This space covers all documentation that is related to the 'strong authentication via SURFconext' project.
As of 2015 SURFconext will offer strong authentication functionality to institutions and end-users in Dutch higher education and research.
Until now, passwords are used as primary authentication method, although they are generally considered not secure enough to prevent unauthorized access for applications like student information systems or e-HRM systems. Multi-factor authentication is deemed necessary, but institutions in Dutch higher education and research experience barriers that hinder the introduction of multi-factor authentication within their organization. If every institution would implement its own strong authentication solution, this would mean a major investment and complex integration with the existing identity provider software. Multiply this by 120 (= number of connected identity providers) and it becomes clear that it will be more efficient to develop a centralized infrastructure.
SURFnet – the IT innovation partner of Dutch higher education and research - strives to take away (some of) those barriers by adding a multi-factor authentication service to the SURFconext platform.
In a nutshell
The strong authentication functionality of SURFconext enables institutions to enforce strong authentication for their users when they access certain service providers.
Each user will go through an enrollment process that is handled by its home institution locally. After selecting and activating their second authentication factor; SMS, Tiqr (smartphone app) or Yubikey (hardware token), the user can re-use this token for every service provider that requires strong authentication.
Development production service SuaaS
Q3 2014 - Q2 2015
Version 1.0 of the Stepup software has been released