...
- Procedural
An institution must give permission for a SFO integration in the SURFsecureID pilot or production environment. Although an SFO integration is almost always implemented by the institution itself, it is possible that someone else may want to implement it. By requiring permission from the institution we make sure that the proper persons are notified. The SURFconext contactperson (SURFconext-verantwoordelijke) needs to provide this permission by sending an email to support@surfconext.nl. - Technical
Implement the SFO connection. There is a technical description of how a SFO connection works and what is needed to connect with it. This integration is based on the widely used open standard SAML2, so an integrating can be easily made. However, for some popular systems, we've created a description or even software to make it even easier:- ADFS MFA plugin
- F5 BIG-IP
- Citrix (contact us for more information)NetScaler
- SimpleSAMLphp
2) Standard authentication. For the majority of cases this just means connecting to SURFconext as a regular Service Provider (if not already done).
...