INItech INISAFE Nexess
This guide provides the configuration method for performing the integration function between INItech's INISAFE Nexess, an integrated authentication security platform (SSO), and Genian NAC, a network access control system.
Overview
Before integration between Genian NAC and INISAFE Nexess products, users experienced inconvenience performing separate user authentication for each product. However, after integration, SSO is implemented between the two products, so when a user performs user authentication for INISAFE Nexess, user authentication is automatically processed in Genian NAC.
The Genian NAC agent is configured to apply authentication replacement for INISAFE Nexess. For user authentication, the Genian NAC agent checks the user authentication status with the INISAFE Nexess server via the INISAFE Nexess agent, allowing network utilization in a normal authenticated state. Through this process, users are provided the convenience of performing the login process for both products with just one login.
Recommended Versions
| Product Name (Component) | Version | Notes |
|---|---|---|
| Genian NAC (Policy Server) | V5.0 or higher | Release version after 2019.03 |
| Genian NAC (Agent) | V5.0 or higher | Release version after 2019.06 |
| INISAFE Nexess | V4.0 or higher | Release version after 2019.06 |
Purpose of Integration
The integration of Genian NAC and INItech INISAFE Nexess provides the following effects: SSO Environment Provision
- The user first proceeds with user authentication in INISAFE Nexess, and Genian NAC user authentication is automatically performed through Genian NAC agent plugin integration.
Genian NAC replaces user authentication in Genian NAC based on INISAFE Nexess's user authentication status, thereby configuring an SSO environment. Automatic Connection to Network Blocking Reason and Guide Page for Unauthenticated INISAFE Nexess Users
- Genian NAC informs unauthenticated INISAFE Nexess users of the reason for network blocking and provides a guide page on how to take action for normal network usage.
Prerequisites
- Prepare Genian NAC Agent Plugin for Integration
- Genian NAC utilizes a specially developed Genian NAC agent plugin for implementing user authentication integration to achieve SSO with INISAFE Nexess. The plugin information is as follows:
| Genian NAC Agent Plugin File Name | Notes |
|---|---|
| NAC-C_NexessSSO-R-89872-1.1.8.gpf (detailed version may vary) | Genian NAC Agent V5.0 or higher (Release version after 2019.06) |
- Issuing License Key and Confirming Integration Library for INISAFE Nexess Authentication Information API Calls
- The following two items are utilized when configuring Genian NAC Configuration for Integration > Step 2: Agent Plugin Configuration > No. 3 item.
- License Key for using INISAFE Nexess SSO Integration Library
- When integrating Genian NAC with user authentication, please proceed after obtaining a separately provided license key from INISAFE Nexess for calling INISAFE Nexess authentication information API.
- Confirm Integration Library used by each institution
- INISAFE Nexess provides the library used for integration by default, so it does not need to be uploaded separately to Genian NAC. However, if the environment or Advanced differ for each institution, please proceed after receiving the integration DLL file separately provided by INISAFE Nexess.
(Distributed as NCApi.dll or similar form)
Genian NAC Configuration for Integration
This section covers only the minimum necessary Genian NAC settings for integration with INISAFE Nexess. Perform this operation only once; it will be automatically applied thereafter.
- Step 1: Upload Agent Plugin for Integration
- In Genian NAC Web Console, go to System > Update > Genian Software > Agent Plugin menu
- Click Tasks > Upload Plugins > Select File button to select NAC-C_NexessSSO-R-89872-1.1.8.gpf plugin to upload
- Click Upload button
- Step 2: Agent Plugin Configuration
- In Genian NAC Web Console, go to Policy > Node Policy > Agent Action menu
- Click Nexess Alternative Authentication plugin
- In Action Execution Settings, enter setting values as follows
Configuration Item Setting Value Notes License Key TEST-LICENSEKEY Enter the key provided by each institution for using the authentication integration library Integration DLL Upload Click Upload button and upload NCApi.dllfileOnly .dll extension files can be uploaded (upload only when using a separate dll) Integration Scope Select from Login,Login/LogoutLogin/Logoutoption means after login, Genian NAC continuously verifies authentication status with Nexess. If logged out from Nexess, it processes logoutLoginoption means after the initial SSO login, it does not further share login information with Nexess and follows Genian NAC's authentication renewal cycle- Step 3: Configure Node Policy for Integration Function Application
Through the following process, using Genian NAC's agent plugin, after confirming normal communication for authentication between the user PC and the server and verifying user authentication status, create a policy to allow network access.
- In Genian NAC Web Console, go to Policy > Node Policy menu
- Click the Node Policy containing the node group (e.g., all nodes) to which user authentication integration will be applied (if applying to a specific group only, create and use a separate node group)
- Go to Advanced > Authentication Policy > Single Sign-On Method and select External API from the select box
- Go to Agent Action at the bottom and click Assign button
- Move Nexess Alternative Authentication node action to the right and click Add button
- Click Update button at the bottom
- Click Apply Change Policy button at the top right to apply policy