SURFsecureID: extra security for services with two-factor authentication

With SURFsecureID, you can secure access to online services better through two-factor authentication. Your users log in with a username, password and a second factor. This is an SMS or USB key, or the tiqr-app.

hand raakt iPad aan

Strong authentication for all your services

You use SURFsecureID for services that are linked to SURFconext, but also for services that run within your institution and cloud services that are not linked to SURFconext.

Services linked to SURFconext

For these services, SURFsecureID can handle the entire login, i.e. both the first and second factor. The first factor (user name/password) is handled via the institution's IDP, the second via SURFsecureID. You do not need to set up two-factor authentication within the service itself; you can choose when which factor is needed for secure access.

Services within your institution and cloud services that are not linked to SURFconext

You only use SURFsecureID for the second factor. This is particularly interesting if you also use a central (authentication) facility such as ADFS, Citrix, or F5 BIGIP. The advantage of this option is that your institution can easily and flexibly switch SURFsecureID on or off. In this way, you can operate various services and/or user groups. This facility then handles the first factor itself and, if necessary, uses SURFsecureID for the second factor.