Introducing Janus: Stormloop's New Workday Security Solution

Workday MarketplaceSoftware
Written By Stormloop Technologies

Stormloop Technologies is excited to announce the soft launch of Janus, a groundbreaking security solution designed to defend your Workday tenant from unauthorized access. With Janus, your organization gains unprecedented control and visibility over API access, ensuring that external systems and internal accounts only access the data they are explicitly permitted to retrieve.

The Problem: Unchecked API Access in Workday

Workday provides powerful API capabilities, but improper security provisioning can expose sensitive data without your knowledge.

Reminder

Integration System Users get their access from Integration System Secuirty Groups. Those groups are what is assigned to Domians and Web Services.



Consider this scenario:

A consultant configures an Integration System User (ISU) for a vendor to run a Get Workers web service call. However, due to an oversight, the consultant mistakenly grants payroll access to the ISU.

Did you know? With this additional access, the ISU can now call payroll data—without any indication to your security team beyond a basic authentication log.

This kind of oversight happens more often than many organizations realize. Workday’s native logging does not record who is calling which data elements and when. That’s where Janus comes in.


How Janus Protects Your Workday Tenant

1. Enforcing API Restrictions

Janus allows you to configure granular access controls for your ISUs. In the above scenario, you could restrict the ISU to only the Get Workers API and receive an alert if any unauthorized web services are invoked.



2. Full Auditing & Vendor Accountability

Janus provides a detailed audit log of all web service attempts into Workday, tracking:

  • Which vendor made the request

  • Which web service was invoked

  • When the request occurred

This level of granular auditing is currently not available in Workday’s standard logs, making it difficult to pinpoint unauthorized API activity.

3. Proactive Security Monitoring

Even if an external system does not have access to payroll via its ISU, it is still critical for your team to know if an external party attempted to access restricted data. Janus provides data to your security team about these attempts before a breach occurs.

4. No Data Storage Risks

Unlike some API gateways, Janus does not store Workday responses, ensuring:

  • No risk of sensitive data being cached or exposed

  • Vendors experience no change in performance, data integrity, or response format

  • Your organization remains in full control of Workday data flows

5. Simple & Intuitive User Experience

Janus was designed with ease of use in mind:

  • Clean, modern UI

  • Quick account setup

  • Minimal configuration required


Join Our Soft Launch in March

We are currently seeking early adopters for our soft launch in early March.

Participants will receive:

  • Configuration assistance

  • Direct access to our team for enhancement requests

  • Priority support

Interested in a demo? Contact us today to see how Janus can transform your Workday security strategy.







Stormloop Technologies
Previous

Exploring the Workday Marketplace and Built on Workday Applications
Next

AI Gold Rush: The Future of Artificial Intelligence in HR Technology