Workday ASOR and Gemini move HR agents to the approval line

AI 요약

• What happened: Workday and Google Cloud connected Sana Self-Service Agent to Gemini Enterprise.
  • The announcement landed on May 28, 2026, with early access for eligible Workday customers.
• The architecture: Gemini becomes the default model while Workday ASOR anchors permissions and approval paths for HR and finance agents.
• Developer impact: Enterprise-agent design is moving from chat UI toward systems of record, approval chains, and zero-copy data access.
  • The release also names A2A, A2UI, and MCP as ways to support agent handoff.
• Watch: Workday Data Cloud is still in early adopter status, and unreleased capabilities carry the usual availability caveats.

Workday and Google Cloud announced an expanded strategic partnership on May 28, 2026. The first layer of the announcement is straightforward: Workday's Sana Self-Service Agent is coming into Gemini Enterprise, and Gemini becomes the default AI model for Sana for Workday.

The more important layer is where the agent is allowed to act. An employee inside Gemini Enterprise can ask about time-off balance, view payslips, check tax withholding details, update personal information, and create a leave request. That is no longer a search box with nicer prose. It is an action surface on top of HR and finance systems where permissions, approvals, and audit trails decide whether the agent should move.

Workday puts the phrase Agent System of Record, or ASOR, at the center of this announcement. The release ties Workday ASOR, Google Cloud's agent platform, and Gemini models into one operating model for Workday, Google Cloud, and third-party agents. The ordering matters. Governance and security appear before model novelty because HR and finance agents become risky as soon as they move from answers to workflow execution.

What the HR agent can actually do

The Google Cloud Press Corner and Workday investor release describe the same set of user flows. Employees can use Gemini Enterprise to check time-off balance, update personal information, review payslips and tax withholding, and submit leave requests. Managers can review team goals, bulk approve timesheets, start performance reviews, and submit payroll input without leaving the AI experience. Finance users can ask about expense and travel policy, corporate card eligibility, and how to create requests or cases.

Those examples look ordinary only because HR workflows are familiar. Their risk profile is not ordinary. Reading time-off balance is a read permission. Updating personal information is a write action. Bulk approving timesheets changes pay and attendance records for other people. Starting a performance review opens an HR process. Submitting payroll input can create finance and compliance exposure. If one conversational UI handles all of those actions, "who can do what" has to be enforced by the system, not by prompt wording.

Workday frames Sana for Workday as a single place where CHROs, CFOs, managers, and employees can ask questions, trigger workflows, and work with Workday agents. The same release says Workday's security, business rules, and approval chains sit alongside Gemini's reasoning, multilingual support, and multimodal capabilities. That is product language, but the sequence is technically relevant. The agent is useful only if it acts inside Workday's permission model rather than improvising policy after a model response.

Why ASOR is the main object

A system of record is the official place where a company stores business state: payroll, employee records, finance records, contracts, and other data that the organization treats as authoritative. When an AI agent attaches to that layer, the job changes. A chatbot saying "your leave policy says this" mainly needs retrieval quality and freshness. An agent saying "I will submit the leave request" also needs the approver, leave type, regional policy, payroll cut-off, substitute coverage, and audit log.

Workday ASOR repackages that old enterprise-software concept for the agent era. In this context, ASOR does not mean a simple inventory of agents. It means Workday wants its user permissions, business-process framework, data model, and approval chains to become the reference point for agent execution. In HR and finance, a correctly formatted action by an unauthorized agent can cost more than a wrong answer.

That reverses a common prototype pattern. Many SaaS agent demos start with an LLM and API tools, then add permission checks, logging, and review gates later. Workday and Google are describing the opposite shape: the system of record is already there, and the agent becomes an action layer on top of it. If that model holds in production, the agent app is less a prompt-management surface and more a policy-enforcement surface.

Why A2A, A2UI, and MCP appear together

One notable sentence in the announcement names Agent-to-Agent, Agent-to-UI, and Model Context Protocol approaches together. Workday and Google Cloud say the partnership supports these approaches so AI agents can share information and autonomously hand off tasks. Three protocol labels appear because HR and finance work rarely ends in a single tool call.

Take a travel-expense question. If the agent only explains the policy, the problem is retrieval. If it has to account for the employee's level, cost center, travel region, corporate card eligibility, manager approval, and finance-case creation, several agents, UI surfaces, and system APIs may be involved. Gemini Enterprise is the user-facing conversation surface. Sana knows Workday workflows. A finance-policy agent can interpret spending rules. Workday ASOR decides whether the action is allowed.

MCP has already spread quickly through developer tooling as a standard way to connect external tools and data. A2A targets agent delegation and collaboration. A2UI points at the path between agents, UI state, and user interaction. The Workday and Google release does not publish endpoint schemas, permission semantics, or failure-handling details. Still, the fact that a system-of-record vendor put those names into the official release shows where the enterprise-agent market is moving: away from "one chatbot" and toward operating many agents, tools, and UI states safely.

Zero-copy matters for HR data

Workday and Google Cloud also announced zero-copy access between Workday Data Cloud and Google Cloud Lakehouse. The claim is that customers can query HR and finance data without moving or copying it, while each system reads data where it lives and keeps security permissions and business rules intact. Workday Data Cloud is available to early adopter customers, with general availability planned for later in 2026.

For HR and finance data, the control cost is often larger than the storage cost. Employee pay, tax, attendance, performance, and expense data copied into a separate lakehouse expands the work around lineage, residency, retention, masking, and access review. Conversational analytics wants broad and fast data access. HR data is exactly the kind of data that cannot be broadly opened without strict boundaries. Zero-copy access is an attempt to reduce that tension.

