Skip to main content
Nexus Access Vault supports multiple authentication methods to suit your organization’s needs.

Authentication Methods

Nexus Access Vault provides three authentication options:
  • Email/Password - Traditional authentication with Supabase
  • Google OAuth - Sign in with Google accounts
  • Corporate SSO - Enterprise single sign-on via Zitadel

First-Time Setup

1

Access the login page

Navigate to your Nexus Access Vault instance:
http://localhost:8080
# or your configured host
You’ll see the authentication page with the Neogenesys branding.
2

Create your first account

Click “Don’t have an account? Sign up” to switch to registration mode.Fill in the registration form:
  • Full Name - Your complete name (minimum 2 characters)
  • Email - A valid email address
  • Password - At least 6 characters
// Validation schema
{
  email: z.string().email('Invalid email address'),
  password: z.string().min(6, 'Password must be at least 6 characters'),
  fullName: z.string().min(2, 'Name must be at least 2 characters')
}
3

Verify your email

After registration, check your email for a verification link from Supabase.
In development mode, you may be automatically logged in without email verification.
4

Access the dashboard

Once authenticated, you’ll be redirected to /dashboard where you can:
  • View your applications
  • Manage devices
  • Access resources
  • Configure settings

Email/Password Authentication

The default authentication method uses Supabase Auth: 
// Sign up
const { error } = await supabase.auth.signUp({
  email,
  password,
  options: {
    emailRedirectTo: `${window.location.origin}/dashboard`,
    data: {
      full_name: fullName
    }
  }
});

// Sign in
const { error } = await supabase.auth.signInWithPassword({
  email,
  password
});

Password Requirements

  • Minimum length: 6 characters
  • No maximum length
  • Supports all characters including special symbols
Use strong passwords with a mix of uppercase, lowercase, numbers, and special characters.

Google OAuth

Sign in with your Google account for seamless authentication:
1

Configure Google OAuth in Supabase

  1. Navigate to Authentication > Providers in your Supabase dashboard
  2. Enable Google provider
  3. Add your OAuth credentials from Google Cloud Console
2

Set redirect URL

Add your application URL to authorized redirect URIs:
http://localhost:8080
https://your-domain.com
3

Sign in with Google

On the login page, click “Iniciar sesión con Google” to authenticate.

Corporate SSO (Zitadel)

Enterprise users can authenticate via Zitadel OIDC:
1

Configure Zitadel

Set up your Zitadel environment variables:
VITE_ZITADEL_ISSUER_URL="https://manager.kappa4.com"
VITE_ZITADEL_CLIENT_ID="your-client-id"
VITE_ZITADEL_REDIRECT_URI="http://localhost:8080/auth/callback"
2

Create OIDC application in Zitadel

  1. Log in to your Zitadel instance at manager.kappa4.com
  2. Create a new OIDC application
  3. Configure the redirect URI to match VITE_ZITADEL_REDIRECT_URI
  4. Copy the client ID
3

Enable SSO in Nexus Access Vault

The SSO button will automatically appear on the login page when Zitadel is configured:
{availableConfigs.length > 0 && (
  <Button onClick={() => initiateSSO(config.id)}>
    <Shield className="h-4 w-4 text-primary" />
    Corporativo SSO ({config.name})
  </Button>
)}

Authentication Flow

The authentication process follows this flow:

Session Management

Nexus Access Vault maintains user sessions with:
  • Automatic session refresh - Tokens are refreshed automatically
  • Persistent sessions - Sessions persist across browser restarts
  • Secure storage - Tokens stored in secure HTTP-only cookies

Check Authentication Status

import { useAuth } from '@/components/AuthProvider';

function MyComponent() {
  const { user, profile, loading } = useAuth();

  if (loading) return <Spinner />;
  if (!user) return <LoginPrompt />;

  return <div>Welcome, {profile.full_name}!</div>;
}

Password Reset

To reset a forgotten password:
1

Request password reset

Click “Forgot password?” on the login page.
2

Check your email

You’ll receive a password reset link from Supabase.
3

Set a new password

Follow the link and create a new password.

Multi-Factor Authentication

MFA support is planned for a future release. Track progress on our roadmap.

Security Best Practices

Create passwords with at least 12 characters including uppercase, lowercase, numbers, and symbols.
Always verify email addresses in production environments via Supabase settings.
Set appropriate session timeouts in Supabase Auth settings (default: 1 week).
Leverage Zitadel SSO for centralized authentication and compliance.

Next Steps

Add Your First Application

Publish applications for your users to access

Enroll Devices

Set up secure device enrollment

Troubleshooting

Email Not Received

Check your spam folder and verify SMTP settings in Supabase.

SSO Button Not Showing

Verify Zitadel environment variables are set and the application is restarted.

Session Expired Error

Log out and log back in. Check your system clock is synchronized.

Build docs developers (and LLMs) love

Get started for freeTalk to us