Multi-Factor Authentication

Agilysis implemented Okta’s multi-factor authentication tool to provide an additional level of security for client’s 25,000 employees that had ‘payment elections’ enabled in Workday Payroll.

Okta was deployed in front of Workday, so that any employee that needed to make a Payroll related update in the system, such as revising payment elections, would be required to authenticate identity from a number of knowledge or possession factors. Moreover, this two-factor authentication was used only for critical updates, but not for activities such as viewing paystubs, so as not to create an unnecessary burden on the employees.

The Okta MFA was configured to use the following Multi-factor Authentication factors:

    • Email authentication with onetime passcode
    • Security Question
    • Voice call authentication
    • Text message authentication
    • Push notification to Mobile app

    The implementation of Okta with Workday involved the following:

    • Development of APIs:
      • Developed a custom RaaS API with list of custom fields, generated URL and credentials that were shared with Okta to allow them to import employee population from Workday.
      • Developed a Core connector – Okta template Integration to enable Okta API endpoint URL with required credentials.
    • Configuration of SSO:
      • Configured two Single Sign-On links to Okta with authentication based on the Employee ID (Named Identifier) along with X509 Certificate
      • Payment Elections
      • Security Settings (Okta)
    • Tenant Security Setup:
      • Enabled Okta IDP in Workday
    • Configuration of Step-up:
      • Enabled Step-up to have MFA when the employee selects Payment election on Pay Worklet.
    • Configuration of Onboarding BP:
      • Added a to-do task in the Payment elections Worklet that will take the user back to Okta to enter multi-factor authentication.

    The entire project took about six weeks with critical inputs from Okta, Client’s Business and Technical teams.