Your own ID-Server
On premise installations of SecSign ID offer the flexibility to connect with your preferred servers, services, and devices. And you can customize the SecSign ID with your own organization’s branding.
Learn MoreUse SecSign ID NextCloud two factor authentication for your NextCloud account to securely protect all your data in the cloud. Works for iOS or Android mobile devices as well as for desktop.
NextCloud offers convenient cloud storage for all kinds of data, both for small scale and big scale operations. With end-to-end encryption and customized choice of server it provides next-level protection for important data. By adding SecSign ID Two-Factor Authentication the login is protected from hacker attacks while offering a convenient login experience for the user.
Questions? Feel free to get in touch with us if you need help setting up your SecSign ID plugin or to request a plugin for a not yet supported environment.
MORE INFORMATIONTo integrate the SecSign ID Two-Factor Authentication with NextCloud you first need to setup an account with NextCloud and decide, where you want the server to be based off. More information on server options are available on the NextCloud website.
You also need access to the SecSign ID administrative panel. If you need assistance managing your administrative account please contact us.
In the NextCloud admin web site open the Apps dialog and select “Authentication & Authorization” from the list. Enable “SSO & SAML authentication”.
In the NextCloud admin web site open the SSO & SAML authentication dialog.
Select “Use build-in SAML authentication”.
Enter “uid” (without the quotes) as attribute to map the UID to. Then enter the Identifier of the IdP entity. It consists of the URL of the SecSign ID admin web site plus “/SAML_Login”.
For Example: https://admin.secsign.com/SAML_Login
Enter the same URL also as URL Target of the IdP where the SP will send the Authentication Request Message.
Then Select “Show optional Identity Provider settings …” Paste the PEM encoded certificate which you have configured to sign SAML responses in the SecSign ID Server as “Public X.509 certificate of the IdP”.
PEM encoding starts with “—–BEGIN CERTIFICATE—–“.
Click at “Download metadata XML”. Open the meta data XML file in a browser or a text editor.
Open the “SAML Service Provider” dialog in the SecSign admin web site and click at “Create new SAML response attribute”. Enter “uid” (without the quotes) as name in SAML response. Leave Format empty.
Select “SecSign ID Server” as Attribute Store and “SecSign ID” as Source attribute and save.
Select “New SAML service provider” and choose a name. For example: NextCloud. Select “SecSign ID Server” as NameID Attribute Store and select “SecSign ID” as NameID source attribute.
Leave NameID format empty.
Copy the URL from entityID from the metadata file to the “Service Provider Issuer” text field in the SecSign admin dialog.
Copy the URL from AssertionConsumerService in the metadata file to the “SAML response URL” text field in the SecSign admin dialog.
Leave RelayState, Audience Restriction and Auth Context empty.
Choose the user group to sign the SAML responses. For example: SAML response signers.
Select “Server selects” for Hash algorithm and “Server selects” for PSS padding. Select the SAML attribute “secsignid: from SecSign ID Server (uid)” and Save.
Keep the browser showing the NextCloud admin web site session open! Use another browser to test the NextCloud log-in. If it fails use the still open first browser to display the “Logging” dialog of NextCloud and see the error message.
On premise installations of SecSign ID offer the flexibility to connect with your preferred servers, services, and devices. And you can customize the SecSign ID with your own organization’s branding.
Learn MoreWe are happy to announce that the SecSign ID server has passed the official FIDO certification program of the FIDO Alliance. This will allow you to use the complete FIDO2/WebAuthn standard for passwordless 2FA sign-ins in your exi ...
Mehr LesenThe FIDO2 Project is a set of standards developed by the FIDO Alliance and the World Wide Web Consortium (W3C) to create a strong authentication protocol for the web. It consist mainly of the WebAuth standard for the browser part ...
Mehr LesenIn the recent weeks, home office work has increased potentially. And while employees are practicing social distancing from their home computer, attackers are working hard to exploit security issues in this situation that is unfami ...
Mehr LesenWant to learn more about SecSign’s innovative and highly secure
solutions for protecting your user accounts and sensitive data?
Use our contact form to submit your information, and a SecSign sales representative will contact you within one business day.
If you need assistance with an existing SecSign account or product
installation, please see the FAQs for more information on the most common questions. You don’t find the solution to your problem? Don’t hesitate to contact the
Product Support
I am Interested in