...
When using the standard authentication with SURFsecureID, three four levels of assurance (LoA) are supported:
- LoA 1: Only password authentication at the institution's IDP
- LoA 1.5: LoA 1 + any SURFsecureID second factor, no extra validation of the user's identity
- LoA 2: LoA 1 + SMS, Tiqr or Tiqr authenticationAzureMFA authentication AND the identity of the user is validated
- LoA 3: LoA 1 + YubiKey or FIDO2 (hardware token) authentication AND the identity of the user is validated
Each LoA is assigned to an identifier and is different for each type of environment used:
...
Test | PilotProduction | ||
---|---|---|---|
LoA 1 | http://test.surfconext.nl/assurance/loa1 | http://pilot.surfconext.nl/assurance/loa1 | |
LoA 1.5 | http://test.surfconext.nl/assurance/loa1 | LoA 2.5 | http://test.surfconext.nl/assurance/loa2loa1.5 |
LoA 2 | http:// | pilottest.surfconext.nl/assurance/loa2 | http://surfconext.nl/assurance/loa2 |
LoA 3 | http://test.surfconext.nl/assurance/loa3 | http://pilot.surfconext.nl/assurance/loa3 | http://surfconext.nl/assurance/loa3 |
These identifiers are used to communicate the strength of authentication between the SURFsecureID gateway and the Service Provider. The actual method of authentication (e.g. SMS + password) at the institutional IdP is not communicated.
...
With Second Factor Only (SFO) Authentication "level" is used to indicate the authentication strength:
- Level 2: SMS or Tiqr authentication1.5: any SURFsecureID second factor, no extra validation of the user's identity
- Level 2: SMS, Tiqr or AzureMFA authentication AND the identity of the user is validated
- Level 3: YubiKey or FIDO2 (hardware token) authentication AND the identity of the user is validated
The following identifiers are used:
...
Test | PilotProduction | ||||
---|---|---|---|---|---|
Level 21.5 | http://test.surfconext.nl/assurance/sfo-level2level1.5 | http:// | pilot.surfconext.nl/assurance/sfo-level1.5 | ||
Level 2 | level2http://test.surfconext.nl/assurance/sfo-level2 | Level 3 | http:// | test.surfconext.nl/assurance/sfo-level2 | |
Level 3level3 | http:// | pilottest.surfconext.nl/assurance/sfo-level3 | http://surfconext.nl/assurance/sfo-level3 |
...