SURFsecureID: extra security for services with two-factor authentication

SURFsecureID makes access to online services more secure through multi-factor authentication. Users log in with a user name and password and with a second factor: an SMS, a USB key, a mobile app (tiqr) or their Microsoft token. SURFsecureID is highly suitable for services involving sensitive data, and for preventing abuse of accounts.

hand raakt iPad aan

Strong authentication for all your services

You use SURFsecureID for services that are linked to SURFconext, but also for services that run within your institution and cloud services that are not linked to SURFconext.

Services linked to SURFconext

For these services, SURFsecureID can handle the entire login, i.e. both the first and second factor. The first factor (user name/password) is handled via the institution's IDP, the second via SURFsecureID. You do not need to set up two-factor authentication within the service itself; you can choose when which factor is needed for secure access.

Services within your institution and cloud services that are not linked to SURFconext

You only use SURFsecureID for the second factor. This is particularly interesting if you also use a central (authentication) facility such as ADFS, Citrix, or F5 BIGIP. The advantage of this option is that your institution can easily and flexibly switch SURFsecureID on or off. In this way, you can operate various services and/or user groups. This facility then handles the first factor itself and, if necessary, uses SURFsecureID for the second factor.