Status Update

May 12, 2016 – Occasional topical discussions on the mailing list. Please join the list if you have interest in any of the topics below, or others!


This space and related mailing list support sharing use cases and implementation experiences integrating with Workday. By sharing information across Workday customers and other stakeholders in the InCommon community, we can learn best practices and coordinate communication with Workday when doing so make sense for the community.

Mailing List

We use the list for discussion (more list info here).

To join the list, send email to with the subject: subscribe workday

To unsubscribe from the list, send email to with the subject: unsubscribe workday

Discussion Topics

Work AreaObjectiveDocuments / ReferencesStatusComments
Security - MFAWorkday security model supports multi-factor authentication (MFA) and session step-up for access to more sensitive resources.Just-In-Time Authentication
(Workday Community OMSSEC-10026) 
In progress12-May-2016 – Workday is committed to supporting SAML-based step-up authentication in WD27, including configuration of AuthnContextClassRef values.
Security - MFAWorkday SPs (customer tenants) support AuthnContextClassRef in SAML authentication requests. In progress12-May-2016 – See row immediately above.
Security - MFAWorkday SPs (customer tenants) support ForceAuthn in SAML authentication requests. Closed - Already supported12-May-2016 – Per mailing list discussion Workday already supports ForceAuthn in their SAML configuration. (Subject: SAML-based step-up authentication details)
Workday joins InCommonWorkday joins InCommon, signals long-term commitment to trust models in R&E community.InCommon - The Reality with WorkdayClosed - Won't Do3-Mar-2016 – Workday shared their rationale for deciding not to join InCommon.
Workday joins InCommon

Workday Community website supports federated sign-in from IdPs in InCommon or eduGAIN; local accounts and passwords no longer required for access to Workday Community.

SAML MetadataWorkday SPs (customer tenants) can be registered in InCommon metadata.   
SAML MetadataWorkday SPs (customer tenants) can identify customer IdPs from InCommon metadata.   
SAML 2.0Workday SPs (customer tenants) sign SAML requests.   
SAML 2.0Workday SPs (customer tenants) support encrypted SAML responses.   
SAML 2.0Workday SPs (customer tenants) consume friendly NameID formants.   
SAML 2.0Workday SPs (customer tenants) use appropriate SAML Audience restrictions.   
Data IntegrationWorkday SPs (customer tenants) consume data from SAML attributes for integration.   
Data Integration

Workday APIs support open interoperable standards for outbound data integrations.

Data Integration

Workday APIs support open interoperable standards for inbound data integrations.

Vendor managementHow can the InCommon community coordinate with local implementation projects and other stakeholders at institutions to make effective use of the Workday Community process (brainstorms, etc.).   





  • No labels