It is our ambition to let SURFsecureID grow into the default strong authentication solution for Dutch education and research institutions. The following activities are planned:

  • Enable Single Sign-On (SSO) on second factor
    Planned for 2023H2

  • User deprovisioning, i.e. remove token registrations that have not been used for a long time
    Planned for 2024H1

  • Redesign SURFsecureID UI
    Planned for 2024Q1


In addition to these more innovative activities, we will continue to improve our service:

  • Functional improvement of Registration portal, RA Management portal, supporting processes and documentation
  • Infrastructure and management improvements
  • Grow the number of connected Identity Providers and Service Providers
  • Best practices on SURFsecureID implementations
  • Knowledge dissemination on strong authentication, Levels of Assurance, etc.
  • Periodic security audit

Activities and priorities in this road map may change over time depending on input of our members. We encourage you to engage in our periodic SURFconext meetings or contact us at info@surfconext.nl to discuss your strong authentication needs.

Released or old roadmap items:

  • Enable self-service registration of a token.
    This allows users to self-activate a token without going through a servicedesk activation process
    Released June 2023
  • Activate token with other token
    Instead of going to a service desk, a user can activate a new token if he/she has an existing token.
    Released 1 June 2021
  • Support SURFconext MFA policies for SURFsecureID
    This makes it possible to enable SURFsecureID based on a user's attribute or group membership.
    Released Q1 2021
  • Support for Azure MFA as a token
    Released 13 October 2020
  • Support for FIDO2/webauthn as a token
    Released 13 October 2020
  • More fine-grained authorization: allow RAs and RAAs users to work for more multiple institutions
    Released 7 april 2020.
  • Support OpenID Connect
    OpenID Connect is supported through the integration with SURFconext (option 2a). Released november 2019
  • Support context-based strong authentication
    Finished a Proof of context using SURFconext Authorization service (PDP)

  • Support multiple tokens per user
    Released 12 juli 2018

  • Facilitate the re-use of tokens from commercial vendors
    We created an interface (GSSP), php library and example that facilitates adding new token types to stepup
    Released 12 september 2018


  • No labels