This article is for:
- IT Groups and Administrators
The Workiva platform is a cloud-based SaaS (software as a service) application that makes creating and managing complex business reports easy. It utilizes Amazon Web Services (AWS) as the IaaS (Infrastructure as a Service).
The platform allows structured and unstructured data to be aggregated and connected across reporting and compliance outputs, including presentations, spreadsheets, and reports. The platform is accessed through a secure HTTPS connection using TLS version 1.3+. The URLs are apac.wdesk.com, app.wdesk.com or eu.wdesk.com.
Step 1: Review network settings
Workiva requires customers to allowlist URLs and bypass any SSL decryption tools or CASBs due to the performance impact they have on the application.
Learn more in IT network setup guide.
Step 2: Check system requirements
Workiva recommends the use of up-to-date Google Chrome or Edge Chromium Browsers for the best experience.
For more details, see the System requirements.
Step 3: Update security settings
Workiva offers security settings that you can update to meet your policies. You can configure session timeout, password policy, the IP allowlist, two-factor authentication, and single sign-on. To update security settings, you need to be an Org Security Admin.
Step 4: Review additional settings
Using SAML SSO and SCIM
Within the Workiva platform, organizations are recommended to use any SAML 2.0 compliant identity provider. Additionally, you can use System for Cross-domain Identity Management (SCIM) to automatically manage and provision users in your organization. To learn more about updating these settings in Organization Admin, view the following articles:
Bring your own key (BYOK)
Workiva has an optional feature called bring your own key (BYOK), which allows you to manage your own encryption keys. You can also choose to generate a unique encryption key and have us manage it for you. For more information, please contact your sales representative or security@workiva.com.
To learn more, view the following help article:
Step 5: Check email routing
Workiva has an optional feature to allow all email messages to route through customer servers to enable full audit and retention if desired. For more information, please email security@workiva.com.
Step 6: Visit the compliance portal
You can access Workiva security documentation on demand. This includes our SOC reports, third-party vulnerability/penetration tests, business continuity planning (BCP) and disaster recovery (DR) documentation, code of conduct, information security policies, security white paper, and cloud security alliance questionnaire.
Visit the Workiva compliance portal, and sign in using Workiva. If you don’t have a sign-in, complete the form get a one-time use link.
Step 7: Stay Informed
To stay up to date on new and upcoming features to the Workiva platform, subscribe to release notes. You can also visit the status page on to see any outages or incidents affecting our products and features, and subscribe to them via email to get notifications via status.workiva.com.
To better enable our customers to continuously monitor Workiva’s security stance, you can also visit and subscribe to Workiva’s Security Bulletins site, which provides Workiva’s official statements on vulnerabilities and CVE.
We additionally recommend providing Security@workiva.com a security contact for incident notifications as defined in our contract.
To report something to Workiva Security reach out via https://www.workiva.com/contact and select “Privacy and Security”.
Step 8: Backups
Workiva recommends customers determine their desired retention levels within the Workiva platform. At any time you can save/export a document or delete a document by trashing it and then emptying the trash. Files can be saved down via DOCX, XLSX, or PDF format for use outside the application. This can be done manually as needed for retention purposes.
This can be automated using Workiva’s REST API’s as documented on developers.workiva.com. More specifically, the sections "Retrieve a list of documents" and "Initiate a document export" provide information on how this can be programmatically accomplished. The API job can be scheduled to run on a cadence you determine so that you can meet your backup requirements.
Visit Workiva platform status and backups for more information