The table below shows the differences for a service between the two authentication options. Note that both options can be used by an institution protecting it's services. For each service the most appropriate integration option can be chosen.
Feature | Standard authentication | SFO authenticaton |
---|---|---|
Authentication of first factor | Always | Never, should be done by the service itself |
Authentication of second factor | Yes, based on policy between IdP and SP | Always |
User registration | Using the SURFsecureID selfservice registration and optional vetting process | |
Standard SURFconext features | Attributes, Authorization, persistent identifiers | None |