The implementation questions are the ones developers should track. When an agent asks, "Show overtime risk for this organization last quarter," which system runs the query? Does the result enter the agent's memory or trace? If Gemini Enterprise, Workday Data Cloud, and BigQuery disagree about a permission boundary, which system wins? The release says permissions and business rules remain intact, but real deployments will depend on identity mapping, row-level security, and correlated audit events.

Gemini as the default model

The default-model clause is not a small detail. Workday says Gemini will be the default AI model for Sana for Workday, while also saying Sana supports multiple AI models and customers can select other models. Defaults carry weight in enterprise software. They shape reference implementations, support paths, GSI playbooks, latency expectations, data-processing agreements, regional availability, and cost assumptions.

For Google Cloud, this strengthens Gemini Enterprise as a workplace agent surface. The release says employees can ask questions in Gemini Enterprise and receive personalized answers pulled directly from Workday with the correct policies and permissions applied. Google is not only supplying a model. It is supplying the employee-facing agent UI. Workday keeps the system of record and HR-finance workflow. As that overlap grows, the competition shifts from "which API can call the best model" to "which work surface can approve the action."

The Microsoft angle is also visible. Workday announced on May 13, 2026, that Sana Self-Service Agent would be available through Microsoft Copilot. The Google announcement extends the Gemini Enterprise route. Workday appears to be distributing its agents across several enterprise AI surfaces while trying to keep permission and approval control inside ASOR. Google and Microsoft each want to become the front door to employee workflow.

The same UI hides different permission surfaces

The table shows why "agent" is too broad a label. An employee self-service agent mainly touches the user's own data and request creation. A manager agent touches other people's attendance and performance processes. A finance agent connects to spending rules and payment procedures. An administrator agent could affect the Workday tenant itself. The conversational shell may look similar, but the permission surface is different in each case.

Enterprise-agent metrics should change accordingly. Answer accuracy and latency are not enough. Teams need to track approval rates by action, rejected-action causes, permission-denial logs, confirmation steps, bulk-action rollback, and policy-source freshness. The more agents enter systems of record, the more product teams will work on workflow state machines and audit-event schemas rather than prompt text alone.

Why the GSI paragraph matters

The release names Accenture, Deloitte, and KPMG as partners that can bring stakeholder, governance, technical, and business-process knowledge. That may look like a standard partner paragraph, but it is practical for HR and finance agents. Leave policies, expense approvals, payroll calendars, local compliance, union rules, and cost-center structures differ by company. The same Sana agent can require a different safe action boundary in every enterprise tenant.

KPMG's quote also points to Financial Close Companion, a month-end close assistant previously introduced with Workday and Google. This announcement extends that pattern toward HR self-service and finance workflows. In this market, GSIs are not only implementation partners. They translate process rules into action catalogs, approval policy, and operational rollout plans.

That has cost implications. AI agents are sometimes discussed as tools that reduce SaaS seats or back-office labor. Real enterprise rollout also brings GSI consulting, data-permission cleanup, business-process redesign, security review, and change management. CIO Dive read the announcement as part of Workday's effort to defend customer retention and workflow integration as SaaS companies face AI pressure. The business-model question behind the product news is whether agents reduce SaaS consumption or let system-of-record vendors charge for the new operating surface around agent work.

What still needs verification

First, the real early-access scope matters. The release says Sana Self-Service Agent in Gemini Enterprise is available in early access for eligible Workday customers. Workday Data Cloud is also in early adopter status, with general availability planned later in 2026. Buyers should separate what is available now from what is planned.

Second, pricing and contract structure are still implementation questions. Workday user discussions mention agent dashboards, ASOR access, uMSA, and Flex Credit Agreement considerations. That is not a substitute for official pricing, but it reflects the first friction practitioners meet. Once agents sit in employee workflows, usage can be billed through seats, credits, model tokens, marketplace procurement, or a mix of those categories.

Third, multi-model flexibility has to be tested in practice. Workday says Sana supports multiple AI models. If Gemini is the default, support docs, tuning, reference designs, and GSI templates may still concentrate around Gemini. Customers choosing another model will need to verify quality, latency, compliance, region availability, and tool compatibility separately.

Fourth, protocol support needs concrete documentation. A2A, A2UI, and MCP in a press release do not by themselves make handoff safe. Teams still need to know who delegated the task, which identity called the tool, whether an intermediate agent can skip user confirmation, what happens on partial failure, and where the audit record is written.

The developer question

This announcement is not only Workday customer news. It shows how enterprise-agent competition is moving toward approval control. In HR and finance, even a strong agent runtime cannot safely operate outside the official data model and approval chain. Workday calls that boundary ASOR. Google is pushing Gemini Enterprise as the employee-facing surface.

Development teams can take three questions from the announcement. Where is the agent's source of truth? Does every tool call inherit the role and approval chain of the existing business system? Can the audit log distinguish a human-created action from an agent-created action? Without those answers, an agent can look fast in a demo and become unsafe in operations.

Putting AI agents into enterprise work is no longer mostly about making a chat interface. The Workday and Google Cloud announcement joins the place where data lives, the place where approval happens, and the place where employees ask for work to be done. In that design, the model name matters. But ASOR, zero-copy access, A2A/A2UI/MCP handoff, and the process rules translated by GSIs decide whether the agent can act.