REST API Server

Genian NAC can use a REST API Server as a source of user and organization information.

Through REST API Server synchronization, user accounts can be created locally for management or policy use.

REST API Server requests are made using the HTTP GET method, and the response data format must be JSON Object.

For user information, Slack can retrieve it via the users.list API. The Method URL is https://slack.com/api/users.list, and requests support GET and POST methods.

NAC provides REST API information through Swagger. Refer to Reference - API Utility Tool: Swagger.

Detailed information on the REST API can be found in the API Guide.

Connecting and Testing

To perform a connection test, the following default values must be entered:

Item	Setting Value	Description
REST API Server	Server Address	Enter the server IP to call the REST API.
	Page Parameter Name	Configure the page parameter name to process multiple output values.
	Page Start Number	Set the page start number.
	Page Size Parameter Name	Configure the parameter name that specifies the number of items to display per page.
	Page Size	Set the number of items to display per page.
	Data Source Identifier	Set when using multiple synchronization servers.

Note

If the connection test is not successful, please first confirm normal communication between the Policy Server and the Synchronization Server.

Configuring Synchronization

1. Go to Preferences in the top menu.
2. In the left settings menu, go to User Authentication > Data Synchronization.
3. Click Select Tasks > Create.

General options

1. ID: Enter a unique name.
2. Update Interval: Select a specified time or periodic interval for synchronization.
3. Policy Application Status: Select Apply to reflect changes after synchronization. If there are multiple synchronization settings, you can set to Do not apply and use only the last synchronization.

Database options

• For DB Type, select REST API Server and enter the server address in use.

  • Example) For Slack, https://slack.com; for NAC, https://(Policy Server IP):8443

• Paging is not supported, so do not enter paging-related settings.

1. DB Type: REST API Server
2. Server Address: Enter the address of the REST API Server.
3. Page Parameter Name: If retrieving information via server-side paging, enter the parameter name that signifies the page number.
4. Page Start Number: If retrieving information via server-side paging, enter the page start number.
5. Page Size Parameter Name: If retrieving information via server-side paging, enter the parameter name that signifies the number of data items per page.
6. Page Size: If retrieving information via server-side paging, enter the number of data items per page.
7. Data Source Identifier: The data source identifier is a value for identifying the origin of synchronized user information.

User Information options

• When entering the user information source, if using API Key for mutual authentication, enter /api/users.list?token=<API Token>. If using API Service Account, enter /api/users.list only. For more details, refer to Mutual Authentication Method for API Utilization.

• For column names, enter the path to extract values from the JSON Object. Paths are separated by periods (.).

  • Example) If JSON Response is [ { "id": "..", "name": ".." }, { "id": "..", "name": ".." } ], enter id for ID Column Name and name for Name Column Name.
  • Example) If JSON Response is { "users": { "members" : [ { "id": "..", "name": ".." }, { "id": "..", "name": ".." } ] } }, enter users.members.id for ID Column Name and users.members.name for Name Column Name.

1. User Information Source: Enter URI information for user Data Synchronization. The entered URI setting is added as a path name after the server address (e.g., if /api/users.list is entered, https://slack.com/api/users.list is called).
2. User Condition Statement: Not used.
3. User ID Column Name: Enter the path of the user ID value in the JSON Object (e.g., users.id).
4. User Name Column Name: Enter the path of the name value in the JSON Object (e.g., users.name).
5. Department ID Column Name: Enter the path of the department ID value in the JSON Object (e.g., users.department_id).
6. For other additional information, enter the path of the value in the JSON Object.

Attention

Other options for department, job title, node, and device lifecycle information can be configured and used in the same way as the user information options.