i.e. Kainos consultants must only have access to the tenant to complete specific tasks e.g. pack building, troubleshooting etc..

It is the responsibility of the Customer to set up the time-bound access and revoke when the activities / tasks have been completed.

7) Kainos users accounts on Workday tenants must have their access restricted to the Kainos network IP addresses using IP whitelisting functionality in Workday.  Please contact Kainos for update to date list of IP addresses.

It is the responsibility of the customer to configure IP whitelisting.