Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: corrected links and minor updates

This article describes how to set up access to Nexus GO PDF Signing with PhenixID Authentication Services as identity provider (IDP).

The configuration is done in three steps: first preparation in PhenixID Authentication Services, then in Nexus GO PDF Signing and then configuration is completed in PhenixID.

Expandall

Prerequisites

Expand
titlePrerequisites
  • Installed PhenixID Authentication Server 2.0 or higher
  • PDF Signing Service added in Nexus GO

Step-by-step instruction

Configure PhenixID Authentication Services as identity provider

Expand
titleConfigure Identity Provider

To set up PhenixID Authentication Services as a SAML IdP:

  1. Go to the PhenixID documentation site here. Select your version of PhenixID and use In the user store, fetch the attributes mail, displayName and optionally memberOf. Attribute names may differ depending on user store type.
  2. Set up PhenixID as a SAML IdP using one of the Federation scenarios described to set up the IdP here. Or, if the desired authentication method is not provided by a scenario, use the documentation for the SAML authenticator here.
  3. In the user store, fetch the attributes mail, displayName and optionally memberOf. Attribute names may differ depending on user store type.
  4. Follow the documentation to set up PhenixID as IdP, using the Use the following configurations:
    1. Set Name ID attribute to mail and mail, displayName and memberOf (optional) as additional attributes.
    2. In Additional attributes, enter the desired attributes separated by comma, for example "mail,displayName,memberOf".
    3. Save the configuration.
  5. Login to the PhenixID configuration manager.
  6. Go to Scenarios > Federation > <newly_added_scenario> > Identity Provider.
  7. Uncheck Require signed requests.
  8. Save.
  9. Export your SAML IdP metadata:

    1. Go to the URL:
      https://<YourServerDomainName>/saml/authenticate/<authenticator_alias>?getIDPMeta

    2. Download the metadata to a xml file.

Configure PhenixID identity provider in Nexus GO

Set up Nexus GO PDF Signing to use PhenixID Authentication Services as identity provider.

Expand
titleLog in to Nexus GO
  1. Log in to the Nexus GO administration portal: 
    Go to https://login.go.nexusgroup.com/ and log in with your administrator account.


Expand
titleSet up local IDP

To set up local IDP:

  1. Click Services and Signing
  2. Select your PDF Signing environment.
  3. Click Set up local IDP
  4. Enter a Display Name (this is shown within the signing and admin portal), and upload IDP SAML Metadata that was downloaded in the previous step. Click Next.
  5. Configure SAML mappings and click Next, for example:

    email

    mail

    commonName

    displayName


  6. Configure Role mappings and click Next, for example:

    Role mappings

    Attribute

    Value

    contributor

    memberOf

    CN=Nexus GO PDF Signing Admin,OU=Groups,DC=demo,DC=phenixidentity,DC=com


    Note

    The role contributor gives a user access to the admin portal and possibility to create signing requests, multiple values can be added.
    If the check-box Everyone from this IDP is a contributor is selected, all users authenticating through the IDP will get access to the admin portal.


  7. Confirm your configuration and click Submit.
  8. Go back to the overview of your PDF Signing environment, at SAML SP Metadata, click Download.
  9. Save Logon URL for future step Optional: Add Nexus GO PDF Signing as portal item in PhenixID MyApps portal.

Add Nexus GO PDF Signing as Service Provider in PhenixID Authentication Services

In PhenixID Authentication Services, do the configuration to add Nexus GO PDF Signing as service provider.

Expand
titleAdd service provider

To add service provider:

  1. Login to the PhenixID configuration manager.
  2. Go to Scenarios > Federation > SAML Metadata upload.
  3. Click the plus sign.
  4. Add Nexus GO SAML SP Metadata by uploading the SAML SP Metadata downloaded from Nexus GO in the previous step.

Optional: Add Nexus GO PDF Signing as portal item in PhenixID MyApps portal

Optionally, you can add Nexus GO PDF Signing in the PhenixID MyApps portal, to let the users access Nexus GO PDF Signing without having to log in again. 

Expand
titleAdd portal item

To add Nexus GO PDF Signing as a portal item in the PhenixID MyApps portal:

  1. Add an additional item to MyApps using this instruction: https://support.phenixid.se/sbs/enable-myapps/#Configure_pipe.
  2. Populate the new item with these values:
    1. URL = <Logon URL from previous chapter>
    2. applicationName = Nexus GO PDF Signing