The thing ASoR is meant to solve is one that did not really exist eighteen months ago. Most enterprises now have agents popping up in different corners of the business. A recruiting agent here. A finance reconciliation agent there. Three different policy chatbots in three different tools. Nobody can produce a single list of what is running, who owns it, what data it touches, or what it cost last month. Workday calls this "agent sprawl". The name is unflattering. The phenomenon is real.
ASoR is Workday's answer to it. In short: a registry, a security model, a lifecycle, and a set of reports for every agent in your tenant, whether Workday built it, a partner built it, or you built it.
Four pillars, in plain language
Lifecycle management. You register an agent (Workday-built, partner, or external), configure its skills, assign security groups per skill, and activate it. Every agent goes through the same four steps regardless of origin: discover, register, configure, activate. The Agent Management Hub is the UI where this happens.
Security and governance. Every agent gets an identity. Workday calls it the Agent System User (ASU), the equivalent of a human worker account, but for agents. It authenticates via OAuth 2.0, gets scoped authorization to specific tools, and every action is logged in an audit trail. Two execution modes apply. Delegate, where the agent acts on behalf of a specific user and is evaluated against that user's security. Ambient, where the agent acts as itself and is evaluated against its own security group. That distinction is more useful than it sounds. A recruiting agent that pre-fills a job requisition for a manager is in Delegate mode. A finance agent that runs nightly anomaly detection is in Ambient mode.
Analytics and observability. Four reporting layers at GA. Usage (sessions, unique users, active agents). Monitoring (skill-level interaction data per agent). Auditing (the AI Agent User Audit Trail, security per skill). Compliance (input/output reports per agent for any defined date range). Both Workday-built and external agents are covered.
Interoperability. Agent Gateway is the secure entry point that any non-native agent uses to reach Workday data. It handles authentication, traffic monitoring, fingerprinting, telemetry, and routes to the underlying APIs (REST, SOAP, the Graph API, WQL, RaaS, and the ASoR API itself). External agents register via the ASoR API, aligned with Google's Agent-to-Agent (A2A) specification.
Why this matters more than the marketing makes it sound
Pre-ASoR, governing agents was a problem each team solved differently. The recruiting team had its own controls on HiredScore. The finance team had its own on Evisort. A custom agent built in Flowise had whatever controls the developer felt like adding. Audit was a manual exercise. Cost was opaque. Security teams were nervous and often justifiably so.
ASoR moves all of this onto one plane. It is not a new agent product. It is the operating layer underneath the agent products you already use. The value is not in any single feature. It is in having one place to answer the questions a CHRO or CISO is going to ask: what is running, who approved it, what does it touch, what is it costing, and where is the audit trail.
“Most HRIS leaders will not log into ASoR every day. They will rely on the answers it makes possible the first time a CISO asks which agents are running in the tenant, what they touch, and who approved them.”
The roadmap that actually matters
What is in the GA release today: register, configure, and activate agents. Agent System User accounts and audit trails. The Agent Management Hub. API-based registration for external agents.
The next big jump lands in June 2026. Agent owners (so you can assign accountability per agent the way you assign managers to workers). Role-based security configuration. Session success and failure reporting. Microsoft and A2A integrations. Flowise agents directly in ASoR. MCP exposure for third-party developers. This is the release that takes ASoR from useful registry to working governance platform.
Beyond that, the 26R2 and later wave brings agents into the org chart, forecasted agent costs (a real budget signal at last), and integrations with Google Agentspace, AWS AgentCore, Salesforce Agentforce, Okta, and Glean. FedRAMP compliance is on the same horizon for public-sector tenants.
A practical reading of this timeline. ASoR is useful today as a registry and an audit layer. It becomes a real governance product in June. The conversation with your governance board should reflect that. There is a lot you can stand up now, and a meaningful jump in capability coming that you should plan around rather than chase ahead of.
A nuance most teams miss on the security model
The Delegate vs Ambient distinction is the bit that catches HRIS teams off guard. When an agent runs in Delegate mode, it inherits the security of the user it is acting for. That is mostly intuitive. When an agent runs in Ambient mode (background jobs, scheduled tasks, autonomous workflows), it acts under its own identity, and the security boundary is whatever you set on the Agent System User's security group.
The practical consequence: an Ambient agent with broad access is a privileged service account. It should be treated that way. Principle of least privilege. Regular access review. A named human owner. None of this is new to security teams, but it is new ground for HR ops teams who have not previously had to think about service accounts.
What Workday's first generation of native agents looks like
Workday's own agents have been rolling out across HR and Finance over the last year. The first wave: Recruiting, Talent Mobility, Succession, Contract Intelligence, Contract Negotiation, Payroll, Optimize, Policy, Financial Auditing, and Contingent Sourcing. The pipeline that has been teased publicly includes Accounts Payable, Accounting, Compensation Administration, Benefits Administration, Frontline Management, HR Specialist, Financial Analysis, Grants Management, Learning Content Development, and Talent Development Management agents.
A useful framing for thinking about all of them. Task-based agents (Policy, Contract Negotiation) automate one well-defined action, so they need tight scoping and a clear human-in-the-loop on the output. Role-based agents (Recruiting, HR Specialist, Frontline Management) bundle the work of a job family, so the governance question shifts from "what does this do" to "what slice of a role is it accountable for, and who owns the rest". Goal-based agents (Optimize, Financial Auditing) optimise for an outcome over many steps, which means you care most about the data they can reach and the boundaries on autonomous action. Learning agents that improve with feedback (parts of Talent Mobility and Succession) raise a feedback-loop question your data team should sign off on. ASoR is the plane where you can see all four classes side by side and apply a different governance posture to each rather than treating them as one undifferentiated category.
The setup work that pays off before June
There is a clean sequence of work that pays off before the June release lands. Start by inventorying what is already running, the AI features currently enabled in your tenant and any partner agents the business is using; most teams find one or two surprises on the first pass. Pair that with naming an Agent Administrator, a single human accountable for the registry and lifecycle (not a team, not a committee), in the same way you would have an HRIS lead for the core system.
From there the work shifts to entitlement and governance. Confirm your SKU eligibility with the Workday account team, since a set of native agents is included in customer licenses and many can be registered in non-production tenants at no extra cost to evaluate. In parallel, agree the governance model with your security and compliance partners: security groups, execution modes (Delegate vs Ambient), skills configuration, and the approval path for new agents. June will bring role-based configuration and explicit agent owners, but the model itself lives in your governance board, not in the product.
Then plan around the June 2026 release. Flowise agents landing inside ASoR means your custom builds slot into the same governance plane as the native ones, and MCP exposure for third parties answers most of the integration-protocol question. The HRIS teams that will look organised in Q3 are the ones who treated Q2 as a setup quarter rather than waiting for the release notes.
Where the marketing gets ahead of the reality
Two honest caveats. First, orchestration between agents (agents calling other agents in defined workflows) is not yet supported at GA. It is on the roadmap. If your near-term plans depend on multi-agent workflows, you are either building that layer yourself or waiting.
Second, the integrations with Agentspace, AgentCore, Agentforce, Okta, and Glean are 26R2+ items, which is "later in 2026" at best. Useful to know they are coming. Not useful to budget around.
A working definition to take into your next governance meeting
ASoR is the place every agent in your enterprise registers, gets an identity, gets scoped to specific tools, and gets observed. Workday built it. The first generation of Workday's own agents already lives there. By June, your Flowise-built custom agents will too. The HRIS job is to plan the operating model that goes around it. The platform alone does not govern anything. Disciplined HRIS practice on top of the platform does.
