This article describes how to enable Nexus OTP in Smart ID Digital Access component as two-factor authentication method for SafeInspect, to replace static passwords.
Nexus OTP can be either Nexus TruID Synchronized or Smart ID Mobile App OTP, or any other OATH-based mobile OTP application, such as Google Authenticator or Microsoft Authenticator.
With the setup described in this article, Digital Access functions as a RADIUS server and SafeInspect as a RADIUS client. Nexus TruID is used as an example below and is available for iOS, Android, and Windows.
Make settings in Digital Access
Make settings in SafeInspect
Add Digital Access as RADIUS Server
-
Log in to the SafeInspect administrative interface.
-
Navigate to Identity > External Authentication > RADIUS Servers.
-
Click Add RADIUS server and go to the Settings tab.
-
Enter the following information:
Parameter
Description
Address
Enter the IP address of the Digital Access Authentication server
Port
Select the port of the Digital Access Authentication server for the particular authentication method
Shared secret
Enter the RADIUS shared secret key
Shared secret confirmation
Confirm the RADIUS shared secret key
-
Go to the Policy tab.
-
Add an authentication rule with the following settings:
Parameter
Description
Client-to-Hound authentication
Select: Authenticate against a RADIUS server
RADIUS server
Select the IP address and port of the Digital Access Authentication server
Hound-to-target authentication
Select: Mapped user credentials
Example: Log in to SafeInspect
The following example shows how an end user logs in, using Smart ID Mobile App.
Use Smart ID Mobile App as 2FA to log in to SafeInspect
-
Start Smart ID Mobile App that is installed on your laptop or smartphone - Enter your PIN to generate an OTP.
