workday - RE: [InC-Workday] Question about 2FA and Workday

Subject: Discussion of use cases and implementation experience integrating with Workday

List archive

RE: [InC-Workday] Question about 2FA and Workday

From: "Michael W. Brogan" <>
To: "" <>
Subject: RE: [InC-Workday] Question about 2FA and Workday
Date: Thu, 12 Nov 2015 16:24:48 +0000
Accept-language: en-US
Authentication-results: spf=none (sender IP is ) ;
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:23

+1 for University of Washington

-----Original Message-----
From:

[mailto:]
On Behalf Of Steven Carmody
Sent: Thursday, November 12, 2015 7:47 AM
To:

Subject: Re: [InC-Workday] Question about 2FA and Workday

+1 from Brown.

On 11/12/15 10:37 AM, David Langenberg wrote:
> We also would want Use SAML with different Authn Context. What we
> definitely do not want is the first option. We already have a MFA
> solution that we're quite fond of and would not want to have multiple
> MFA solutions that are vendor-specific.
>
>
> Dave
>
>> On Nov 12, 2015, at 8:31 AM, Gary Chapman
>> <
>>
>> <mailto:>>
>> wrote:
>>
>> We'd want:
>>
>> * Use SAML (using a different authentication context from your
>> SAML-based first-factor authentication) to perform the 2FA at
>> your IdP
>>
>> Perhaps we'd desire step-up for specific tasks but also for specific
>> people/roles...
>>
>> - Gary
>>
>> On Thu, Nov 12, 2015 at 10:28 AM, Belcher, C W
>> <
>>
>> <mailto:>>
>> wrote:
>>
>> Hi folks,
>>
>> FYI UT Austin had a discussion with Workday yesterday about
>> possible enhancements to authentication policies to allow specific
>> tasks to be identified as “sensitive” that would require
>> two-factor authentication. This would allow the enforcement of
>> “step-up” authentication when specific tasks are being performed.
>>
>> My question for the group is: If you were to use this
>> functionality, how would you prefer the two-factor authentication
>> be accomplished?
>>
>> * Use OTP functionality in Workday (delivered via SMS or email,
>> or perhaps using a TOTP app/token)
>> * Use SAML (using a different authentication context from your
>> SAML-based first-factor authentication) to perform the 2FA at
>> your IdP
>> * Use another process?
>>
>> Thanks, CW
>>
>> *——*
>> *
>> *
>> *C.W. BELCHER*, Associate Director ____
>> Identity & Access Management | Information Technology Services ____
>> The University of Texas at Austin| 512-232-6519
>> <tel:512-232-6519> | FAC 326R
>>
>>
>
>
> --
> David Langenberg
> Identity & Access Management Architect The University of Chicago
>

[InC-Workday] Question about 2FA and Workday, Belcher, C W, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/12/2015
  - Re: [InC-Workday] Question about 2FA and Workday, David Langenberg, 11/12/2015
    - Re: [InC-Workday] Question about 2FA and Workday, Steven Carmody, 11/12/2015
      - RE: [InC-Workday] Question about 2FA and Workday, Michael W. Brogan, 11/12/2015
        
        Re: [InC-Workday] Question about 2FA and Workday, Linda Pruss, 11/13/2015
        
        Re: [InC-Workday] Question about 2FA and Workday, Michael R Gettes, 11/13/2015
- Re: [InC-Workday] Question about 2FA and Workday, Tom Scavo, 11/13/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/15/2015
  - Re: [InC-Workday] Question about 2FA and Workday, Tom Scavo, 11/15/2015
  - Re: [InC-Workday] Question about 2FA and Workday, Steven Carmody, 11/16/2015
    - Re: [InC-Workday] Question about 2FA and Workday, Linda Pruss, 11/16/2015
    - Re: [InC-Workday] Question about 2FA and Workday, Belcher, C W, 11/19/2015
      - Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/20/2015
        
        Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/26/2015

List archive

RE: [InC-Workday] Question about 2FA and Workday