...
SURFsecureIDÂ gives access to services via three five different types of tokens: SMS, Tiqr (smartphone app) or , Azure MFA, YubiKey (USB hardware token) or FIDO2 token. An institution can choose which tokens they want to allow for their users. Users first log in with their institutional account and are then prompted to confirm their identity with their token. In this way there is a second layer of security.
...
- The user registers his preferred token (SMS, Tiqr, Azure MFA, Yubikey or YubikeyFIDO2) in the registration portal
- User must visit his institution's service desk to have an authorised employee verify his identity.
- This employee will bind the user's token to his account. After that the user's token will be activated.
- Now the user can log in to any service designated for strong authentication using the two-step login procedure.
...