The table below shows the differences for a service between the two authentication options. Note that both options can be used by an institution protecting it's services. For each service the most appropriate integration option can be chosen.
|Feature||Standard authentication||SFO authenticaton|
|Authentication of first factor||Always||Never, should be done by the service itself|
|Authentication of second factor||Yes, based on policy between IdP and SP||Always|
|User registration||Using SURFsecureID selfservice registration and vetting by an RA|
|Standard SURFconext features||Attributes, Authorization, persistent identifiers||None|