- Created by Karolin Hemmingsson, last modified on Jan 13, 2021
This article describes how to set up Smart ID Mobile App or Nexus Personal Desktop Client as authentication method in Smart ID Digital Access component.
For Smart ID Mobile App, two options can be set up: authentication on the same device or on another device. To offer the end user both options, they must be set up as two separate methods.
Prerequisites
Before setting up Personal Mobile or Personal Desktop, you need the following:
- Deployed Digital Access, see Deploy Digital Access component
- Only for Smart ID Mobile App: There is an sms or email gateway available for sending notifications.
- The access point must be protected by a public certificate, see Add certificates in Digital Access. When deploying a server certificate, it's certificate chain up to the root shall also be added in CA certificates.
- Smart ID Messaging must be installed on-premises or consumed as a service. See the following links:
- On-premises: Deploy Smart ID
- As a service: Nexus GO Messaging
- Nexus Personal Messaging must be connected to Digital Access, see Set up Personal Messaging in Hybrid Access Gateway.
Step-by-step instruction
Set up Smart ID (Personal) authentication
- Log in to Digital Access Admin with an administrator account.
Set the external DNS name, to enable external communication to the DNS.
- In Digital Access Admin, go to Manage system > Distribution Services.
- Click Manage Global Distribution Service Settings.
Enter the DNS name assigned in the previous step, and the port to use in Digital Access for external communication.
Example: DNS settingsExternal DNS name: ag5.nexusville.com
External Port: 443
Enable Personal to an end user
To enable Personal to an end user:
- In Digital Access Admin, go to Manage accounts and storage > User accounts.
- Enter the User ID and click Search.
- Click the User ID in the search results.
- Go to the PortWise Authentication tab.
- Scroll down and check Enable Personal for the user account.
- For Personal Mobile, do the following additional steps:
- If you want to issue a new profile right away, check Create new profile.
- Select email notification, to send an email to the user with a QR code to activate Personal Mobile:
Select Notification: By E-mail.
Click Save. - The user can now activate Personal Mobile.
- To enable self-service, see Enable Personal Mobile self-service.
- Click Publish.
To add Personal Mobile or Personal Desktop as an available authentication method:
- In Digital Access Admin, go to Manage System > Authentication Methods.
- Click Add Authentication Method...
- Check Personal Mobile or Personal Desktop. Click Next >.
- In General Settings, enter a Display Name. The display name is shown to end users when they log in.
- If you want Digital Access to validate a response using a CA certificate, check Enable Personal Certificate Authentication. Click the ?-sign for help.
Select the Certificate Authority that issued the certificates used in Personal.
For Personal Desktop, the selected certificate authority does not work as a filter, so certificates from all certificate authorities will be displayed to the end user in Personal Desktop.
Only for Personal Mobile: if you want to enforce authentication on the same device, check Enable authentication on same device and do the following settings:
In Wait for (seconds), enter a number of seconds for the image to be displayed before being redirected to Personal Mobile.
- In Redirect Text, change the text if required.
To offer the end users an option to authenticate on the same device or on another device, you must add two separate authentication methods, one where authentication on same device is enabled (enforced) and one where it is not.
- Click Add Authentication Method Server… Select an authentication server.
- Click Next >, Next > and Next >.
In Extended Properties add relevant properties for the authentication method.
When using Enable Personal Certificate Authentication with Personal Desktop or Enable Personal Certificate Authentication together with Enable authentication on same device with Personal Mobile, it is mandatory to add both User Attribute and Certificate Attribute properties.
ExampleUser Attribute: mail
Certificate Attribute: subjectaltname-emailaddress- Click Next > and then Finish Wizard.
- Click Publish, that is marked blue, showing that updates have been done.
This article is valid for Smart ID 20.11 and later.
Related information
- Access point in Digital Access, add, set up and configure
- Add certificates in Digital Access
- Authentication methods in Digital Access
- Check supported cipher suites
- Deploy Digital Access component
- Smart ID Mobile App
- Set up Smart ID Messaging in Digital Access
Links
- About Nexus GO - Activate Personal Mobile