• You have already registered an Azure MFA token for your institution.
  • You can check this by going to this page from Microsoft and logging in with your institution account
  • For SURFsecureID, it does not matter which Azure MFA method you use. The most used is the MS Authenticator app for your mobile phone.

Your institution determines

  • which tokens you can register
  • how many tokens you can register
  • how to activate a token

So you may not be able to choose some tokens or activation methods.


Handle your Azure MFA token with care

  • Most Azure MFA methods use your phone. Your phone is private, do not share it with others.
  • Never leave your phone unattended; keep your phone separated from your computer


  • Please visit the Registration Portal and start a new token registration.
  • Choose Azure MFA and register your Azure MFA token for future logins.
  • Follow the instructions in the Registration Portal.
  • Done registering your token? Then you still have to activate your token. Depending on your situation or the requirements of your institution, you must choose an activation method, or you will immediately see instructions for the method that is right for you:
    • Activate yourself; you do this by choosing a recovery method (SMS or recovery code).
    • Activate at a service desk. Do this within 14 days, because your activation code expires after 14 days
    • Activate with an existing token.
  • Having trouble? Please read our manual.

Log in

When accessing a service that uses SURFsecureID,

  • Depending on your chosen Azure MFA method, you will receive an SMS, phone call or push message to log in.
  • In the case of an SMS or a phone call, you have to retype a code.
  • It could be that you were already logged in with Azure MFA. In such a case, you do not have to log in again with your Azure MFA token and you have direct access to the service.

Replace and remove

  • You can replace your Azure MFA token with Microsoft at This has no effect on your registration with SURFsecureID
  • To remove the SURFsecureID registration of your Azure MFA token, go to the Registration Portal and remove your token registration. This has no effect on your registration with Microsoft.
  • If necessary, you can register a new token.


Please read our FAQ for more info.

  • No labels