Versions Compared

Old Version 14

changes.mady.by.user Unknown User (urn:collab:person:surfnet.nl:eefje)

Saved on

compared with

New Version 15

changes.mady.by.user Unknown User (urn:collab:person:surfnet.nl:eefje)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
borderColor#4fb3cf
bgColor#FFFFFF
titleColor#FFFFF
titleBGColor#4fb3cf
borderWidth2
borderStylesolid

SURFconext Strong Authentication allows institutions to secure access to cloud-based services linked to SURFconext more effectively. Better security is particularly critical for cloud services handling more sensitive data. Strong authentication is available at an additional fee for all institutions in higher education and research that are already connected to SURFconext.

Institutions increasingly use cloud services that handle sensitive data, such as eHRM, Student Information Systems and applications with patent-sensitive research data or privacy-sensitive patient information. Such services require stronger forms of authentication than a username and password in order to limit the risk of any security incidents.

The availability of Strong Authentication functionality enables institutions to enforce strong authentication for cloud services linked to SURFconext. SURFconext acts as a link between the institutions and service providers. Institutions can select the services they wish to secure with stronger authentication.

Two-step login

SURFconext Strong Authentication allows access to cloud services via SMS, Tiqr (smartphone app) or YubiKey (USB hardware token). Users first log in with their institutional account and, as an additional step, are then prompted to confirm their identity with one of the means of authentication. The result is a second layer of security: authentication requires both entry of account details and the use of an item in the user's possession.

...

How does it work?

...

How does SURFconext Strong Authentication work? Users must first register their telephone (SMS or Tiqr app) or Yubikey USB token for their account. The user will have to visit their institution's service desk once to have an authorized employee verify his identity who will then bind their token to the user's account.Only then will the user's telephone or USB key be activated.

From that point on, the user can log in to any services designated for strong authentication using the two-step login procedure. That makes SURFconext Strong Authentication convenient for users, yet secure for institutions and service providers.

SURFconext Strong Authentication supports three different types of tokens: SMS, Tiqr, YubiKey.

Section
Column
width30%
Panel
borderColor#4fb3cf
bgColor#FFFFFF
titleColor#ffffff
titleBGColorwhite
borderWidth2
borderStylesolid
Column
width80%

SMS

  • Suited for all types of mobile phones (work or private) that can receive SMS
  • User receives a one-time password (OTP) via SMS
  • First 500 SMS transactions per month per institution are included
  • All SMS transactions that exceed 500/month will be charged at €0,06 (VAT excluded)
Column
width20%

 

 

Column
width30%
Panel
borderColor#4fb3cf
bgColor#FFFFFF
titleColor#ffffff
titleBGColor#4fb3cf
borderWidth2
borderStylesolid
Column
width80%

Tiqr

  • NB: Available in fall 2015
  • Authentication app for Apple iOS and Android smartphones
  • Smartphone must have camera and active internet connection.
  • User must download Tiqr app for iOS or Android
  • A Tiqr account for SURFconext Strong Authentication must be created for future login
  • User authenticates with app-specific PIN code after receiving a push-notification on their phone
  • If push-notifications are disabled a QR code must scanned to authenticate.
Column
width20%

Column
width30%
Panel
borderColor#4fb3cf
bgColor#FFFFFF
titleColor#ffffff
titleBGColor#4fb3cf
borderWidth2
borderStylesolid
Column
width80%

YubiKey

  • Users will need a YubiKey hardware token (Standard, Edge or Neo).
  • Users will need a device with a USB-port when authenticating.
Column
width20%

...