When managing large numbers of users in the Workiva platform, there are several concerns to be aware of:
- Security risks: More inactive users means more potential entry points for malicious attacks. Also, any inactive users can become targets for hackers, increasing the risk of security breaches.
- Administrative overhead: Managing permissions and roles is more complicated and auditing for compliance and security is more time-consuming with large numbers of users.
- Significant slowdowns: Importing over 10,000 users can strain system resources and lead to longer load times. Tasks like running SCIM (System for Cross-domain Identity Management) and bulk user operations can become significantly slower.
Best practices for efficient user management
Here are our best practices to help large enterprises enhance security and increase administrative efficiency:
Identify relevant users
- Focus on importing users from departments that are more likely to use the product like Finance, Compliance, and Legal, instead of operational roles like factory employees or store employees.
- Create targeted active directory (AD) groups to streamline the import and sync process.
Minimize initial user setup
- Import users with minimal or no permissions initially. This reduces the risk of unauthorized access and simplifies permissions management.
- Don’t send welcome emails until you’ve confirmed that the user will be actively using the product. This prevents unnecessary access and clutter.
Assign permissions based on need
- Assign permissions based on the specific features that the user will be using. This helps ensure that users only have access to what they need when they need it.
- Grant membership to workspaces only as required, instead of adding all users to all workspaces.
- Use SCIM API’s to add users to workspaces and assign specific roles. For example, create separate AD groups per workspace role. If a user needs multiple roles, add that user to all of those corresponding AD groups.
Review and clean up regularly
- Regularly review workspace membership and remove users who have been inactive for a specified time. This reduces the risk of security vulnerabilities.
- Schedule periodic compliance and security audits to ensure that user access remains appropriate and secure.
Use SAML single sign-on authentication
- Use SAML single sign-on authentication to ensure that all users log in through the customer’s Identity Provider (IDP), which helps enhance security and improve success rates of user logins. If needed, third-party users like auditors can bypass the SAML enforcement without compromising security by adding bypass users.
By understanding the risks of large-scale user management and following these recommendations, you can help safeguard your organization from security vulnerabilities and optimize administrative workflows.
If you have any questions, contact Workiva Support.