This article describes how to connect an external identity provider (IdP) to Nexus GO Signing.
To use an external identity provider, the connection must be configured both in the identity provider and in Nexus GO. For example, some user attributes must have the same names in both services, and metadata from each service must be uploaded in the other.
Nexus GO uses attributes in the SAML response and add them to the PDF signature.
commonName is mandatory and is used to display the name of the signer in the PDF document.
The SAML response must contain either
userId. Both of them can be included but at least one of them is mandatory. They are used to check the identity of the signer to verify that the signer has permission to view the signing request and the documents. It is configurable which attributes from the IdP that map
userId in the SAML response.
The IdP can also provide the optional attribute
title, which will be displayed in the visual signature in the PDF (for example
For more information on how to set up specific identity providers in Nexus GO, see here:
Check the configured SAML attribute names in the identity provider for the following attributes:
commonName, and enter them in the corresponding fields.
The attribute names in Nexus GO must match those that are configured in the identity provider for the connection to work.
Either check Everyone from this Identity Provider is a contributor, or enter an attribute and values to define specific users to be contributors.
To let all members of the user groups
IT be contributors, use these values:
attribute = memberOf, value = admin, value = IT
If there is no group already in the user directory to define the contributors, you can create such a group.