workday - Re: [InC-Workday] Question about 2FA and Workday
Subject: Discussion of use cases and implementation experience integrating with Workday
List archive
- From: Tom Scavo <>
- To:
- Subject: Re: [InC-Workday] Question about 2FA and Workday
- Date: Fri, 13 Nov 2015 07:43:40 -0500
On Thu, Nov 12, 2015 at 10:28 AM, Belcher, C W
<>
wrote:
>
> My question for the group is: If you were to use this functionality, how
> would you prefer the two-factor authentication be accomplished?
>
> 1. Use OTP functionality in Workday (delivered via SMS or email, or perhaps
> using a TOTP app/token)
> 2. Use SAML (using a different authentication context from your SAML-based
> first-factor authentication) to perform the 2FA at your IdP
> 3. Use another process?
Seems like #2 is the overwhelming favorite :-) and as it turns out,
SAML supports step-up authentication (at least as I understand the use
of the term here). If you take a look at the SAML core spec, you'll
see that the <samlp:AuthnRequest> element takes an optional
<saml:Subject> child element. Since the latter is known to the SP in a
step-up scenario, the SP could send a (signed?) AuthnRequest with
appropriate Subject and RequestedAuthnContext to the IdP to initiate
step-up authentication.
This is, of course, an atypical use of the SAML AuthnRequest protocol,
but the fact that the protocol supports step-up directly may be of
value here.
Tom
- [InC-Workday] Question about 2FA and Workday, Belcher, C W, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, David Langenberg, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, Steven Carmody, 11/12/2015
- RE: [InC-Workday] Question about 2FA and Workday, Michael W. Brogan, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, Linda Pruss, 11/13/2015
- Re: [InC-Workday] Question about 2FA and Workday, Michael R Gettes, 11/13/2015
- RE: [InC-Workday] Question about 2FA and Workday, Michael W. Brogan, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, Steven Carmody, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, David Langenberg, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, Tom Scavo, 11/13/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/15/2015
- Re: [InC-Workday] Question about 2FA and Workday, Tom Scavo, 11/15/2015
- Re: [InC-Workday] Question about 2FA and Workday, Steven Carmody, 11/16/2015
- Re: [InC-Workday] Question about 2FA and Workday, Linda Pruss, 11/16/2015
- Re: [InC-Workday] Question about 2FA and Workday, Belcher, C W, 11/19/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/20/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/26/2015
- Re: [InC-Workday] Question about 2FA and Workday, Cantor, Scott, 11/30/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/26/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/20/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/12/2015
Archive powered by MHonArc 2.6.16.