This article is for:
- IT Groups and Administrators
Overview
When using the Workiva platform, including Wdata, there is important technical information to ensure things run smoothly. This guide outlines network settings to optimize your performance and experience. You can forward this information to your IT Department to ensure allowing domains and SSL Inspection Bypass are established.
In this guide we'll cover the following:
- Allow domains and network policy
- SSL inspection
- Latency testing
Step 1: Review domains and network policy
First, review which domains you allow on your network. This contains a table of domains and emails to allow to ensure that Workiva and its services are not being blocked.
For whitelisting domain details, see Allow hosts and emails.
Step 2: Bypass SSL inspection
Bypassing SSL Inspection for Workiva can enhance performance and the overall user experience.
What is SSL inspection?
SSL Inspection is used to unlock encrypted sessions, check the encrypted packets, and identify and block threats. It can also be referred to as SSL Decryption, SSL Interception, HTTPS Inspection, HTTPS Scanning, and is part of the CASB (Cloud Access Security Broker) solution.
More and more public websites are moving to HTTPS, which means communications and data sent between the web server and client (i.e., an end user browsing the internet) are encrypted.
Wdesk and SSL inspection service or appliance
SSL Inspection services are known to cause performance issues with the Workiva platform. In order to remedy this, the wdesk.com domain and all wdesk.com subdomains need to bypass the SSL inspection policy. If SSL Inspection is not bypassed for all wdesk.com subdomains, it is likely the end user will experience slowdowns or connections issues.
Workiva currently uses two deep subdomains, example calc.app.wdesk.com. If the SSL Inspection equipment is capable of wildcard entry for the domains, that is a recommended method.
Check for SSL inspection
Checking if SSL Inspection is running can be completed by checking the web certificate being used when logged into Workiva.
- Go to https://app.wdesk.com.
- In the top URL bar, click on the padlock icon, then click Certificate.
- A new Certificate window will display. Take a screenshot of the General tab.
- Next, click on the Details tab. Scroll down to the bottom and click on Thumbprint. This can be captured as a screen shot for future diagnosis
- Compare the Clients certificate to the ones listed below. If the certificate does not match the one below, please notify your IT department.
| Domain | Certificate |
|---|---|
| app.wdesk.com h.app.wdesk.com |
SHA-1: "F1 EF F3 0F 82 30 08 B8 F7 A8 B4 67 81 95 AC E2 37 68 D4 05" |
| app.wdesk.com h.app.wdesk.com |
SHA-256: "8C 0C 30 DA 6B 9D 2C 8D F4 97 20 4E F0 71 1A B1 9B 73 89 6E AB AE 62 B7 C2 97 18 96 A4 FE BD E1" |
| eu.wdesk.com h.eu.wdesk.com |
SHA-1: "BA DF A3 17 C5 25 54 89 E8 D4 E5 5A 54 67 0E 15 47 A2 A1 16" |
| eu.wdesk.com h.eu.wdesk.com |
SHA-256: "31 2D AC BC 3D C7 AA F1 28 C3 90 1A AC F6 3A 12 9E 71 E3 C5 99 7F AC 4B 09 83 FE 2C B3 40 CA 4D" |
| apac.wdesk.com h.apac.wdesk.com |
SHA-1: "DE 71 61 B9 47 C5 4B E6 38 DF CD 01 40 4E 68 CE 45 E0 5C A1" |
| apac.wdesk.com h.apac.wdesk.com |
SHA-256: "A3 AC 79 73 1D 4A 32 AB 65 CE 54 42 D1 DA 1E 2B 37 A0 14 64 91 2E 59 06 AD 66 D0 6A B0 4C 7F 2D" |
Note: As a general best practice, we do not support certificate pinning. Web certificates are renewed frequently and depending on the certificate registration schedule, certificate pinning can lead to connection issues when renewal occurs. Please work with your IT Department to ensure Certificate Pinning is not taking place.
Step 3: Test Network Health/Connection
You can test the speed and latency to the Wdesk platform with this test, and it should only take ~30 seconds to complete.
This test will communicate to the closest CloudFlare endpoint and gather generic bandwidth/latency information. If the Latency is showing more than 250+ ms for the server tested, you can expect it to affect your overall Wdesk experience.
Cloudflare Endpoint Network Test
Click the link to access the test for Cloudflare. Capture a screenshot and record any errors if needed.
Local Internet Service Provider (ISP) Testing
It's also helpful to test the bandwidth coming from your local ISP. An easy test can be run by clicking on this link. Speedtest URL
If their results show speeds less than 25 Mbps download and 3 Mbps upload, there could potentially be performance issues. If you were able to walk through these tests and no issues arose, there shouldn't be any issues from a Networking standpoint when using Workiva's next generation Platform.
If you think there may be a potential issue, please contact Workiva Support.