Page tree

Do you want an overview on Nexus' solutions, customer cases, contact information and more?

__

Skip to end of metadata
Go to start of metadata

This article describes how to set up access to Nexus GO Signing with Microsoft Active Directory Federation Services (AD FS) as identity provider (IDP).

The configuration is done in two steps: first in Nexus GO PDF Signing and then in Microsoft AD FS.

Expand/Collapse All

Prerequisites

 Prerequisites

In Microsoft Active Directory:

  • Active Directory Security Group containing all users being Nexus GO PDF Signing administrators.

In Microsoft AD FS:

In Nexus GO

  • PDF Signing environment created in Nexus GO.

Configure in Nexus GO

Set up Nexus GO PDF Signing to use Microsoft AD FS as identity provider.

 Log in to Nexus GO
  1. Log in to the Nexus GO administration portal: 
    Go to https://login.go.nexusgroup.com/ and log in with your administrator account.

 Set up local IDP
  1. In the Nexus GO administration portal, click Services and Signing
  2. Select your PDF Signing environment.
  3. Click Set up local IDP.
  4. Enter a Display Name (this is shown within the signing- and admin-portal), and upload IDP SAML Metadata that was downloaded from your AD FS server during it's installation, see the Prerequisites. Click Next.
  5. Configure SAML mappings then click Next, our example:

    email

    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

    displayName

    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

  6. Optional: Configure Role mappings then click Next, our example:

    Role mappings

    Attribute

    Value

    Contributor

    http://schemas.xmlsoap.org/claims/Group

    PDF Signing Admin

    The role Contributor gives a user access to the admin portal and possibility to create signing requests. To add multiple values use the +.
    If the check-box Everyone from this IDP is a contributor is selected, all users authenticating through the IDP will get access to the the Nexus GO administration portal.

  7. Confirm your configuration and click Submit.
  8. Now back at the overview of your PDF Signing environment, at SAML SP Metadata, click Download. This will be uses in the next step ("Configure in Microsoft AD FS").

Configure in Microsoft AD FS

In Microsoft AD FS, do the configuration to set up Nexus GO PDF Signing as a Relying Party.

 Configure Microsoft AD FS
  1. Open AD FS Management.
  2. In the Actions panel, click Add Relying Party Trust.
  3. Select Claims aware and click Start.
  4. Select Import data about the relying party from a file, browse for the SAML SP Metadata from Nexus GO PDF Signing that was downloaded when configuring in Nexus GO (see step 8 in "Set up local IDP"). click Next.
  5. Choose a Display name: Nexus GO PDF Signing, click Next.
  6. Choose an access control policy (for example, Permit everyone), click Next.
  7. Review your settings and click Next and Close.
  8. In AD FS Management, click Relying Party Trusts, select Nexus GO PDF Signing, click Edit Claim Issuance Policy… in the Actions panel.
  9. Click Add Rule…
  10. Use Claim rule template: Send LDAP Attributes as Claims, click Next.
  11. Enter Claim rule name: Nexus GO PDF Signing User Claims, Attribute store: Active Directory and select mapping as the table below, then click Finish.

    LDAP Attribute (Select or type to add more)

    Outgoing Claim Type (Select or type to add more)

    E-Mail-Addresses

    Name ID

    E-Mail-Addresses

    E-Mail Address

    Display-Name

    Name

  12. Click Add Rule…
  13. Use Claim rule template: Send Group Membership as a Claim, click Next.
  14. Enter Claim rule name: Nexus GO PDF Signing Group Claim, brows for your PDF Signing admin group, Outgoing claim type: Group, Outgoing claim value: PDF Signing Admin, click Finish and OK.
  15. To use the federation, browse to your unique Login URL provided within the Nexus GO portal.