MarkAny SafePC
This guide provides the configuration method for performing the integration function between MarkAny's SafePC Enterprise (hereinafter referred to as SafePC), a DLP system, and Genian NAC, a network access control system.
Overview
Before integration between Genian NAC and SafePC products, users experienced inconvenience performing separate user authentication for each product. However, after integration, SSO is implemented between the two products, so when a user performs user authentication for SafePC, user authentication is automatically processed in Genian NAC.
The Genian NAC agent plugin is configured to utilize a library that calls SafePC's authentication information. When user authentication is performed on an endpoint with the SafePC agent installed, the library reads authentication information from the SafePC server and applies it to Genian NAC for alternative authentication. Through this process, authentication is performed without storing the user's authentication information on the user's PC, ensuring the security of the user account while providing the convenience of performing the login process for both products with just one login.
Recommended Versions
| Product Name (Component) | Version | Notes |
|---|---|---|
| Genian NAC (Policy Server) | V5.0 or higher | Release version after 2019.03 |
| Genian NAC (Agent) | V5.0 or higher | Release version after 2020.06 |
| SafePC Enterprise | V5.1 or higher | Release version after 2020.06 |
Purpose of Integration
The integration of Genian NAC and MarkAny SafePC provides the following effects: SSO Environment Provision
- The user first proceeds with user authentication in SafePC, and Genian NAC user authentication is automatically performed through Genian NAC agent plugin integration.
Genian NAC replaces user authentication in Genian NAC based on the user authentication status of the SafePC agent, thereby configuring an SSO environment. Automatic Connection to Network Blocking Reason and Guide Page for Unauthenticated SafePC Users
- Genian NAC informs unauthenticated SafePC users of the reason for network blocking and provides a guide page on how to take action for normal network usage.
Prerequisites
- Prepare Genian NAC Agent Plugin for Integration
- Genian NAC utilizes a specially developed Genian NAC agent plugin for implementing user authentication integration to achieve SSO with SafePC. The plugin information is as follows:
| Genian NAC Agent Plugin File Name | Notes |
|---|---|
| NAC-C_SafePCSSO-R-89872-1.1.8.gpf (detailed version may vary) | Genian NAC Agent V5.0 or higher (Release version after 2020.06) |
- Confirm SafePC's Library Path and File Name for Calling Authentication Information
- When integrating with SafePC, Genian NAC utilizes SafePC's library for calling authentication information to perform user authentication replacement.
The default path where SafePC's library is stored is C:\Windows\Nics\ and the file name is SUser.dll. Although SafePC's library path and file name are set by default in Genian NAC's specially developed agent plugin,
if they have been exceptionally changed by the customer, please confirm the path and file name, then proceed after changing the setting values in Genian NAC Configuration for Integration > Step 2: Agent Plugin Configuration > No. 3 item.
Genian NAC Configuration for Integration
This section covers only the minimum necessary Genian NAC settings for integration with SafePC. Perform this operation only once; it will be automatically applied thereafter.
- Step 1: Upload Agent Plugin for Integration
- In Genian NAC Web Console, go to System > Update > Genian Software > Agent Plugin menu
- Click Tasks > Upload Plugins > Select File button to select NAC-C_SafePCSSO-R-89872-1.1.8.gpf plugin to upload
- Click Upload button
- Step 2: Agent Plugin Configuration
- In Genian NAC Web Console, go to Policy > Node Policy > Agent Action menu
- Click SafePC Alternative Authentication plugin
- In Action Execution Settings, enter setting values as follows
Configuration Item Setting Value Notes Library Path Selectbox: %WinDir%/ Input value: \Nics\SUser.dllConfigure SafePC's library path and library file name Authentication Information Source Select from File,RegistrySelect target for extracting authentication information Apply Changed User Information Select from On,OffOnoption means after login, Genian NAC continuously verifies authentication information and status with SafePC. If authentication information changes in SafePC, it reflects the changed information to maintain Genian NAC's authentication status and processes logout in Genian NAC if logged out from SafePCOffoption means after the initial SSO login, it does not further share authentication information with SafePC and follows Genian NAC's authentication renewal cycle- Step 3: Configure Node Policy for Integration Function Application
Through the following process, using Genian NAC's agent plugin, after confirming normal communication for authentication between the user PC and the server and verifying user authentication status, create a policy to allow network access.
- In Genian NAC Web Console, go to Policy > Node Policy menu
- Click the Node Policy containing the node group (e.g., all nodes) to which user authentication integration will be applied (if applying to a specific group only, create and use a separate node group)
- Go to Advanced > Authentication Policy > Single Sign-On Method and select External API from the select box
- Go to Agent Action at the bottom and click Assign button
- Move SafePC Alternative Authentication node action to the right and click Add button
- Click Update button at the bottom
- Click Apply Change Policy button at the top right to apply policy