Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

This article describes how to enable Nexus OTP in Nexus Hybrid Access Gateway as two-factor authentication method for SafeInspect, to replace static passwords.

Nexus OTP can be either Nexus TruID Synchronized or Nexus Personal Mobile OTP, or any other OATH-based mobile OTP application, such as Google Authenticator or Microsoft Authenticator. 

With the setup described in this article, Nexus Hybrid Access Gateway functions as a RADIUS server and SafeInspect as a RADIUS client. Nexus TruID is used as an example below and is available for iOS, Android, and Windows.


Prerequisites

 Prerequisites

Make settings in Hybrid Access Gateway

 Log in to Hybrid Access Gateway administration interface
  1. Log in to the Hybrid Access Gateway administration interface with your admin user.
 Add SafeInspect as a RADIUS client
In step 3, enter the IP Address of the RADIUS Client (SafeInspect) and the Shared Secret Key.

  1. In Digital Access Admin, go to Manage System.

  2. Click RADIUS Configuration > Add RADIUS Client...

  3. Enter General Settings and Attributes. Click the ?-sign for help.

  4. Click Save.

 Enable authentication method

Nexus Personal Mobile is used as an example, see Set up Smart ID (Personal) authentication.

Make settings in SafeInspect

 Add Hybrid Access Gateway as RADIUS Server
  1. Log in to the SafeInspect administrative interface.
  2. Navigate to Identity > External Authentication > RADIUS Servers.

  3. Click Add RADIUS server and go to the Settings tab.

  4. Enter the following information:

    ParameterDescription
    AddressEnter the IP address of the Hybrid Access Gateway Authentication server
    Port

    Select the port of the Hybrid Access Gateway Authentication server for the particular authentication method

    Shared secretEnter the RADIUS shared secret key
    Shared secret confirmationConfirm the RADIUS shared secret key
  5. Go to the Policy tab.

  6. Add an authentication rule with the following settings:

    ParameterDescription
    Client-to-Hound authenticationSelect: Authenticate against a RADIUS server
    RADIUS server

    Select the IP address and port of the Hybrid Access Gateway Authentication server

    Hound-to-target authentication

    Select: Mapped user credentials

Example: Log in to SafeInspect

The following example shows how an end user logs in, using Nexus Personal Mobile.


 Use Nexus Personal Mobile as 2FA to log in to SafeInspect
  1. Start Nexus Personal Mobile that is installed on your laptop or smartphone - Enter your PIN to generate an OTP.

  • No labels