Reducing Query Turnaround from Days to Minutes
A Fortune 500 enterprise replaced a multi-day manual security query process in Workday with an autonomous Security Bot—slashing turnaround from days to under five minutes while improving accuracy and compliance traceability.
The Challenge
“The enterprise's security team received an average of 150 Workday security queries per week—questions from auditors, regulators, and internal compliance teams about user access permissions, role assignments, security group memberships, and access logs. Each query required a security analyst to manually navigate Workday's complex security interface, extract the relevant data, format it into a report, and submit it through a ticketing system. Average turnaround was 3-5 business days, creating significant audit delays and compliance risk.”
The Solution
Eficens developed a Workday Security Bot—an agentic AI system that connects directly to Workday's REST API and answer engine to respond to security queries autonomously. The bot receives queries in natural language, translates them into the appropriate Workday API calls, retrieves the security data, formats it into standardized reports, and delivers responses in under five minutes. All queries and responses are logged to an immutable audit trail integrated with the organization's SIEM.
Implementation
Workday API Integration
The Security Bot integrates with Workday via the Workday REST API and RAAS (Report-as-a-Service) framework, using a service account with strictly limited read-only security audit permissions—following the principle of least privilege. A query translation layer converts natural language security queries into the appropriate API calls, handling the complexity of Workday's security object model (including the distinction between security groups, domain security policies, business process security policies, and user-based security).
Query Understanding and Response Generation
A fine-tuned LLM handles query understanding, translating questions like "who has access to the Payroll Processing business process?" or "list all users with the Compensation Review security group added in the last 30 days" into structured API parameters. The LLM was trained on 500 examples of security queries mapped to their corresponding Workday API calls, covering the most common audit and compliance query patterns. For novel queries outside the training distribution, the bot flags the query for human review rather than attempting a potentially incorrect translation.
Audit Trail Integration
Every Security Bot interaction is logged to a structured audit database: the original query, the requestor's identity, the API calls made, the data retrieved, the formatted report, and the delivery timestamp. This audit trail is signed and immutable, satisfying SOX, GDPR, and SOC 2 audit requirements. Integration with the organization's SIEM (Splunk) enables security operations to monitor for unusual query patterns—such as a user running hundreds of access queries in a short period—that might indicate an insider threat or compromised account.
Related Resources
View allModel Context Protocol (MCP): Connecting AI to Legacy ERP Systems
SAP, Oracle, and decades-old ERP systems power the operations of the world's largest enterprises. MCP is the bridge that lets AI agents act on—not just talk about—this data.
The "Governance Gate": How We Redact PII and PHI by Default
In enterprise AI, data protection cannot be an afterthought. The Governance Gate is an architectural pattern that intercepts every agent action, identifies sensitive data, and redacts it before it reaches external systems—by default.
Managed Autonomy: Balancing Supervised and Autonomous Agent Execution
Full autonomy isn't always the goal. The most reliable enterprise AI deployments use a dynamic autonomy spectrum—knowing precisely when agents should act and when they must ask.