workday - Re: [InC-Workday] Question about 2FA and Workday
Subject: Discussion of use cases and implementation experience integrating with Workday
List archive
- From: Gary Chapman <>
- To:
- Subject: Re: [InC-Workday] Question about 2FA and Workday
- Date: Sun, 15 Nov 2015 10:04:16 -0500
It appears that HR at NYU is about to have some direct conversations with
Workday on the subject of "step-up" authentication, which I'll be involved in.
I'd like to go in with a slightly more detailed "spec" of what's sought. Do folks
have suggestions regarding this rough draft?
=============================================================
High-Level Spec for Workday Support of Step-Up Authentication via SAML
Step-up authentication is defined as an authentication process for end-users
subsequent to primary username/password authentication, e.g. a 2nd-factor
authentication step.
For customers using SAML-based web SSO, Workday would provide these
capabilities:
(1) An administrative interface for designating specific pages/functions, user
roles, or users as requiring step-up authentication.
(2) Workday would invoke a SAML authentication flow upon user access to
one of the designated pages (or upon login by a designated user) asking the
user's SAML IdP to perform the additional authentication step. A successful
secondary authentication would permit the desired access within Workday;
a failed secondary authentication would yield an error message.
(3) The SAML mechanism to be used involves Workday sending an
AuthnRequest with the username (Subject) of the user and a defined
RequestedAuthnContext telling the IdP to perform the secondary authentication.
=============================================================
On Thu, Nov 12, 2015 at 10:28 AM, Belcher, C W <> wrote:
Hi folks,FYI UT Austin had a discussion with Workday yesterday about possible enhancements to authentication policies to allow specific tasks to be identified as “sensitive” that would require two-factor authentication. This would allow the enforcement of “step-up” authentication when specific tasks are being performed.My question for the group is: If you were to use this functionality, how would you prefer the two-factor authentication be accomplished?
- Use OTP functionality in Workday (delivered via SMS or email, or perhaps using a TOTP app/token)
- Use SAML (using a different authentication context from your SAML-based first-factor authentication) to perform the 2FA at your IdP
- Use another process?
Thanks, CW——
C.W. BELCHER, Associate Director
Identity & Access Management | Information Technology Services
The University of Texas at Austin | 512-232-6519 | FAC 326R
- [InC-Workday] Question about 2FA and Workday, Belcher, C W, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, David Langenberg, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, Steven Carmody, 11/12/2015
- RE: [InC-Workday] Question about 2FA and Workday, Michael W. Brogan, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, Linda Pruss, 11/13/2015
- Re: [InC-Workday] Question about 2FA and Workday, Michael R Gettes, 11/13/2015
- RE: [InC-Workday] Question about 2FA and Workday, Michael W. Brogan, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, Steven Carmody, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, David Langenberg, 11/12/2015
- Re: [InC-Workday] Question about 2FA and Workday, Tom Scavo, 11/13/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/15/2015
- Re: [InC-Workday] Question about 2FA and Workday, Tom Scavo, 11/15/2015
- Re: [InC-Workday] Question about 2FA and Workday, Steven Carmody, 11/16/2015
- Re: [InC-Workday] Question about 2FA and Workday, Linda Pruss, 11/16/2015
- Re: [InC-Workday] Question about 2FA and Workday, Belcher, C W, 11/19/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/20/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/26/2015
- Re: [InC-Workday] Question about 2FA and Workday, Cantor, Scott, 11/30/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/26/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/20/2015
- Re: [InC-Workday] Question about 2FA and Workday, Gary Chapman, 11/12/2015
Archive powered by MHonArc 2.6.16.