SURFsecureID: extra security for services with two-factor authentication

With SURFsecureID, you can secure access to online services better through two-factor authentication. Your users log in with a username, password and a second factor. This is an SMS or USB key. SURFsecureID is particularly important for services with sensitive data.

hand raakt iPad aan

Extra protection for sensitive data

Tekening over beveiliging

We increasingly use services with sensitive data. For example, eHRM, grade input systems, student information systems and applications with patent sensitive research data or privacy sensitive patient information. For these services, you need stronger forms of login than just a username/password. This helps you to cover the security risks.

Login in 2 steps

With SURFsecureID, you can add an extra security step to your login. After checking username and password, users still need to confirm their identity with an additional step. This can be done via SMS, tiqr tiqr (smartphone app) or Yubikey (USB key). Only after that do they get access. This way, your services are doubly secure: with something the user knows and something the user has. The user can also use this additional authentication tool for multiple services inside and outside your institution.

High level of reliability

Illustratie van een vrouw met een document

SURFsecureID offers you a higher level of reliability than other two-factor authentication solutions. SURFsecureID checks the identity of the user and the second factor chosen before it can be used. Other solutions skip this control. SURFsecureID is thus more in line with international standards and the security guidelines of the Dutch government and the EU.

Strong authentication for all your services

Use SURFsecureID for:

  • Services that are operated within your institution
  • Cloud services that are not linked to SURFconext
  • and for services linked to SURFconext

Services within your institution and services that are not linked to SURFconext

SURFsecureID is only used for the second factor. This is especially interesting if you also use a central (authentication) facility such as ADFS, Citrix or F5 BIGIP. The advantage of the latter option is that your institution can easily and flexibly switch SURFsecureID on or off. This allows you to serve different services and/or groups of users. This facility then handles the first factor itself and, if necessary, uses SURFsecureID for the second factor.

Services linked to SURFconext

For these services, SURFsecureID can handle the entire login, i.e. both the first and the second factor. The first factor (username/password) is via the institution IPP, the second factor via SURFsecureID. Within the service itself, there is no need to set up two-factor authentication; you can choose which factor is needed for secure access when.

What does it mean for users within your institution?

Your users register for their account themselves their phone (via SMS or tiqr app) or Yubikey usb key on a registration portal. The user then has to visit a service desk of your institution once to check his identity. Only then is the phone or USB key active. From that moment on, the user logs in with 2 steps to all services for which you have enabled extra authentication.

Rollout support

We can assist you in rolling out SURFsecureID in your institution. For example, by showing you how other institutions managed. We also have communication tools that help you register users quickly, such as flyers and manuals.

Who's it for?

SURFsecureID is available for all institutions connected to SURF. Do you want to get started with SURFsecureID? Please contact us.

Wat betekent het voor gebruikers binnen je instelling?

Je gebruikers registreren voor hun account zelf hun telefoon (via sms of tiqr-app) of Yubikey usb-sleutel op een registratieportal. De gebruiker gaat daarna 1 keer langs bij een servicedesk van je instelling om zijn identiteit te controleren. Pas daarna is de telefoon of USB-sleutel actief. Vanaf dat moment logt hij met 2 stappen in bij alle diensten waarvoor je extra authenticatie hebt ingeschakeld.

Ondersteuning bij uitrollen

Wij kunnen je helpen bij het uitrollen van SURFsecureID in je instelling, bijvoorbeeld door je te laten zien hoe andere instellingen het hebben aangepakt. Je kunt onze communicatiemiddelen inzetten, om de registratie van gebruikers snel te laten verlopen. Gebruik daarvoor onze flyers en handleidingen.

Advantages of SURFsecureID

  • 1 access solution via a trusted partner
  • Highly reliable IDs
  • All data stored in the Netherlands
  • No vendor lock-in
  • Open standards and open source

Voor wie?

SURFsecureID is beschikbaar voor alle bij SURF aangesloten instellingen. Wil je aan de slag met SURFsecureID? Neem dan contact met ons op.

Rates 2019
  • Number of users < 1,000 = 257 euros per month, excluding VAT
  • Number of users 1,000-5,000 = 460 euros per month, excluding VAT
  • Number of users > 5,000 = 1,126 euros per month, excluding VAT

Special details

  • The number of users within an institution is determined on the basis of the number of authentication means activated.
  • The rate involves a flat fee and includes 500 SMS transactions per month.
  • Rates do not include the cost of tokens (for more than 500 SMS transactions per month, SURFnet charges 0.055 euros per SMS in addition to the monthly fee and the purchase of Yubikey tokens).

More information

This is an optional SURF service.