![]() For an individual Google user this will be fine. Google offers second factor authentication in the form of an SMS service and a smart phone OTP app, but has no face-to-face registration processes. Why is Google Authenticator not supported? This has resulted in a design an POC phase in the first half of 2019. In Q4 of 2017, Innovalor reviewed the options for remote registration. In person registration is therefore the most efficient option. Remote registration is vulnerable to threats and technically complex to achieve. Why is remote registration not supported? Authentication for all users from one institution to one application will always require the same minimum level of assurance. In this way the application does not have to be modified. ![]() Statically: in the SURFsecureID gateway a minimum level of assurance can be configured (based on the IdP and SP involved).In most cases modifications to the application are required to facilitate this. In this way the required level can be defined for each authentication request individually (based on the user authenticating or the selected feature in the application). Dynamically by communicating the required level of assurance with "AuthnContextClassRef".Enforcing a specific level of assurance can be done in two ways: This is done via the authentication request to the SURFsecureID gateway. How can an application enforce a specific level of assurance? Every institution connected to SURFconext as an Identity Provider can connect its services to SURFsecureID. Can institutions from secondary vocational-, higher education and research connect their own services to SURFsecureID? The main technical prerequisite is that a Service Provider must connect via SAML 2.0 using the Web Browser SSO profile. Should my application be web based to connect to SURFsecureID?
0 Comments
Leave a Reply. |