Strong authentication for all your services
You use SURFsecureID for services that are linked to SURFconext, but also for services that run within your institution and cloud services that are not linked to SURFconext.
Services linked to SURFconext
For these services, SURFsecureID can handle the entire login, i.e. both the first and second factor. The first factor (user name/password) is handled via the institution's IDP, the second via SURFsecureID. You do not need to set up two-factor authentication within the service itself; you can choose when which factor is needed for secure access.
Services within your institution and cloud services that are not linked to SURFconext
You only use SURFsecureID for the second factor. This is particularly interesting if you also use a central (authentication) facility such as ADFS, Citrix, or F5 BIGIP. The advantage of this option is that your institution can easily and flexibly switch SURFsecureID on or off. In this way, you can operate various services and/or user groups. This facility then handles the first factor itself and, if necessary, uses SURFsecureID for the second factor.