KSign KSignAccess
This guide provides the configuration method for performing the integration function between KSignAccess from KSign, an integrated authentication security platform (SSO), and Genian NAC, a network access control system.
Overview
Before integration between Genian NAC and KSignAccess products, users experienced inconvenience performing separate user authentication for each product. However, after integration, SSO is implemented between the two products, so when a user performs user authentication for KSignAccess, user authentication is automatically processed in Genian NAC.
Genian NAC agent plugin is configured to decrypt encrypted authentication token values on the user's PC using a separate program provided by KSign. After verifying user authentication status, it allows network utilization in a normal authenticated state.
Through this process, users are provided the convenience of performing the login process for both products with just one login.
Recommended Versions
| Product Name (Component) | Version | Notes |
|---|---|---|
| Genian NAC (Policy Server) | V5.0 or higher | Release version after 2019.03 |
| Genian NAC (Agent) | V5.0 or higher | Release version after 2020.07 |
| KSignAccess | V4.0 or higher | Release version after 2020.06 |
Purpose of Integration
The integration of Genian NAC and KSign KSignAccess provides the following effects.
- SSO Environment Provision
- The user first proceeds with user authentication in KSignAccess, and Genian NAC user authentication is automatically performed through Genian NAC agent plugin integration. Genian NAC replaces user authentication in Genian NAC based on KSignAccess's user authentication status, thereby configuring an SSO environment.
- Automatic Connection to Network Blocking Reason and Guide Page for Unauthenticated KSignAccess Users
- Genian NAC informs unauthenticated KSignAccess users of the reason for network blocking and provides a guide page on how to take action for normal network usage.
Prerequisites
- Prepare Genian NAC Agent Plugin for Integration
Genian NAC utilizes a specially developed Genian NAC agent plugin for implementing user authentication integration to achieve SSO with KSignAccess. The plugin information is as follows:
Genian NAC Agent Plugin File Name Notes NAC-C_KsignSSO-R-89872-1.1.8.gpf (detailed version may vary) Genian NAC Agent V5.0 or higher (Release version after 2020.07)
Genian NAC Configuration for Integration
This section covers only the minimum necessary Genian NAC settings for integration with KSignAccess. Perform this operation only once; it will be automatically applied thereafter.
- Step 1: Upload Agent Plugin for Integration
- In Genian NAC Web Console, go to System > Update > Genian Software > Agent Plugin menu
- Click Tasks > Upload Plugins > Select File button to select NAC-C_KsignSSO-R-89872-1.1.8.gpf plugin to upload.
- Click Upload button.
- Step 2: Agent Plugin Configuration
- In Genian NAC Web Console, go to Policy > Node Policy > Agent Action menu.
- Click KSign Alternative Authentication plugin.
- In Action Execution Settings, enter setting values as follows:
Configuration Item Setting Value Notes Integration Scope Select from Login,Login/LogoutLogin/Logoutoption means after login, Genian NAC continuously verifies authentication status with KSignAccess. If logged out from KSignAccess, it processes logoutLoginoption means after the initial SSO login, it does not further share login information with KSignAccess and follows Genian NAC's authentication renewal cycle- Step 3: Configure Node Policy for Integration Function Application
Through the following process, using Genian NAC's agent plugin, user PC and server authentication for normal communication confirmation and user authentication confirmation, create a policy to allow network access.
- In Genian NAC Web Console, go to Policy > Node Policy menu
- Click the Node Policy containing the node group (e.g., all nodes) to which user authentication integration will be applied (if applying to a specific group only, create and use a separate node group)
- Go to Advanced > Authentication Policy > Single Sign-On Method and select External API from the select box
- Go to Agent Action at the bottom and click Assign button
- Move KSign Alternative Authentication node action to the right and click Add button
- Click Update button at the bottom
- Click Apply Change Policy button at the top right to apply policy