Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article describes how to enable Nexus OTP in Smart ID Digital Access component as two-factor authentication method for SafeInspect, to replace static passwords.

Nexus OTP can be either Nexus TruID Synchronized or Smart ID Mobile App OTP, or any other OATH-based mobile OTP application, such as Google Authenticator or Microsoft Authenticator. 

With the setup described in this article, Digital Access functions as a RADIUS server and SafeInspect as a RADIUS client. Nexus TruID is used as an example below and is available for iOS, Android, and Windows.

Expand
titlePrerequisites

Make settings in Digital Access

Expand
titleLog in to Digital Access Admin
  1. Log in to Digital Access Admin with an administrator account.


Expand
titleAdd SafeInspect as a RADIUS client


Note
In step 3, enter the IP Address of the RADIUS Client (SafeInspect) and the Shared Secret Key.

Insert excerpt
Set up RADIUS client in Digital Access
Set up RADIUS client in Digital Access
nopaneltrue


Expand
titleEnable authentication method

Smart ID Mobile App is used as an example, see Set up Smart ID authentication.

Make settings in SafeInspect

Expand
titleAdd Digital Access as RADIUS Server
  1. Log in to the SafeInspect administrative interface.
  2. Navigate to Identity > External Authentication > RADIUS Servers.

  3. Click Add RADIUS server and go to the Settings tab.

  4. Enter the following information:

    ParameterDescription
    AddressEnter the IP address of the Digital Access Authentication server
    Port

    Select the port of the Digital Access Authentication server for the particular authentication method

    Shared secretEnter the RADIUS shared secret key
    Shared secret confirmationConfirm the RADIUS shared secret key


  5. Go to the Policy tab.

  6. Add an authentication rule with the following settings:

    ParameterDescription
    Client-to-Hound authenticationSelect: Authenticate against a RADIUS server
    RADIUS server

    Select the IP address and port of the Digital Access Authentication server

    Hound-to-target authentication

    Select: Mapped user credentials


Example: Log in to SafeInspect

The following example shows how an end user logs in, using Smart ID Mobile App.



Expand
titleUse Smart ID Mobile App as 2FA to log in to SafeInspect
  1. Start Smart ID Mobile App that is installed on your laptop or smartphone - Enter your PIN to generate an OTP.

Related information