Page tree
Skip to end of metadata
Go to start of metadata

This article describes how to set up access to Nexus GO PDF Signing with Azure Active Directory as identity provider (IDP).

The configuration is done in three steps: first preparation in Azure Active Directory, then in Nexus GO PDF Signing and then configuration is completed in Azure Active Directory. 

Expand/Collapse All

Prerequisites

 Prerequisites

In Azure Active Directory:

In Nexus GO

  • PDF Signing environment created in Nexus GO.

Configure Nexus GO PDF Signing as an Enterprise application in Azure Active Directory

In Azure Active Directory, do the configuration to set up Nexus GO PDF Signing as an Enterprise application using SAML 2.0 federation.

 Log in to Azure portal

1. Go to https://portal.azure.com and log in with your administrator account.

 Configure Enterprise application
  1. Go to Azure Active Directory, click Enterprise applications.
  2. Click New application and Non-gallery application.
  3. Enter a Name, for example Nexus GO PDF Signing, click Add.
  4. In Quick Start, click Single sign-on.
  5. In the drop-down list Single Sign-on Mode, choose SAML-based Sign-on.
  6. Under bullet number 3. User Attributes, check View and edit all other user attributes.
  7. Click Add attribute, Name=emailaddress, Value=user.mail, click OK.
  8. Click Add attribute, Name=displayname, Value=user.displayname, click OK.
  9. Optional: Click Add attribute, Name=role, Value=user.assignedroles, click OK.
  10. Optional: Remove attributes not used in federation (surname, givenname, name etc).
  11. Scroll down to bullet number 4. SAML Signing Certificate. In column Download, click Metadata XML, and save it for next step ("Configure in Nexus GO").
  12. Stay on this web page but open a new tab.

This example uses a custom administrator role, configured for the service, to determine which users/groups that will get admin access in Nexus GO PDF Signing. There are other ways to do this, for example, to use other attributes from Azure Active Directory, such as department or title.

Configure in Nexus GO

Set up Nexus GO PDF Signing to use Azure Active Directory as identity provider.

 Log in to Nexus GO
  1. Log in to the Nexus GO administration portal: 
    Go to https://login.go.nexusgroup.com/ and log in with your administrator account.
 Set up local IDP
  1. In the Nexus GO administration portal, click Services and Signing
  2. Select your PDF Signing environment.
  3. Click Set up local IDP
  4. Enter a Display Name (this is shown within the signing- and admin-portal), and upload IDP SAML Metadata that was downloaded from the Azure Portal in previous step. Click Next.
  5. Configure SAML mappings then click Next, our example:

    email

    emailaddress

    displayName

    displayname

  6. Optional: Configure Role mappings then click Next, our example:

    Role mappings

    Attribute

    Value

    Contributor

    role

    signadmin

    The role Contributor gives a user access to the admin portal and possibility to create signing requests. To add multiple values, use the +.
    If the check-box Everyone from this IDP is a contributor is selected, all users authenticating through the IDP will get access to the Nexus GO administration portal.

  7. Confirm your configuration and click Submit.
  8. Now back at the overview of your PDF Signing environment, at SAML SP Metadata, click Download.
  9. Copy Logon URL to clipboard.

Continue to configure Nexus GO PDF Signing as an Enterprise application

In Azure Active Directory, continue to configure Nexus GO PDF Signing as an Enterprise application.

 Continued configuration in Azure Portal
  1. Go back to the Azure Portal tab.
  2. Under bullet number 2. Nexus GO PDF Signing Domain and URLs, click Upload metadata file, and select the SAML SP Metadata downloaded from Nexus GO.
  3. In Sign on URL, paste Logon URL from clipboard.
  4. Click Save.

Change Enterprise application properties

Configure appearance and make the application visible to end users.

 Log in to Azure portal
  1. Go to https://portal.azure.com and log in with your administrator account.
 Change properties of the Enterprise application
  1. Go to Azure Active Directory, click Enterprise applications.
  2. Click Nexus GO PDF Signing.
  3. Click Properties.
    1. Upload one of the logotypes (215x215 pixels PNG format, first download and save the wanted logotype).


    2. User assignment required – If yes, assign users and/or groups manually in Users and groups menu.
    3. Visible to end users – If yes, assigned users will see the application on their access panel and Office 365 app launcher.