This article is for:
- IT Groups and Administrators
Overview
When using the Workiva platform, including Wdata, there is important technical information to ensure things run smoothly. This guide outlines network settings to optimize your performance and experience. You can forward this information to your IT Department to ensure allowing domains and SSL Inspection Bypass are established.
In this guide we'll cover the following:
- Allow domains and network policy
- SSL inspection
- Latency testing
Step 1: Review domains and network policy
First, review which domains you allow on your network. This contains a table of domains and emails to allow to ensure that Workiva and its services are not being blocked.
For allowlisting domain details, see Allow hosts and emails.
Step 2: Bypass SSL inspection
Bypassing SSL Inspection for Workiva can enhance performance and the overall user experience.
What is SSL inspection?
SSL Inspection is used to unlock encrypted sessions, check the encrypted packets, and identify and block threats. It can also be referred to as SSL Decryption, SSL Interception, HTTPS Inspection, HTTPS Scanning, and is part of the CASB (Cloud Access Security Broker) solution.
More and more public websites are moving to HTTPS, which means communications and data sent between the web server and client (i.e., an end user browsing the internet) are encrypted. This is why a lot of network security requirements call for SSL inspection in order to make sure they can scan for malicious traffic from untrusted sources before it reaches the end user.
Wdesk and SSL inspection service or appliance
SSL Inspection* services are known to cause performance issues with the Workiva platform. In order to remedy this, the wdesk.com domain and all wdesk.com subdomains need to bypass the SSL inspection policy. If the bypass improves performance, consider implementing a bypass permanently.
Workiva uses subdomains. If the SSL Inspection equipment is capable of wildcard entry for the domains, that is a recommended method.
Check for SSL inspection
To see if SSL inspection is being performed, use the following steps to review the web certificate:
- Go to https://app.wdesk.com and log into the Workiva platform by selecting Sign in, or using your company's authentication tool.
- In the top URL bar, click on the site information icon, then click Connection is secure.
- Select Certificate is valid. A new Certificate window will display. Take a screenshot of the General tab.
- Compare the Clients certificate to the ones listed below. If the certificate does not match the one below, notify your IT department.
Domain | Fingerprints |
---|---|
app.wdesk.com h.app.wdesk.com |
Certificate: 7D 09 E8 52 B9 F0 E5 49 26 50 26 39 3F AD CC 1C 47 B3 75 9E C0 3F 4C 83 3D 14 D6 06 60 CF 16 84 Public Key: A9 1F DD 5B 39 42 65 6B E1 37 11 68 34 79 71 24 26 F4 FF 6D 92 1E A7 65 5C 3B 12 EB 3E 65 55 6F |
eu.wdesk.com h.eu.wdesk.com |
Certificate: 1F E9 F3 A0 21 9C 27 59 77 CE D5 AC 67 07 1E 2C D5 3E 81 87 FE 80 F8 F3 AE E4 71 C6 C2 49 E9 8F Public Key: E2 40 59 B6 80 4E 7F 0C 49 FB 37 B2 08 24 0F 6F 9E D2 FA 4A FF 64 FE 46 5E A5 13 0E 75 3F 0F 26 |
apac.wdesk.com h.apac.wdesk.com |
Certificate: A3 2E 9D DB E2 A3 50 33 C9 20 5B DF 15 F9 59 29 26 66 F7 ED 83 5A 94 B3 E2 DE 59 AE E2 75 A3 EB Public Key: 63 DB 85 EE FC 81 E5 78 41 6E 69 63 98 4F D2 04 D6 C6 31 C2 6B CD D6 91 AD 37 F9 1A A1 15 0F F2 |
Note: As a general best practice, we do not support certificate pinning. Web certificates are renewed frequently and depending on the certificate registration schedule, certificate pinning can lead to connection issues when renewal occurs. Work with your IT Department to ensure Certificate Pinning is not taking place.
Step 3: Test Network Health/Connection
You can test the speed and latency to the Workiva platform with this test, and it should only take ~30 seconds to complete.
This test will communicate to the closest CloudFlare endpoint and gather generic bandwidth/latency information. If the latency is showing more than 250+ ms for the server tested, you can expect it to affect your overall Workiva experience.
Cloudflare Endpoint Network Test
Click the link to access the test for Cloudflare. Capture a screenshot and record any errors if needed.
Local Internet Service Provider (ISP) Testing
It's also helpful to test the bandwidth coming from your local ISP. An easy test can be run by clicking on this link: Speedtest URL
If their results show speeds less than 25 Mbps download and 3 Mbps upload, there could potentially be performance issues. If you were able to walk through these tests without issues, there shouldn't be any issues from a networking standpoint when using the Workiva platform.
If you think there may be a potential issue, contact Workiva Support.
*Cloud Protection Solutions within Workiva: Because the Workiva platform is a real-time collaborative application, Workiva-related network traffic performs best when it's treated as a trusted Internet service and allowed to bypass much of the traditional filtering and scanning that some organizations place on network traffic to untrusted internet services.
This typically includes removing outbound processing such as proxy user authentication and packet inspection, as well as ensuring local egress to the Internet with the proper Network Address Translation (NAT) and enough bandwidth capacity to handle the increased network requests. Increased network security using technologies like proxies, SSL inspection, packet inspection, and data loss prevention systems, can dramatically reduce performance, scalability, and the quality of end user experience when applied to Workiva endpoints. Workiva strongly recommends avoiding the use of Cloud Access Security Broker (CASB) or Cloud Protection solutions with our platform.