If you have seen our introduction video you will probably want to know more. On this page we will start by giving you a schematic overview en will link you to more in depth documentation. Let's start with the overview of how institutions and service providers are connected via SURFconext. This will give you an idea, how a service connects to a user through SURFconext.

Once your service is connected to SURFconext, you can reach more than a million users from the Dutch secondary vocational-, higher education and research institutions. Service providers don't have to worry about user accounts and passwords: this is managed by the institutions. We call these Identity Providers or IdP's.

The Single Sign-on (SSO) principle of SURFconext allows users to log on safely to multiple services with their own institution account.

In the contract between SURFconext and the Service Provider, agreements are made about privacy of the users and protection of the information to be exchanged.

The level of service, the availability and uptime, an Identity Provider can expect from SURFconext is defined in a Service Level Specification or SLS.

A Service Provider or SP is an organization offering internet based services – e.g. webshops, video platforms, publishers or online courses provided by an educational institution – via SURFconext to users from Identity Providers.

An Identity Provider or IdP is an institution that provides information about the identity of users. Users authenticate at the login page of their own institution and are sent to your service via SURFconext.

Employees or students of different institutions often work together. With SURFconext you can create a new organization where users from different institutes work together. This organization is comparable to an Identity Provider.

External users can have access to SURFconext services as guest user.

Now that you roughly know how it works and what it can do for you, we can help you connect to SURFconext. If you want to continue there is a technical and a formal part you need to complete. If you just want to get going and connect to the test environment you can start by setting up a test instance. In the meantime, you or your colleague can take care of the contract. Both must be completed to connect to the production environment of SURFconext. If you need more theoretical background continue reading about the authentication flows of both SAML and OpenID Connect.


  • No labels