Skip to main content
Skip table of contents

Set up Digital Access as identity provider to Nexus GO Signing

This article describes how to set up access to Nexus GO Signing with Smart ID Digital Access component as identity provider (IDP).

The configuration is done in three steps: first preparation in Digital Access, then in Nexus GO Signing and then configuration is completed in Digital Access. 

Prerequisites

Prerequisites

In Digital Access:

  • Deploy Digital Access component
  • User accounts and authentication methods configured. See for example Set up Smart ID authentication.
  • Configured access rule (called for example PDF Signing), that requires strong authentication, containing all methods used for accessing the portals and performing remote signatures.
  • For the SAML federation: Signing certificate for the SAML identity provider

In Nexus GO: 

  • Signing service added in Nexus GO.

Configure Digital Access as identity provider

In Digital Access, do the configuration to set up an Identity Provider.

Go to Digital Access Admin
  1. Log in to Digital Access Admin..
Check SAML signing certificate

Check the SAML signing certificate:

  1. Go to Manage system > Certificates
  2. Scroll down to Registered Server Certificates
  3. Verify that the certificate to be used is available, for example: idp-cert.
Configure SAML Identity Provider

Configure SAML Identity Provider:

  1. Go to Manage Resource Access > SAML Federation.
  2. Click Add SAML Federation...
  3. Enter a Display Name, for example Nexus IDP.
  4. Check Acting as Identity Provider.
  5. Uncheck Import metadata automatically.
  6. Go to the Export tab.
  7. Give a unique Entity ID: for example https://nexusville.com/idp.
  8. Select the Signing Certificate, for example idp-cert.
  9. Click Download Metadata, save the xml-file for future chapter Configure in Nexus GO.
Configure SAML Attribute Group

Configure SAML Attribute Group (example):

  1. Go to Manage Resource Access > SAML Federation.
  2. Click Manage Global SAML Federation Settings...
  3. Click Add attribute group...
  4. Enter a Display Name, for example Nexus GO PDF Signing.
  5. Click Add attribute... and enter the relevant SAML attributes for your identity provider. See the following examples:
    1. Example: SAML attributes for identity provider with user storage, such as Active Directory.

      Friendly Name

      Name (OID)

      Source

      Mandatory / Optional

      Format

      mail

      mail

      User Storage

      Mandatory

      string

      displayName

      displayName

      User Storage

      Mandatory

      string

      memberOf

      memberOf

      User Storage

      Optional

      string

      titletitleUser StorageOptionalstring
    2. Example: SAML attributes for identity provider with personal identity number, such as national BankID or Freja eID.

      Friendly Name

      Name (OID)

      Source

      Mandatory / Optional

      Format

      displayName

      displayName

      Certificate

      Mandatory

      string

      userIduserIdCertificateMandatorystring

Configure in Nexus GO

Set up Nexus GO Signing to use Digital Access as identity provider.

Log in to Nexus GO

Log in to Nexus GO:

  1. Log in to the Nexus GO administration portal: 
    Go to https://login.go.nexusgroup.com/ and log in with your administrator account.
Set up local IDP

To set up local IDP:

  1. Click Services and Signing
  2. Select your PDF Signing environment.
  3. Click Set up local IDP
  4. Enter a Display Name (this is shown within the signing- and admin-portal), and upload IDP SAML Metadata that was downloaded from Digital Access in previous step. Click Next.
  5. In Map SAML attributes, enter the attributes and then click Next.
    See the following examples:

    1. Example: SAML attributes for identity provider with user storage, such as Active Directory.

      Input fieldSAML attribute

      Email

      mail

      Display name

      displayName

    2. Example: SAML attributes for identity provider with personal identity number, such as national BankID or Freja eID. The data source is the certificate.

      Set Include user id to On.

      Input fieldSAML attribute
      User iduserId

      Display name

      displayName

  6. In Select contributors, define what users need admin rights, that is to create signing requests in the Nexus GO Signing portal. When you are ready, click Next.
    See the following example:

    Select contributors

    Attribute

    Value

    Contributor

    memberOf

    CN=PDF Signing Admin,OU=Users,DC=nexusville,DC=com

    Note: the role contributor gives a user access to the admin portal and possibility to create signing requests, multiple values can be added.

    If the checkbox Everyone from this IDP is a contributor is selected, all users authenticating through the IDP will get access to admin portal.

  7. Confirm your configuration and click Submit.
  8. Now back at the overview of your PDF Signing environment, at SAML SP Metadata, click Download.
  9. Save Logon URL for future step Optional: Add Nexus GO Signing as portal item in Digital Access.

Add Nexus GO Signing as Service Provider in Digital Access

In Digital Access, do the configuration to add Nexus GO Signing as service provider.

Go to Digital Access Admin
  1. Log in to Digital Access Admin.
Add service provider

To add service provider:

  1. Go to Manage Resource Access > SAML Federation.
  2. Click the Identity Provider created earlier, for example Nexus IDP, see Configure Digital Access as Identity Provider.
  3. Go to the Role Identity Provider tab and click Add service provider...
  4. Verify that SAML 2.0 is checked.
  5. Upload SAML 2.0 metadata, click Choose file and select the SAML SP Metadata downloaded from Nexus GO in the previous chapter. Click Next.
  6. Confirm import of unsigned metadata by clicking Yes.
  7. Click Finish Wizard.
  8. In Role Identity Provider under Registered Service Providers, click the created service provider.
  9. Go to the Assertion Settings tab.
  10. Under Attribute Statement and Attribute Group, select the group you created in previous step, our example Nexus GO PDF Signing.
  11. Go to the Access Rules tab.
  12. Select the already created access rule (for example called PDF Signing), to define what authentication methods are allowed: 
    In Available Access Rules: select PDF Signing, and click Add.
  13. Click Save.
Publish updates
  1. Click Publish to publish the updates.
    The configuration in Digital Access is ready. 

Optional: Add Nexus GO Signing as a portal item in Digital Access

Optionally, you can add Nexus GO Signing in the Digital Access application portal, to let the users access Nexus GO Signing without having to log in again. The portal item shall be protected with the same access rule as selected for the service provider. For more information, see the Prerequisites.

Go to Digital Access Admin
  1. Log in to Digital Access Admin.
Add portal item

To add Nexus GO Signing as a portal item in the Digital Access application portal:

  1. In Digital Access Admin, go to Browse.
  2. Go to access-point/custom-files/wwwroot.
  3. Create a file named nexusgopdfsigning.html and add the text below. Change the italic text to fit your configuration:

    Example: login page

    <html>
      <head>
        <script type="text/JavaScript">
          location.href = "<your Logon URL from Nexus GO Administration portal>";
        </script>
      </head>
    <body>
    </body>
    </html>

  4. In Digital Access Admin, go to Manage Resource Access.
  5. Click Web Resources.
  6. Select Access Point and click Add Resource Path...
  7. Check Enable resource and enter the path, for example nexusgopdfsigning.html.
  8. Uncheck Use Parent Authorization.
  9. Check Make resource available in the portal.
  10. Select Icon and enter Link text, for example Nexus GO PDF Signing.
  11. Click Next.
  12. Select the already created access rule (for example called PDF Signing), to define what authentication methods are allowed: 
    In Available Access Rules: select PDF Signing, and click Add.
  13. Click Save.
Publish updates
  1. Click Publish to publish the updates.
    The configuration in Digital Access is ready. 

Related information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.