Date: Tue, 19 Mar 2024 08:09:34 +0100 (CET)
Message-ID: <1113393828.5229.1710832174069@wiki01p.surfnet.nl>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_5228_2022555718.1710832174069"
------=_Part_5228_2022555718.1710832174069
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
SURFsecureID
SURFsecureID
With SURFsecureID users have to do a second authentication step,=
above their 'normal' username and password login. The result is a higher s=
ecurity for the Service Provider (SP) and the Identity Provider (IdP). This=
wiki explains the principles behind SURFsecureID and gives you all the inf=
ormation you need to install it.
- The introdu=
ction explains the basics of SURFsecureID. Mainly there are only three =
steps to be taken.
- On the next page (Architecture<=
/a>) you will find a picture showing the relation between the different 'ac=
tors': the SURFsecureID gateway, the SURFconext gateway, the SP's and =
the Second factors (SMS, Tiqr and YubiKey). Also the authentication flow, consisting of 6 steps, is e=
xplained.
- On the page Levels of ass=
urance you can read that in SURFsecureID there are four different level=
s of assurance:
- LoA 1: only username/password authentication
- LoA 1.5: username/password + second factor
- LoA 2: user's identity is checked, authentication with username/pa=
ssword + SMS, Tiqr or AzureMFA
- LoA 3: user's identity is checked, authentication with username/pa=
ssword + Yubikey or FIDO2 (hardware token)
Explained is also why in SURFsecureID the attributes do not have a level of assurance.
- The road map shows you the plans =
SURF has to improve further the qualities of SURFsecureID. You are encourag=
ed to engage in our periodic SURFconext meetings or contact us at inf=
o@surfconext.nl to discuss your authentication needs.
- In the FAQ you=
will find a list of the most commonly asked questions, together with our a=
nswers on them.
- In the Documen=
tation for Identity Providers (Dutch), you will find information on how=
institutions are able to use this service. This has above all an organizat=
ional impact, rather than a technical one.
- The last part of this wiki, Documentation for Service Providers, gives a lot of detail (t=
echnical) information specific for Service Providers.
------=_Part_5228_2022555718.1710832174069--