Authentication Settings

single sign on

Workiva takes the security of every customer’s data very seriously. However, protecting this information also requires your help. Wdesk allows you a great deal of customization with regards to the security controls you can enforce, and we recommend the following to minimize your risk of compromise.

Single Sign-On (SSO)

Whenever possible, we recommend that you leverage your existing authentication infrastructure by making use of SAML Single Sign-On (SSO) authentication, and requiring all non-administrative users to use this method of authentication.

Assistance configuring this can be obtained by contacting You will need some technical information about the configuration of your SAML identity provider.

Two-Factor Authentication

If SAML Single Sign-On (SSO) is not an option for you, we recommend that you make use of two-factor authentication using a one-time password (OTP) device in conjunction with your Workiva logins.

The use of two-factor will require users to make use of a PIN in combination with their password. It is recommended that this PIN be at least 6 digits, not contain any repeating numbers in a row, and not contain sequences of numbers (e.g., 123759 is allowed, but 123459 is not).

If You’re Not Using SAML or Two-Factor

The information below describes the default security settings for a new account. You may wish to change these to fit your standards.

Authentication: Password Requirements

• Passwords must be at least (characters): 8

• Require at least one letter

• Require at least one number

• Require at least one special character

• Password may be changed (times per day): 3

Authentication: Password Expiration

• Require Passwords to Expire

• Account members’ passwords must be changed every (days): 90

• Account administrators’ passwords must be changed every (days): 60

• Number of unique passwords before a password can be reused: 6

General Settings

image alt text

The following are recommended values for security-related configuration options in the Wdesk administrative panel. For email domains, restrict to the domain(s) authorized to use your Wdesk account. For authentication and login, require login after sixty minutes of inactivity and do not allow the form to remember the username.