REST API Server
Genian NAC can use a REST API Server as a source of user and organization information.
Through REST API Server synchronization, user accounts can be created locally for management or policy use.
REST API Server requests are made using the HTTP GET method, and the response data format must be JSON Object.
For user information, Slack can retrieve it via the users.list API. The Method URL is https://slack.com/api/users.list, and requests support GET and POST methods.
NAC provides REST API information through Swagger. Refer to Reference - API Utility Tool: Swagger.
Detailed information on the REST API can be found in the API Guide.
Connecting and Testing
To perform a connection test, the following default values must be entered:
| Item | Setting Value | Description |
|---|---|---|
| REST API Server | Server Address | Enter the server IP to call the REST API. |
| Page Parameter Name | Configure the page parameter name to process multiple output values. |
|
| Page Start Number | Set the page start number. | |
| Page Size Parameter Name | Configure the parameter name that specifies the number of items to display per page. |
|
| Page Size | Set the number of items to display per page. | |
| Data Source Identifier | Set when using multiple synchronization servers. |
Note
If the connection test is not successful, please first confirm normal communication between the Policy Server and the Synchronization Server.
Configuring Synchronization
- Go to Preferences in the top menu.
- In the left settings menu, go to User Authentication > Data Synchronization.
- Click Select Tasks > Create.
General options
ID : Enter a unique name.
Update Interval : Select a specified time or periodic interval for synchronization.
Policy Apply : select
Enabledfor applying change after Synchronization. If there are several synchronization settings, you can set it to Disabled and enable only the last one.Environment : Input is not required for basic synchronization tasks. However, it is used when defining variable values to be commonly referenced within a separate custom shell script executed for integration with external systems.
Warning
Configuration Caution: Incorrect environment variable declarations can lead to malfunctions in the integration script or system errors. Before configuration, please ensure that the variables are correctly processed within the script.
Usage Scenario: Log Level Control Used when you want to control simple operation options such as Log Level or Retry Count during external script execution.
export LOG_LEVEL='ERROR'
Query : Enter the SQL query to be executed immediately after information synchronization is complete. This is used when secondary processing is required based on specific conditions using the synchronized information.
Warning
Risk of Data Loss: This feature directly affects the database. In particular, the use of
UPDATEorDELETEstatements may result in irreversible data loss.Usage Scenario: Account Lock Processing based on Employment Status Used when you want to automatically disable the NAC account of resigned (or on-leave) employees according to the 'Employment Status' code after information synchronization.
Prerequisites 1. Create a field to manage employment status (e.g., USER_CUSTOM08) in [Settings] > [Property Management] > [Custom Fields] > [User Custom Fields]. 2. Assign the user custom field created in step 1 to [Additional Info] under [User Information] in [Information Synchronization].
Writing Example If the value of USER_CUSTOM08 is '001' (Resigned/On-leave, etc.), update USER_STATUS to '0' (Disabled).
UPDATE USER SET USER_STATUS = 0 WHERE USER_CUSTOM08 = '001';
Database options
For DB Type, select REST API Server and enter the server address in use.
- Example) For Slack, https://slack.com; for NAC, https://(Policy Server IP):8443
Paging is not supported, so do not enter paging-related settings.
- DB Type:
REST API Server - Server Address: Enter the address of the REST API Server.
- Page Parameter Name: If retrieving information via server-side paging, enter the parameter name that signifies the page number.
- Page Start Number: If retrieving information via server-side paging, enter the page start number.
- Page Size Parameter Name: If retrieving information via server-side paging, enter the parameter name that signifies the number of data items per page.
- Page Size: If retrieving information via server-side paging, enter the number of data items per page.
- Data Source Identifier: The data source identifier is a value for identifying the origin of synchronized user information.
User Information options
When entering the user information source, if using API Key for mutual authentication, enter /api/users.list?token=<API Token>. If using API Service Account, enter /api/users.list only. For more details, refer to Mutual Authentication Method for API Utilization.
For column names, enter the path to extract values from the JSON Object. Paths are separated by periods (.).
- Example) If JSON Response is [ { "id": "..", "name": ".." }, { "id": "..", "name": ".." } ], enter id for ID Column Name and name for Name Column Name.
- Example) If JSON Response is { "users": { "members" : [ { "id": "..", "name": ".." }, { "id": "..", "name": ".." } ] } }, enter users.members.id for ID Column Name and users.members.name for Name Column Name.
- User Information Source: Enter URI information for user Data Synchronization. The entered URI setting is added as a path name after the server address (e.g., if /api/users.list is entered, https://slack.com/api/users.list is called).
- User Condition Statement: Not used.
- User ID Column Name: Enter the path of the user ID value in the JSON Object (e.g., users.id).
- User Name Column Name: Enter the path of the name value in the JSON Object (e.g., users.name).
- Department ID Column Name: Enter the path of the department ID value in the JSON Object (e.g., users.department_id).
- For other additional information, enter the path of the value in the JSON Object.
Attention
Other options for department, job title, node, and device lifecycle information can be configured and used in the same way as the user information options.