One step at a time

This is the third step in our connection plan. Don't rush and jump to our step by step guide if you got lost!

This page will guide you through any contractual aspects that need to be taken care of prior to connecting your service to the production environment of SURFconext.


Every time a user logs in via SURFconext, user-information is transferred from the institution, via SURFconext, to your service. Based on what you agreed, as a Service Provider you may receive data from the Identity Provider/Attribute Provider:

  • for the authentication (the proof of authentication by the Identity Provider);
  • for authorisation decisions within your service;
  • about the group memberships of a user if such is required for cooperation and authorisation within the service provided;
  • extra data from a user relevant to the service.

We basically have two situations:

  • You are a SURF member (an institution): please read here what to check for 
  • In other cases, you most likely will need to sign a SURFconext connection agreement, see below.
    • SURF does not sign a data processing agreement (DPA, Dutch: verwerkersovereenkomst) with service providers: if a DPA is necessary, that needs to be signed between you as supplier of the service and every institution. 

SURFconext Connection Agreement (Dutch: aansluitovereenkomst)

A contract needs to be signed before  promoting your service to the SURFconext production environment  to document rights and obligations of involved parties. You can download the template linked below to see in advance what the agreement entails. 

  1. Alterations to the Connection Agreement are not permitted. We believe every Service Provider is able to sign the contract as is.
  2. Don't sign the contract below!
  3. Send a mail to and let us know you're ready to sign the connection agreement to start the process and receive a copy to sign. When you do so, supply us with the Name of you as Service Provider, the name of your service, the name of the person that is going to sign the agreement, the way of addressing the signee, the signees title (like "CEO"), the address of your organization, the telephone number of the signee and last but not least the mail address of the contact to send the contract to.
  4. That's it for the contractual part: continue with  remaining steps!

VersionTemplate connection agreement

See previous versions of the SURFconext Connection Agreement

SURF members

For SURF members offering a service, the procedure is as follows:

  1. Check if there is a relevant SURFconext contract.
    If you are registered as a SURFconext Identity Provider (check here), you can assume this is done. In case of doubt, contact
  2. Adhere to the SURFconext Privacy Policy.
  3. Inform the person in your organisation responsible for SURFconext (role SURFconextverantwoordelijke) that you are going to connect a service to SURFconext. SURF needs explicit consent from the person with this role before your service can be connected.
  4. That's it for the contractual part: continue with any other steps left!


Previous versions of the documents on this page can be found below:

  • No labels