Discussion of use cases and implementation experience integrating with Workday

["Belcher, C W" <>]

Yes, that is my understanding. The authn context value will be specified in the step-up authentication SAML configuration per WD tenant.

 

We are not planning on getting a forceauthn flag from WD.

 

Thanks, CW

——

 

C.W. BELCHER, Associate Director 

Identity & Access Management  |  Information Technology Services — Applications

The University of Texas at Austin  |  512-232-6519  |  FAC 326R

 

From: <> on behalf of "Michael W. Brogan" <>
Reply-To: "" <>
Date: Wednesday, May 11, 2016 at 11:27 AM
To: "" <>
Subject: RE: [InC-Workday] SAML-based step-up authentication details

 

As far as I know Workday isn’t federated; everyone has their own tenant. I think Workday’s plan is to expose a configuration item in the SAML admin UI that allows a site to set an AuthnContextClassRef that their IdP is expecting.

 

--Michael

 

From: [mailto:] On Behalf Of Nathan A. Dors
Sent: Wednesday, May 11, 2016 9:05 AM
To:
Subject: [InC-Workday] SAML-based step-up authentication details

 

Yesterday, Archana Ramamoorthy from Workday confirmed they're "thinking of utilizing AuthnContextClassRef" for step-up authentication using SAML. Workday Community users can read that here:

 

https://community.workday.com/idea/90665

 

Is anyone in on the details?

 

Are we collaborating on the specification of useful AuthnContextClassRef values?

 

Has there been any related discussion about configuring ForceAuthn? Do we need that in WD or are we all applying business rules within our SSO engines to decide when to force reauthentication?

 

This looks like great progress toward federated MFA in WD27.

 

Kudos to everyone who's contributed thus far.

 

-Nathan

 

 

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature