Now that you are logged in, you can go and register your service on the SURFconext platform. Note that at this moment it's possible to independently register and test entities on the test environment of SURFconext. Although it is possible to add and edit production connections here, the SURFconext team will submit the changes and additions to the production environment on your request.

Getting your service published on the Production Environment of SURFconext, the following needs to be taken care of:

  • First you will add an entity.
  • Fill out all the forms of that entity in the SP Dashboard. This is generally known as the metadata of your service in SURFconext.
  • If your done with all the metadata, you can publish the entity to the test environment to start testing.
  • You can manage your entities from here as well: add another one, remove an entity and promote an entity to production.
  • If you are done, you can promote the entity to production.

Add entity

An entity on SURFconext is the least you need to get going. Select 'Add new entity for test environment' to create a registration form.

If you see nothing familiar, start by selecting a service from the pull down at the top right of the window.

You will be prompted to select SAML 2.0 client, OpenID Connect client, or an OpenID Connect resource server. More information on the difference between OpenID Connect and SAML is in our documentation. More information on resource servers can be found here. Use the appropriate protocol and press 'create' to create a new registration form. We will use SAML 2.0 in the example below.

From existing entity?

If you already have an entity on the test or production environment, you can use this entity as a template.

Fill out the form

Assuming you got acquainted with SAML by now, most of the form is self explanatory. Extra information about fields can be found under the question mark. It is important to consider the attributes you need to receive via SURFconext so set the Name ID and attributes accordingly. More information on attributes can be found on this page. Take your time to experiment with attributes whilst in the test environment.

Data minimalisation policy

SURFconext has a data minimisation policy, which means you only receive those attributes that are strictly needed to make your service work.

Publish your entity

Satisfied with your filled out form? Press the 'publish' button to push your entity to the test environment of SURFconext. Your service will be connected automatically to the test/diy IdP, ready to be tested.

Manage your entities

The three dots at the end of each row shows all options for that entity.

Limit access to your entity

By default, all IdP's that are connected to the test environment are able to log in to your service. If you want to limit that access, you can do so. Select 'Edit IdP whitelist' from the dropdown: there you can choose which IdP's are allowed to connect to your service.


If you have sorted everything out and all is working as aspected you can promote your entity to production.

When you promote your entity to production we will run through some technical checks together and see if the contracts are in place. Besides this we need you to provide us with the institution(s)  you want to connect with as well as a contact at the institution. The latter is important because institutions don't simply connect to a service not knowing who initiated it.


  • No labels