...
Many services are already connected to SURFconext or can easily make such a connection. The service provider or the institution consuming the service can determine that strong authentication is needed for accessing the service. Enabling SURFsecureID is nothing more than a configuration in SURFconext and can be requested via support@surfconext.nlcan be done by the SURFconext-responsible person ("SURFconext-verantwoordelijke") from the institution in the SURFconext Dashboard by going to the specific service, go to the SURFsecureID tab and select an appropriate Level-of-assurance. The institution or service provider do not need to make any changes to their implementations.
...
- This option is preferred above option B
- The service can connect with SAML or OpenID Connect to SURFconext, both will work
- A step-up policy can be configured in SURFconext that determines for which persons SURFsecureID is called. This can be configured based on user-attributes or IP adres. See option 2 on this page.
- This integration does not supports dynamic LoA request by the service. If the service wants to use this feature it needs to connect to SURFsecureID directly (see option B).
- This option works for the production and test environment, not for the pilot environment.
...