workday - RE: [InC-Workday] interim workarounds for MFA
Subject: Discussion of use cases and implementation experience integrating with Workday
List archive
- From: "Michael W. Brogan" <>
- To: "" <>, "" <>
- Subject: RE: [InC-Workday] interim workarounds for MFA
- Date: Thu, 16 Jul 2015 17:59:02 +0000
- Accept-language: en-US
- Authentication-results: nyu.edu; dkim=none (message not signed) header.d=none;
- Sn1pr08mb1805: X-MS-Exchange-Organization-RulesExecuted
We are using IdP v2 and do not use MCB. --Michael From: [mailto:]
On Behalf Of Gary Chapman Your interim approach is presumably with Shibboleth IdP v2... is use of MCB required? - Gary Chapman, NYU On Thu, Jul 16, 2015 at 11:51 AM, Nathan A. Dors <> wrote: Spurred by CW's message yesterday, I thought I'd start a thread on the interim solutions institutions are adopting to implement MFA with Workday today. Here's our interim solution at UWash: This solution requires our IAM team to implement a new user interaction flow through our web SSO service, and coordinate the related request-responses with our SAML IdP (Shib).
It has a user experience drawback in that it bluntly enforces MFA on resources that don't require it, when accessed by a user in a security role that requires MFA for access to some resources. On the other hand, it also doesn't require
us to issue MFA tokens to all employees and others accessing Workday. If Workday adopts a MFA solution that can be configured based on security roles in Workday and uses AuthnContextClass, we think we'll have a relatively smooth transition from our interim solution. The implementation also, peripherally,
motivates us even further to replace our aging web SSO service with Shibboleth 3.0. Michael Brogan, our IAM solution architect and workstream lead for our Workday project, has posted related project documents here: Are others adopting this same basic solution/pattern? What are some alternatives? -Nathan |
- [InC-Workday] interim workarounds for MFA, Nathan A. Dors, 07/16/2015
- Re: [InC-Workday] interim workarounds for MFA, Gary Chapman, 07/16/2015
- Re: [InC-Workday] interim workarounds for MFA, David Walker, 07/16/2015
- RE: [InC-Workday] interim workarounds for MFA, Michael W. Brogan, 07/16/2015
- Re: [InC-Workday] interim workarounds for MFA, Gary Chapman, 07/16/2015
Archive powered by MHonArc 2.6.16.