.. _sso-rathontech-rathon: Rathontech Rathon-SSO ================================================= This guide provides the configuration method for performing the integration function between Rathontech's Rathon-SSO, an integrated authentication security platform (SSO), and Genian NAC, a network access control system. Overview ------------------------------------------------- Before integration between Genian NAC and Rathon-SSO products, users experienced inconvenience performing separate user authentication for each product. However, **after integration, SSO is implemented between the two products, so when a user performs user authentication for Rathon-SSO, user authentication is automatically processed in Genian NAC.** The Genian NAC agent is configured to apply authentication replacement for Rathon-SSO. For user authentication, the Genian NAC agent checks the user authentication status with the Rathon-SSO server via the Rathon-SSO agent, allowing network utilization in a normal authenticated state. Through this process, users are provided the convenience of performing the login process for both products with just one login. **Recommended Versions** .. csv-table:: :header: "Product Name (Component)", "Version", "Notes" :widths: 30 30 40 "Genian NAC (Policy Server)", "V5.0 or higher", "Release version after 2019.03" "Genian NAC (Agent)", "V5.0 or higher", "Release version after 2019.10" "Rathon-SSO", "V3.2 or higher", "Release version after 2019.10" Purpose of Integration ------------------------------------------------- The integration of Genian NAC and Rathontech Rathon-SSO provides the following effects. **SSO Environment Provision** - The user first proceeds with user authentication in Rathon-SSO, and Genian NAC user authentication is automatically performed through Genian NAC agent plugin integration. Genian NAC replaces user authentication in Genian NAC based on Rathon-SSO's user authentication status, thereby configuring an SSO environment. **Automatic Connection to Network Blocking Reason and Guide Page for Unauthenticated Rathon-SSO Users** - Genian NAC informs unauthenticated Rathon-SSO users of the reason for network blocking and provides a guide page on how to take action for normal network usage. Prerequisites ------------------------------------------------- **Prepare Genian NAC Agent Plugin for Integration** Genian NAC utilizes a specially developed Genian NAC agent plugin for implementing user authentication integration to achieve SSO with Rathon-SSO. The plugin information is as follows: .. csv-table:: :header: "Genian NAC Agent Plugin File Name", "Notes" :widths: 50 50 "NAC-C_RathonSSO-R-89872-1.1.8.gpf (detailed version may vary)", "Genian NAC Agent V5.0 or higher (Release version after 2019.10)" Genian NAC Configuration for Integration ------------------------------------------------- This section covers only the minimum necessary Genian NAC settings for integration with Rathon-SSO. Perform this operation only once; it will be automatically applied thereafter. **Step 1: Upload Agent Plugin for Integration** 1) In Genian NAC Web Console, go to **System > Update > Genian Software > Agent Plugin** menu 2) Click **Tasks > Upload Plugins > Select File** button to select **NAC-C_RathonSSO-R-89872-1.1.8.gpf** plugin to upload. 3) Click **Upload** button. **Step 2: Agent Plugin Configuration** 1) In Genian NAC Web Console, go to **Policy > Node Policy > Agent Action** menu. 2) Click **Rathon Alternative Authentication** plugin to confirm. .. note:: - The Rathon Alternative Authentication plugin requires no separate settings. - While the integration library path and file name for Rathon-SSO use mutually agreed default values, if they have been changed, please contact the Rathon-SSO administrator and Genian NAC administrator. **Step 3: Configure Node Policy for Integration Function Application** Through the following process, using Genian NAC's agent plugin, after confirming normal communication for authentication between the user PC and the server and verifying user authentication status, create a policy to allow network access. 1) In Genian NAC Web Console, go to **Policy > Node Policy** menu 2) Click the **Node Policy** containing the **node group** (e.g., all nodes) to which user authentication integration will be applied (if applying to a specific group only, create and use a separate node group) 3) Go to **Advanced > Authentication Policy > Single Sign-On Method** and select **External API** from the select box 4) Go to **Agent Action** at the bottom and click **Assign** button 5) Move **Rathon Alternative Authentication** node action to the right and click **Add** button 6) Click **Update** button at the bottom 7) Click **Apply Change Policy** button at the top right to apply policy