I ended up having a client that wanted to do Access Request for Workday and they have the fulfillment already automated with another product that is being replaced with IG. I immediately opened the Idea. I did not have a chance to analyze the security model at that point. Since them they have pushed Workday on the list of applications down in priority, so I still can't give a complete analysis.
From what I know, the permissions would include the Workday roles that can be assigned as part of the authorization process. There are also Organizations that may also be assigned as part of the security model, but am not sure how this would be represented.
Workday could be used as an identity source and would also have accounts that the Workday Role model would be tied to as permissions.
Having an Identity data source for Workday makes good sense as more customers are moving to Workday for a Human Resources system.
It would be helpful to give an idea of the kind of information that would be part of an application data source for Workday. Would the permissions be the modules that can be accessed in Workday? Would there be a concept of a Workday account if Workday were actually the identity data source? What information from Workday makes sense as an application?