PhenixID

Step by Step – Setup PhenixID Authentication Services as Identity Provider to Nexus GO PDF Signing

Summary

This document will guide you through the steps to setup PhenixID Authentication Services (PAS) as Identity Provider to Nexus GO PDF Signing.

System Requirements

  • PhenixID Authentication Server 2.0 or higher
  • PDF Signing Service added in Nexus GO

Instruction

Configure PhenixID Authentication Services as Identity Provider

  1. Setup PhenixID Authentication Services as a SAML IdP using one of the Federation scenarios described here. (If the desired authentication method is not provided by a scenario, use the documentation for the SAML authenticator here)
  2. Fetch the mail, displayName and memberOf (OPTIONAL) attributes from the user store. Attribute names may differ depending on user store type.
  3. Use mail as Name ID attribute and mail, displayName and memberOf (OPTIONAL) as additional attributes.
  4. Save.
  5. Go to Scenarios->Federation-> <newly_added_scenario> -> Identity Provider. Deselect “Require signed requests”.
  6. Save.
  7. Then export your SAML IdP metadata by going to the URL:
    https://<YourServerDomainName>/saml/authenticate/<authenticator_alias>?getIDPMeta
    and download the metadata to a xml file.

Configure Nexus GO

  1. Log in to the Nexus GO administration portal:
    Go to https://login.go.nexusgroup.com/ and log in with your administrator account.
  2. Click Services and Signing.
  3. Select your PDF Signing environment.
  4. Click Set up local IDP
  5. Enter a Display Name (this is shown within the signing- and admin-portal), and upload IDP SAML Metadata that was downloaded from Hybrid Access Gateway in previous step. Click Next.

  6. Configure SAML mappings then click Next, our example:

    email mail
    commonName displayName

  7. Configure Role mappings then click Next, our example:

    Role mappings Attribute Value
    contributor memberOf CN=Nexus GO PDF Signing Admin,OU=Groups,DC=demo,DC=phenixidentity,DC=com

    Note: the role contributor gives a user access to the admin portal and possibility to create signing requests, multiple values can be added.
    If check-box Everyone from this IDP is a contributor is selected all users authenticating through the IDP will get access to admin portal.

  8. Confirm your configuration and click Submit.
  9. Now back at the overview of your PDF Signing environment, at SAML SP Metadata, click Download.
  10. Save Logon URL for future step Optional: Add Nexus GO PDF Signing as portal item in PhenixID MyApps portal.

Add Nexus GO PDF Signing as Service Provider in PhenixID Authentication Services

  1. Login to configuration manager
  2. Open Scenarios->Federation->SAML Metadata upload
  3. Click the plus sign
  4. Add Nexus GO SAML SP Metadata by uploading the SAML SP Metadata downloaded from Nexus GO in the previous chapter.

Optional: Add Nexus GO PDF Signing as portal item in PhenixID MyApps portal

  1. Add an additional item to MyApps using this instruction: https://support.phenixid.se/sbs/enable-myapps/#Configure_pipe.
  2. Populate new item with these values:
    1. URL = <Logon URL from previous chapter>
    2. applicationName = Nexus GO PDF Signing

 

DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se