Enterprise AI agents stop – not because of model performance, but because of permission. All agent workflows eventually reach the same wall: what is the agent allowed to touch, on whose behalf, and how does the system know?
Workday’s answer is to make its existing system of record into a management layer for agents. Gerrit Kazmaier, the company’s president of product and technology, told VentureBeat in an interview that customers often struggle when integrating solutions for their agents.
“Sana ensures that the integrity of the authorization and security model is always followed,” Kazmaier said. “In fact, that’s where we see customers struggle when they try to build their own AI with access to raw data, so the richness of the security model is lost, and the results become overly broad.”
Workday, which launched Sana in March, is expanding its partnership with Google to bring its Sana agent system of record to Gemini Enterprise – so agents built on Sana are also available there.
Design precision
Kazmaier said the biggest hurdle they faced was ensuring agent accuracy, especially for HR and finance users.
“Probably what’s right is not acceptable,” Kazmaier said. “Think about paying people correctly, closing the books or managing work schedules reliably.”
Accuracy is harder to assess here than with most AI content. Policy configuration, role-based security, and organizational hierarchies are intimately related — a small compound error. And unlike most productivity AI results, HR and finance questions often don’t have an adjustment loop. By the time a check processes incorrectly or an interview is scheduled incorrectly, the damage is done.
Workday addressed this by building Gemini as its logic layer, then adding a context engine and business process logic on top. Workday also added validation and segmentation models that “interrogate” results before execution.
Accuracy and ownership, it turns out, are the same question: does the system know enough about the agent, the authorizer, and the current state of the record to act appropriately?
The advantage of Workday is that it can consider the organizational structures of its customers from the data they provide. Already, third-party identity providers like Okta verify their information by looking at the Date of Operation, so its core is the system of record for many businesses. Kazmaier said the Sana Self-Service Agent uses Gemini as a chat point to trigger workflows. The user is then authenticated and authenticated with the Workday identity and security model. Sana agents will only work for that user and work within their current permissions.
Audit methods follow the same concept: Gemini only keeps transaction logs, while the main audit remains during the Business Day and its customer.
For many practitioners in the HR and finance space, the consent and management layer of an agent’s system of record is essential in regulated environments.
“It has to live in the recording process, that’s not popular, that’s the only way it works,” said Dan Obendorfer, product director at Würk, in an email to VentureBeat. “If your permissions are defined somewhere other than where the data resides, you’re already lost.”
Kadan Stadelmann, chief technology officer and founder of Compance.AI, made a similar point separately. “Without an agent’s identity, performance, costs or actions, chaos ensues.”
