Skip to Content.
Sympa Menu

workday - Re: [InC-Workday] Question about 2FA and Workday

Subject: Discussion of use cases and implementation experience integrating with Workday

List archive

Re: [InC-Workday] Question about 2FA and Workday


Chronological Thread 
  • From: Linda Pruss <>
  • To: "<>" <>
  • Subject: Re: [InC-Workday] Question about 2FA and Workday
  • Date: Fri, 13 Nov 2015 00:24:57 +0000
  • Accept-language: en-US
  • Authentication-results: spf=pass (sender IP is 198.150.12.51) smtp.mailfrom=madisoncollege.edu; incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=bestguesspass action=none header.from=madisoncollege.edu;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:23
Same here at Madison College --

Linda

> On Nov 12, 2015, at 10:25 AM, Michael W. Brogan
> <>
> wrote:
>
> +1 for University of Washington
>
> -----Original Message-----
> From:
>
>
> [mailto:]
> On Behalf Of Steven Carmody
> Sent: Thursday, November 12, 2015 7:47 AM
> To:
>
> Subject: Re: [InC-Workday] Question about 2FA and Workday
>
> +1 from Brown.
>
>> On 11/12/15 10:37 AM, David Langenberg wrote:
>> We also would want Use SAML with different Authn Context. What we
>> definitely do not want is the first option. We already have a MFA
>> solution that we're quite fond of and would not want to have multiple
>> MFA solutions that are vendor-specific.
>>
>>
>> Dave
>>
>>> On Nov 12, 2015, at 8:31 AM, Gary Chapman
>>> <
>>>
>>> <mailto:>>
>>> wrote:
>>>
>>> We'd want:
>>>
>>> * Use SAML (using a different authentication context from your
>>> SAML-based first-factor authentication) to perform the 2FA at
>>> your IdP
>>>
>>> Perhaps we'd desire step-up for specific tasks but also for specific
>>> people/roles...
>>>
>>> - Gary
>>>
>>> On Thu, Nov 12, 2015 at 10:28 AM, Belcher, C W
>>> <
>>>
>>> <mailto:>>
>>> wrote:
>>>
>>> Hi folks,
>>>
>>> FYI UT Austin had a discussion with Workday yesterday about
>>> possible enhancements to authentication policies to allow specific
>>> tasks to be identified as “sensitive” that would require
>>> two-factor authentication. This would allow the enforcement of
>>> “step-up” authentication when specific tasks are being performed.
>>>
>>> My question for the group is: If you were to use this
>>> functionality, how would you prefer the two-factor authentication
>>> be accomplished?
>>>
>>> * Use OTP functionality in Workday (delivered via SMS or email,
>>> or perhaps using a TOTP app/token)
>>> * Use SAML (using a different authentication context from your
>>> SAML-based first-factor authentication) to perform the 2FA at
>>> your IdP
>>> * Use another process?
>>>
>>> Thanks, CW
>>>
>>> *——*
>>> *
>>> *
>>> *C.W. BELCHER*, Associate Director ____
>>> Identity & Access Management | Information Technology Services ____
>>> The University of Texas at Austin| 512-232-6519
>>> <tel:512-232-6519> | FAC 326R
>>
>>
>> --
>> David Langenberg
>> Identity & Access Management Architect The University of Chicago
>

Archive powered by MHonArc 2.6.16.

Top of Page