This page will show you how to connect your service to SURFconext in five steps! There is a formal and a technical part to go through before users can connect to your service through SURFconext.

Step 1: Get in touch

To start, fill out this form or send a mail with your contact info and we will get back to you for an introduction. After this you will know more about SURFconext, the technology we use, attributes and the necessary contract. A contract is not needed for all who want to connect. For example, the procedure is different for members of institutions. We will tell you what applies to your service.

Preparation is not required, but these articles will give you a head start:

  • What contractual obligations you have differ per customer. Read more about that in the contractual part.
  • Dive into SAML or OpenID Connect. You need to support one of these two technologies!
  • Get to know the attributes and claims we keep mentioning.

Step 2: Connect to the test environment

Publish your SP by yourself to our test environment via our selfservice SP Dashboard. We need to authorize access to the SP Dashboard. Find out how to get access here. In short, what this means is you will be invited by us to become a member of a team. If you have confirmed your team membership you will have access to instances in the SP Dashboard linked to that team.

  • Read about our self service SP Dashboard.
  • Make sure you are done implementing SAML or OpenID Connect. Read our guidelines how to implement this technology in your application if you haven't done so already.
  • Think about why you need attributes or claims and motivate them properly in the Dashboard. Saying 'Needed to identify the user' for every attribute registered doesn't cover the load. We have a minimum disclosure policy and we will review this prior to going to production.

Step 3: Settle your contract and fill in the privacy statements

This part consists of the following activities and can be done parallel with testing your service.

  • During our introduction you will have learned what what you need to do now. You will either:
    • Send us a signed copy of the SURFconext Connection Agreement.
    • Or if you are with an institution the 'SURFconext-verantwoordelijke' needs to give permission for your service to be published. Get in touch with that person or ask us to do so through by sending us a mail or in the ticket that is active in communication with us.
  • Fill in the GDPR questions in the SP Dashboard.

Step 4: Promote your service to production

You have completed Step 3 and you are prepared to go to production and connect. You will do so in the SP Dashboard. Check the following before doing so:

  • Give the to be released attributes or claims a last and thorough thought. Use as few as possible! We will discuss this with you if we think this is needed.
  • Read our guidelines how to get a rating A in SSL Labs to meet our security measures.
  • You can register several types of contacts for your service in the SP Dashboard. Fill them and make use of functional addresses that are read by more than you alone. For example:

  • Institutions don't just connect to any service. In most cases you will have spoken to someone at the institution. Supply us with those contacts we can refer to. 

    • When you connect to multiple institutions, you will need to supply us with contacts at all those institutions.
  • In the SP Dashboard, tie up the loose ends and add a production entity from the 'service overview' page. After publishing the production entity, a ticket will be created and we will get to work for the last step!

Step 5: We will connect the institution(s) to your service! 

You will need to sit tight at this step of the process. We will send an invite to the institution(s) you have asked us to send an invite to. This can take anything from a few minutes to a few days. Once connected, you will receive a confirmation from us and your service is ready for use!

  • No labels