This article describes how to enable Nexus OTP in Nexus Hybrid Access Gateway as two-factor authentication method for SafeInspect, to replace static passwords.
Nexus OTP can be either Nexus TruID Synchronized or Nexus Personal Mobile OTP, or any other OATH-based mobile OTP application, such as Google Authenticator or Microsoft Authenticator.
With the setup described in this article, Nexus Hybrid Access Gateway functions as a RADIUS server and SafeInspect as a RADIUS client. Nexus TruID is used as an example below and is available for iOS, Android, and Windows.
Prerequisites
Make settings in Hybrid Access Gateway
Make settings in SafeInspect
- Log in to the SafeInspect administrative interface.
Navigate to Identity > External Authentication > RADIUS Servers.
Click Add RADIUS server and go to the Settings tab.
Enter the following information:
Parameter Description Address Enter the IP address of the Hybrid Access Gateway Authentication server Port Select the port of the Hybrid Access Gateway Authentication server for the particular authentication method
Shared secret Enter the RADIUS shared secret key Shared secret confirmation Confirm the RADIUS shared secret key Go to the Policy tab.
Add an authentication rule with the following settings:
Parameter Description Client-to-Hound authentication Select: Authenticate against a RADIUS server RADIUS server Select the IP address and port of the Hybrid Access Gateway Authentication server
Hound-to-target authentication Select: Mapped user credentials
Example: Log in to SafeInspect
The following example shows how an end user logs in, using Nexus Personal Mobile.
Start Nexus Personal Mobile that is installed on your laptop or smartphone - Enter your PIN to generate an OTP.
