The table below shows the differences for a service between the two authentication options:
Feature | Standard authentication | SFO authenticaton |
---|---|---|
Authentication of first factor | Always | Never, should be done by the service itself |
Authentication of second factor | Yes, based on policy between IdP and SP | Always |
User registration | Using SURFsecureID selfservice registration and vetting by an RA | |
Standard SURFconext features | Attributes, Authorization, persistent identifiers | None |