Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated to Smart ID names

This article describes how to enable Nexus OTP in Nexus in Smart ID Digital Access component (Hybrid Access Gateway as ) as two-factor authentication method for SafeInspect, to replace static passwords.

Nexus OTP can be either Nexus TruID Synchronized or Nexus Smart ID Mobile App (Personal Mobile) OTP, or any other OATH-based mobile OTP application, such as Google Authenticator or Microsoft Authenticator. 

With the setup described in this article, Nexus Hybrid Digital Access Gateway functions as a RADIUS server and SafeInspect as a RADIUS client. Nexus TruID is used as an example below and is available for iOS, Android, and Windows.




Make settings

in Hybrid

in Digital Access


titleLog in to Hybrid Digital Access Gateway administration interfaceAdmin
  1. Log in to the Hybrid Access Gateway administration interface with your admin userDigital Access Admin with an administrator account.

titleAdd SafeInspect as a RADIUS client

In step 3, enter the IP Address of the RADIUS Client (SafeInspect) and the Shared Secret Key.

Excerpt Include
Set up RADIUS client in Digital Access
Set up RADIUS client in Digital Access

titleEnable authentication method

Nexus Personal Smart ID Mobile App is used as an example, see Set up Smart ID (Personal) authentication.

Make settings in SafeInspect

titleAdd Hybrid Digital Access Gateway as RADIUS Server
  1. Log in to the SafeInspect administrative interface.
  2. Navigate to Identity > External Authentication > RADIUS Servers.

  3. Click Add RADIUS server and go to the Settings tab.

  4. Enter the following information:

    AddressEnter the IP address of the
    Digital Access
    Authentication server

    Select the port of

    the Hybrid

    the Digital Access


    Authentication server for the particular authentication method

    Shared secretEnter the RADIUS shared secret key
    Shared secret confirmationConfirm the RADIUS shared secret key

  5. Go to the Policy tab.

  6. Add an authentication rule with the following settings:

    Client-to-Hound authenticationSelect: Authenticate against a RADIUS server
    RADIUS server

    Select the IP address and port of

    the Hybrid

    the Digital Access


    Authentication server

    Hound-to-target authentication

    Select: Mapped user credentials

Example: Log in to SafeInspect

The following example shows how an end user logs in, using Nexus Personal Smart ID Mobile App.

titleUse Nexus Personal Smart ID Mobile App as 2FA to log in to SafeInspect
  1. Start Nexus Personal Start Smart ID Mobile App that is installed on your laptop or smartphone - Enter your PIN to generate an OTP.