The table below shows the differences for a service between the two authentication options:. Note that both options can be used by an institution protecting it's services. For each service the most appropriate integration option can be chosen.
Feature | Standard authentication | SFO authenticaton |
---|---|---|
Authentication of first factor | Always | Never, should be done by the service itself |
Authentication of second factor | Yes, based on policy between IdP and SP | Always |
User registration | Using SURFsecureID selfservice registration and vetting by an RA | |
Standard SURFconext features | Attributes, Authorization, persistent identifiers | None |