Skip to main content
Skip table of contents

Set up Azure Active Directory as identity provider to Nexus GO PDF Signing

This article describes how to set up access to Nexus GO Signing with Azure Active Directory as identity provider (IDP).

The configuration is done in three steps: first preparation in Azure Active Directory, then in Nexus GO Signing and then configuration is completed in Azure Active Directory. 



In Azure Active Directory:

In Nexus GO

  • PDF Signing environment created in Nexus GO.

Configure Nexus GO Signing as an Enterprise application in Azure Active Directory

In Azure Active Directory, do the configuration to set up Nexus GO Signing as an Enterprise application using SAML 2.0 federation.

Log in to Azure portal
Configure Enterprise application
  1. Go to Azure Active Directory, click Enterprise applications.
  2. Click New application and Non-gallery application.
  3. Enter a Name, for example Nexus GO Signing, click Add.
  4. In Quick Start, click Single sign-on.
  5. In the drop-down list Single Sign-on Mode, choose SAML-based Sign-on.
  6. Under bullet number 3. User Attributes, check View and edit all other user attributes.
  7. Click Add attribute, Name=emailaddress, Value=user.mail, click OK.
  8. Click Add attribute, Name=displayname, Value=user.displayname, click OK.
  9. Optional: Click Add attribute, Name=role, Value=user.assignedroles, click OK.
  10. Optional: Remove attributes not used in federation (surname, givenname, name etc).
  11. Scroll down to bullet number 4. SAML Signing Certificate. In column Download, click Metadata XML, and save it for next step ("Configure in Nexus GO").
  12. Stay on this web page but open a new tab.

This example uses a custom administrator role, configured for the service, to determine which users/groups that will get admin access in Nexus GO Signing. There are other ways to do this, for example, to use other attributes from Azure Active Directory, such as department or title.

Configure in Nexus GO

Set up Nexus GO Signing to use Azure Active Directory as identity provider.

Log in to Nexus GO
Set up local IDP
  1. In the Nexus GO administration portal, click Services and Signing
  2. Select your PDF Signing environment.
  3. Click Set up local IDP
  4. Enter a Display Name (this is shown within the signing- and admin-portal), and upload IDP SAML Metadata that was downloaded from the Azure Portal in previous step. Click Next.
  5. Configure SAML mappings then click Next, our example:





  6. Optional: Configure Role mappings then click Next, our example:

    Role mappings






    The role Contributor gives a user access to the admin portal and possibility to create signing requests. To add multiple values, use the +.
    If the check-box Everyone from this IDP is a contributor is selected, all users authenticating through the IDP will get access to the Nexus GO administration portal.

  7. Confirm your configuration and click Submit.
  8. Now back at the overview of your PDF Signing environment, at SAML SP Metadata, click Download.
  9. Copy Logon URL to clipboard.

Continue to configure Nexus GO Signing as an Enterprise application

In Azure Active Directory, continue to configure Nexus GO Signing as an Enterprise application.

Continued configuration in Azure Portal
  1. Go back to the Azure Portal tab.
  2. Under bullet number 2. Nexus GO PDF Signing Domain and URLs, click Upload metadata file, and select the SAML SP Metadata downloaded from Nexus GO.
  3. In Sign on URL, paste Logon URL from clipboard.
  4. Click Save.

Change Enterprise application properties

Configure appearance and make the application visible to end users.

Log in to Azure portal
Change properties of the Enterprise application
  1. Go to Azure Active Directory, click Enterprise applications.
  2. Click Nexus GO PDF Signing.
  3. Click Properties.
    1. Upload one of the logotypes (215x215 pixels PNG format, first download and save the wanted logotype).
    2. User assignment required – If yes, assign users and/or groups manually in Users and groups menu.
    3. Visible to end users – If yes, assigned users will see the application on their access panel and Office 365 app launcher.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.