Skip to Content.
Sympa Menu

workday - RE: [InC-Workday] SAML-based step-up authentication details

Subject: Discussion of use cases and implementation experience integrating with Workday

List archive

RE: [InC-Workday] SAML-based step-up authentication details


Chronological Thread 
  • From: "Michael W. Brogan" <>
  • To: "" <>
  • Subject: RE: [InC-Workday] SAML-based step-up authentication details
  • Date: Wed, 11 May 2016 16:27:30 +0000
  • Accept-language: en-US
  • Authentication-results: incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=none action=none header.from=uw.edu;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:23

As far as I know Workday isn’t federated; everyone has their own tenant. I think Workday’s plan is to expose a configuration item in the SAML admin UI that allows a site to set an AuthnContextClassRef that their IdP is expecting.

 

--Michael

 

From: [mailto:] On Behalf Of Nathan A. Dors
Sent: Wednesday, May 11, 2016 9:05 AM
To:
Subject: [InC-Workday] SAML-based step-up authentication details

 

Yesterday, Archana Ramamoorthy from Workday confirmed they're "thinking of utilizing AuthnContextClassRef" for step-up authentication using SAML. Workday Community users can read that here:

 

https://community.workday.com/idea/90665

 

Is anyone in on the details?

 

Are we collaborating on the specification of useful AuthnContextClassRef values?

 

Has there been any related discussion about configuring ForceAuthn? Do we need that in WD or are we all applying business rules within our SSO engines to decide when to force reauthentication?

 

This looks like great progress toward federated MFA in WD27.

 

Kudos to everyone who's contributed thus far.

 

-Nathan

 

 

 


Archive powered by MHonArc 2.6.16.

Top of Page