Discussion of use cases and implementation experience integrating with Workday

[Gary Chapman <>]

We'd want:

• Use SAML (using a different authentication context from your SAML-based first-factor authentication) to perform the 2FA at your IdP

Perhaps we'd desire step-up for specific tasks but also for specific people/roles...

- Gary

On Thu, Nov 12, 2015 at 10:28 AM, Belcher, C W <> wrote:

Hi folks, 

FYI UT Austin had a discussion with Workday yesterday about possible enhancements to authentication policies to allow specific tasks to be identified as “sensitive” that would require two-factor authentication. This would allow the enforcement of “step-up” authentication when specific tasks are being performed. 

My question for the group is: If you were to use this functionality, how would you prefer the two-factor authentication be accomplished? 

• Use OTP functionality in Workday (delivered via SMS or email, or perhaps using a TOTP app/token)
• Use SAML (using a different authentication context from your SAML-based first-factor authentication) to perform the 2FA at your IdP
• Use another process? 

Thanks, CW

——

C.W. BELCHER, Associate Director 

Identity & Access Management  |  Information Technology Services 

The University of Texas at Austin  |  512-232-6519  |  FAC 326R