May 12, 2016 – Occasional topical discussions on the mailing list. Please join the list if you have interest in any of the topics below, or others!
This space and related mailing list support sharing use cases and implementation experiences integrating with Workday. By sharing information across Workday customers and other stakeholders in the InCommon community, we can learn best practices and coordinate communication with Workday when doing so make sense for the community.
To join the list, send email to firstname.lastname@example.org with the subject: subscribe workday
To unsubscribe from the list, send email to email@example.com with the subject: unsubscribe workday
|Work Area||Objective||Documents / References||Status||Comments|
|Security - MFA||Workday security model supports multi-factor authentication (MFA) and session step-up for access to more sensitive resources.||Just-In-Time Authentication|
(Workday Community OMSSEC-10026)
|In progress||12-May-2016 – Workday is committed to supporting SAML-based step-up authentication in WD27, including configuration of AuthnContextClassRef values.|
|Security - MFA||Workday SPs (customer tenants) support AuthnContextClassRef in SAML authentication requests.||In progress||12-May-2016 – See row immediately above.|
|Security - MFA||Workday SPs (customer tenants) support ForceAuthn in SAML authentication requests.||Closed - Already supported||12-May-2016 – Per mailing list discussion Workday already supports ForceAuthn in their SAML configuration. (Subject: SAML-based step-up authentication details)|
|Workday joins InCommon||Workday joins InCommon, signals long-term commitment to trust models in R&E community.||InCommon - The Reality with Workday||Closed - Won't Do||3-Mar-2016 – Workday shared their rationale for deciding not to join InCommon.|
|Workday joins InCommon|
Workday Community website supports federated sign-in from IdPs in InCommon or eduGAIN; local accounts and passwords no longer required for access to Workday Community.
|SAML Metadata||Workday SPs (customer tenants) can be registered in InCommon metadata.|
|SAML Metadata||Workday SPs (customer tenants) can identify customer IdPs from InCommon metadata.|
|SAML 2.0||Workday SPs (customer tenants) sign SAML requests.|
|SAML 2.0||Workday SPs (customer tenants) support encrypted SAML responses.|
|SAML 2.0||Workday SPs (customer tenants) consume friendly NameID formants.|
|SAML 2.0||Workday SPs (customer tenants) use appropriate SAML Audience restrictions.|
|Data Integration||Workday SPs (customer tenants) consume data from SAML attributes for integration.|
Workday APIs support open interoperable standards for outbound data integrations.
Workday APIs support open interoperable standards for inbound data integrations.
|Vendor management||How can the InCommon community coordinate with local implementation projects and other stakeholders at institutions to make effective use of the Workday Community process (brainstorms, etc.).|