External OTP Server

This guide explains the configuration method for performing the integration function between an external OTP server and Genian NAC, a network access control system.

Overview

This integration is for 2-Factor authentication for administrator accounts. To perform a more secure login process for Genian NAC administrator accounts, this integration allows for 2-Factor authentication. After logging into the Genian NAC administrator page with a Genian NAC administrator account using ID/PW, the administrator performs additional authentication through integration with an external OTP server.

The integration configuration involves Genian NAC handling authentication, and through API calls, it requests the OTP server to issue an OTP (One Time Password) to the administrator's mobile device. When the issued OTP information is confirmed and the administrator attempts to log in, it requests verification of the entered OTP information from the OTP server, and 2-Factor authentication is performed based on the result.

Purpose of Integration

The integration of Genian NAC and OTP server provides the following effects:

Provision of 2-Factor Authentication Environment for Administrator Login Security
  • Through the integration of the OTP server and Genian NAC, administrators can configure a 2-Factor environment by adding 2-step authentication (OTP) when logging into the Genian NAC administrator page.
  • 2-step authentication using OTP helps prepare for threats such as password theft and account hijacking.

Genian NAC Configuration for Integration

The Genian NAC configuration covered in this process introduces only the minimum required parts for integration with the OTP server.

Step 1: Enable 2-Step Authentication Feature for Integration
  1. In the Genian NAC Web Console, go to Settings > Preferences > Admin Console menu
  2. In the Authentication > 2-Step Authentication Feature Activation item, check the OTP Authentication Server checkbox
  3. Click the Modify button at the bottom
Step 2: Configure OTP Server for Integration
  1. In the Genian NAC Web Console, go to Settings > User Authentication > Authentication Integration menu
  2. In the OTP Authentication Server item, add an OTP server
  3. Configure OTP Code Generation URL and OTP Code Verification URL
Configuration Item Setting Value Notes
Name XXXXXX Enter a unique name for the OTP server
URL http(s)://host Enter the address of the OTP server
Header Key:Value Enter Key:Value to include in HTTP header when requesting OTP server
Method GET or POST Select HTTP request method
POST Data POST Data Enter data if request method is POST
Data Transfer Type XXXX Select data format if request method is POST
Result Verification Regex XXXX Enter regular expression to verify if response result is success
Result Message Regex XXXX Enter regular expression to verify failure message in response result
Result Message Character Set UTF-8 Encoding format of response result message
  1. Click the Account to which 2-step authentication will be applied (2-step authentication can only be set for accounts granted administrator role permission to access the Genian NAC administrator page.)
  2. Go to Basic Information > Login Settings > 2-Step Authentication item
  3. Select OTP Authentication Server from the select box
  4. Click the Modify button at the bottom

Through this process, Genian NAC and the OTP server are integrated, configuring the Genian NAC administrator page login to perform 2-Factor authentication (1st step: Genian NAC account (ID, PW) / 2nd step: OTP server).