For Service Providers there are normally no changes needed to make use of SURFsecureID. To require SURFsecureID for all logins to a specific Service Provider, or for all logins by one or more IdP's to a specific Service Provider, the SURFconext team can set a configuration option to enforce this.
The following documentation is for special requirements which can not be satisfied with this configration and that require the service to make use of a special SAML endpoint.
This part of the wiki gives all the (technical) information that can be of importance for Service Providers working with SURFsecureID.
...