Migration to SSO

We are introducing a new SaaS deployment technology, which supports Single Sign-On (SSO) with your company user account (see SaaS Using Single Sign-On (SSO)). SaaS customers currently using RemoteApp are being gradually migrated to this new solution.

Below are the key changes and improvements you can expect following the migration:

Key Differences

  • Unified Login Portal: You will now have a single login portal for both NEXUS IC and IC-Web. For more information about the new login process, see SaaS Login.

  • Corporate Credentials: Use your corporate credentials for SSO, eliminating the need to remember separate login details or contacting Wood for password resets.

  • Local File System Access: You can now upload and download files directly to and from your local file system. Files saved out of NEXUS will be saved to your local Downloads folder.

  • Local Browser URLs: URLs will load in your local browser for a more seamless experience.

  • File Import Format: Imports can only be performed using the CSV file format (importing directly from XLSX files is not supported).

  • Application Window Extents: The application window is limited to the extents of the browser window, meaning dialogs within the application cannot be dragged outside of the browser’s window.

Known Issues

Feature

Issue

Wood Internal Reference

INSPECTION Screen

Panes can be docked between locations. However, floating panes cannot be redocked without loading the saved desktop.

#76018

Copy & Paste

To enable copying and pasting data from NEXUS to other applications, you must first ensure that the clipboard is enabled in your browser. Some browsers prompt you if it is not allowed, but others, such as Safari, deny it by default. In this case, disable any content blockers for the NEXUS application in your browser settings.

#72409

4K and 5K Monitors

On very high resolution monitors at maximum display setting, the application window may not extend to fill the full-screen browser window.

#76037

Application Window

After maximising the application window, it may appear cropped within the browser window. To resolve this, click the Restore Down button and then maximise the window again, or manually resize the browser window to force the application to redraw correctly.

#80327

Frequently Asked Questions (FAQs)

Question

Answer

What changes in user access when transitioning from RemoteApp to SSO?

Once the transition to SSO is complete, all users accessing your data, including contractors and inspectors using the IC-Inspector app, will need to log in using a domain account from your organisation. This replaces the current setup where Wood manages access via nexusic domain accounts.

Why are we switching to SSO?

There are two key reasons for this transition:

  1. Cybersecurity – SSO enforces strict access controls. This prevents unauthorised users, whether external attackers or internal personnel, from gaining access to confidential or sensitive information.

  2. Access Control – Your organisation will now have full control over who can access your data.

Who controls access to our data under SSO?

With SSO, your organisation will have complete control over user access. Your IT team will manage domain accounts and, if configured, Active Directory (AD) group memberships that determine access to NEXUS.

What login credentials will users need?

Users must authenticate using a corporate domain account created by your IT team. Temporary or transient users can be provisioned without Office 365 licenses or email accounts, if needed, however, these accounts must still be created and managed within your company’s domain.

Can third-party contractor domains be granted access to NEXUS?

No, Wood cannot grant access. Allowing access to third-party contractor domains poses a security risk and may lead to unintended data exposure. For example, if your organisation grants access to AAA Inspection Company, and another NEXUS client also uses AAA, inspectors from AAA could potentially access data from both organisations. To maintain data integrity and security, access must be managed strictly within your organisation’s domain.

Do you support any identity providers other than Microsoft Entra ID?

No. SaaS customers must register the application using Microsoft Entra ID. However, it is possible to retain your own authentication application (for example, Ping Federate, Shibboleth, Okta). Microsoft Entra ID supports federation with other identity providers using OpenID Connect (OIDC) and SAML 2.0 protocols.

Can we continue using RemoteApp?

No. All customers are required to migrate to SSO. The RemoteApp system will be decommissioned as soon as practically possible.