Set up Azure Active Directory as identity provider to Nexus GO PDF Signing
This article describes how to set up access to Nexus GO Signing with Azure Active Directory as identity provider (IDP).
The configuration is done in three steps: first preparation in Azure Active Directory, then in Nexus GO Signing and then configuration is completed in Azure Active Directory.
Prerequisites
Prerequisites
In Azure Active Directory:
User accounts, roles and appropriate licenses configured.
Go to Azure Active Directory, click Enterprise applications.
Click New application and Non-gallery application.
Enter a Name, for example Nexus GO Signing, click Add.
In Quick Start, click Single sign-on.
In the drop-down list Single Sign-on Mode, choose SAML-based Sign-on.
Under bullet number 3. User Attributes, check View and edit all other user attributes.
Click Add attribute, Name=emailaddress, Value=user.mail, click OK.
Click Add attribute, Name=displayname, Value=user.displayname, click OK.
Optional: Click Add attribute, Name=role, Value=user.assignedroles, click OK.
Optional: Remove attributes not used in federation (surname, givenname, name etc).
Scroll down to bullet number 4. SAML Signing Certificate. In column Download, click Metadata XML, and save it for next step ("Configure in Nexus GO").
Stay on this web page but open a new tab.
This example uses a custom administrator role, configured for the service, to determine which users/groups that will get admin access in Nexus GO Signing. There are other ways to do this, for example, to use other attributes from Azure Active Directory, such as department or title.
Configure in Nexus GO
Set up Nexus GO Signing to use Azure Active Directory as identity provider.
Log in to Nexus GO
Log in to the Nexus GO administration portal:
Go to https://login.go.nexusgroup.com/ and log in with your administrator account.
Set up local IDP
In the Nexus GO administration portal, click Services and Signing.
Select your PDF Signing environment.
Click Set up local IDP
Enter a Display Name (this is shown within the signing- and admin-portal), and upload IDP SAML Metadata that was downloaded from the Azure Portal in previous step. Click Next.
Configure SAML mappings then click Next, our example:
email
emailaddress
displayName
displayname
Optional: Configure Role mappings then click Next, our example:
Role mappings
Attribute
Value
Contributor
role
signadmin
The role Contributor gives a user access to the admin portal and possibility to create signing requests. To add multiple values, use the +.
If the check-box Everyone from this IDP is a contributor is selected, all users authenticating through the IDP will get access to the Nexus GO administration portal.
Confirm your configuration and click Submit.
Now back at the overview of your PDF Signing environment, at SAML SP Metadata, click Download.
Copy Logon URL to clipboard.
Continue to configure Nexus GO Signing as an Enterprise application
In Azure Active Directory, continue to configure Nexus GO Signing as an Enterprise application.
Continued configuration in Azure Portal
Go back to the Azure Portal tab.
Under bullet number 2. Nexus GO PDF Signing Domain and URLs, click Upload metadata file, and select the SAML SP Metadata downloaded from Nexus GO.
In Sign on URL, paste Logon URL from clipboard.
Click Save.
Change Enterprise application properties
Configure appearance and make the application visible to end users.
Go to Azure Active Directory, click Enterprise applications.
Click Nexus GO PDF Signing.
Click Properties.Upload one of the logotypes (215x215 pixels PNG format, first download and save the wanted logotype).User assignment required – If yes, assign users and/or groups manually in Users and groups menu.Visible to end users – If yes, assigned users will see the application on their access panel and Microsoft 365 app launcher.
