Page tree
Skip to end of metadata
Go to start of metadata

  • You have already registered an Azure MFA token for your institution.
  • You can check this by going to this page from Microsoft and logging in with your institution account
  • For SURFsecureID, it does not matter which Azure MFA method you use. The most used is the MS Authenticator app for your mobile phone.


Handle your Azure MFA token with care

  • Most Azure MFA methods use your phone. Your phone is private, do not share it with others.
  • Never leave your phone unattended; keep your phone separated from your computer


  • Please visit the Registration Portal and start a new token registration.
  • Choose Azure MFA and register your Azure MFA token for future logins.
  • Follow the instructions in the Registration Portal.
  • Finished registering your Azure MFA token? Go to one of the Service Desk locations to have your Azure MFA token activated. (NB: Do not wait to long to do this; your activation code will expire after 14 days)
  • Having trouble? Please read our manual.

Log in

When accessing a service that uses SURFsecureID,

  • Depending on your chosen Azure MFA method, you will receive an SMS, phone call or push message to log in.
  • In the case of an SMS or a phone call, you have to retype a code.
  • It could be that you were already logged in with Azure MFA. In such a case, you do not have to log in again with your Azure MFA token and you have direct access to the service.

Replace and remove

  • You can replace your Azure MFA token with Microsoft at This has no effect on your registration with SURFsecureID
  • To remove the SURFsecureID registration of your Azure MFA token, go to the Registration Portal and remove your token registration. This has no effect on your registration with Microsoft.
  • If necessary, you can register a new token.


Please read our FAQ for more info.

  • No labels