Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article describes how to enable Nexus OTP

in Nexus Hybrid Access Gateway as

in Smart ID Digital Access component as two-factor authentication method for SafeInspect, to replace static passwords.

Nexus OTP can be either Nexus TruID Synchronized or 

Nexus Personal

Smart ID Mobile App OTP, or any other OATH-based mobile OTP application, such as Google Authenticator or Microsoft Authenticator. 

With the setup described in this article,

Nexus Hybrid

Digital Access

Gateway

functions as a RADIUS server

and SafeInspect

and SafeInspect as a RADIUS client. Nexus TruID is used as an example below and

is available

is available for iOS, Android, and Windows.

Related information

Authentication methods

  • Deploy Hybrid Access Gateway and do initial setup
  • Nexus Hybrid Access Gateway
  • Nexus Personal Mobile
  • Set up RADIUS client
  • Links

    Prerequisites

    Expand
    titlePrerequisites
    Installed and deployed Hybrid Access Gateway, see Deploy Hybrid Access Gateway and do initial setup

    Make settings

    in Hybrid

    in Digital Access

    Gateway

    Expand
    titleLog in to

    Hybrid
    Digital Access
    Gateway administration interface
    Admin
    1. Log in to
    the Hybrid Access Gateway administration interface with your admin user
    1. Digital Access Admin with an administrator account.


    Expand
    titleAdd SafeInspect as a RADIUS client


    Note
    In step 3, enter the IP Address of the RADIUS Client (SafeInspect) and the Shared Secret Key.

    Insert excerpt
    Set up RADIUS client in Digital Access
    Set up RADIUS client in Digital Access
    nopaneltrue


    Expand
    titleEnable authentication method
    Nexus Personal

    Smart ID Mobile App is used as an example, see Set up

    Personal

    Smart ID authentication.

    Make settings in SafeInspect

    Expand
    titleAdd
    Hybrid
    Digital Access
    Gateway
    as RADIUS Server
    1. Log in to the SafeInspect administrative interface.
    2. Navigate to Identity > External Authentication > RADIUS Servers.

    3. Click Add RADIUS server and go to the Settings tab.

      Image Modified

    4. Enter the following information:

      ParameterDescription
      AddressEnter the IP address of the
    Hybrid
    1. Digital Access
    Gateway
    1. Authentication server
      Port

      Select the port of

    the Hybrid
    1. the Digital Access

    Gateway
    1. Authentication server for the particular authentication method

      Shared secretEnter the RADIUS shared secret key
      Shared secret confirmationConfirm the RADIUS shared secret key


    2. Go to the Policy tab.

    3. Add an authentication rule with the following settings:

      ParameterDescription
      Client-to-Hound authenticationSelect: Authenticate against a RADIUS server
      RADIUS server

      Select the IP address and port of

    the Hybrid
    1. the Digital Access

    Gateway
    1. Authentication server

      Hound-to-target authentication

      Select: Mapped user credentials


    Example: Log in to SafeInspect

    The following example shows how an end user logs in, using

    Nexus Personal

    Smart ID Mobile App.



    Expand
    titleUse
    Nexus Personal
    Smart ID Mobile App as 2FA to log in to SafeInspect
    Start Nexus Personal
    1. Start Smart ID Mobile App that is installed on your laptop or smartphone - Enter your PIN to generate an OTP.
      Image ModifiedImage ModifiedImage ModifiedImage Modified

    Related information