Verifying Users to Operate the Machine (User Authentication)
"User authentication" is a system to authenticate users and grant them privileges to use the machine. The machine requires entering an arbitrary text, the login user name, or the login password to authenticate a user.
User authentication prevents unauthorized users from operating the machine and is useful for managing and analyzing usage of the machine regarding the user, operation time, and frequency.
User Authentication Method
There are four types of user authentication methods including basic authentication that limits use of the machine and methods that use an authentication server in the network. Select a method depending on the usage condition or the number of users.
User Authentication Method | Explanation |
|---|---|
User Code authentication | Authentication is performed using an eight-digit user code. When specifying User Code authentication, the machine prompts you to enter the user code to use the machine. Multiple users can use the same user code. |
Basic authentication | Authentication is performed using the login user name and login password registered in the address book on the machine. When specifying Basic authentication, the machine prompts you to enter the login information to use the machine. |
Windows authentication | Authentication is performed using the account registered in the Active Directory of the Windows server. When specifying Windows authentication, the machine prompts you to enter the login information to use the machine. |
LDAP authentication | Authentication is performed using the user information registered in the LDAP server. When specifying LDAP authentication, the machine prompts you to enter the login information to use the machine. |
In Windows or LDAP authentication, the machine can authenticate you without registering your user information in the machine's address book manually, as the user information in the server is registered in the machine automatically.
In Windows or LDAP authentication, you can manage user information centrally in the server. You can also always use the address provided by the server as the sender (From) of e-mails sent from the machine. These features are useful to avoid data leakage by erroneous input of information or spoofing by an unauthorized user.
When switching the authentication method from User Code authentication to another method, the user code will be used as the login user name. In this case, the login password is not specified. To avoid unauthorized use, delete unnecessary user information and set up a password for the continuing users.
If user authentication cannot be performed due to a problem with the machine or network, the machine administrator can disable user authentication temporarily in order to use the machine. Take this measure only during emergencies.
Specifying User Code Authentication
Use Web Image Monitor and specify the functions to restrict.
Log in to the machine as the machine administrator from Web Image Monitor.
Click [Configuration] from the [Device Management] menu.
Click [User Authentication Management] in the "Device Settings" category.
Select [User Code] in "User Authentication Management".
Specify the functions to restrict.
Printer Job Authentication
Select the security level for print jobs using the printer driver.
Functions to Restrict
Specify whether to perform User Code authentication.
When registering the user code of the printer driver automatically, select [PC Control]. Specify the user code to the printer driver.
When [PC Control] is selected, the user code specified in the printer driver is registered in the address book automatically and is excluded from the print volume use limitation. To limit the print volume use, select [Black & White].
After completing the configuration, click [OK] and exit the Web browser.
If registration of the user information is not completed, register the user in the address book and specify the user code.
Specifying Basic Authentication
Use Web Image Monitor and register the default values of the functions available to each user.
Log in to the machine as the machine administrator from Web Image Monitor.
Click [Configuration] from the [Device Management] menu.
Click [User Authentication Management] in the "Device Settings" category.
Select [Basic Authentication] in "User Authentication Management".
Specify the security level and the usable functions.
Printer Job Authentication
Select the security level for print jobs using the printer driver.
Available Functions
Specify the functions available to the user.
After completing the configuration, click [OK] and exit the Web browser.
If registration of the user information is not completed, register the user in the address book and specify the login information.
The login user name and login password can be used to authenticate the user in the SMTP or LDAP server, or to authenticate shared folders.
Use a login user name other than "other", "admin", "supervisor", or "HIDE***". (Enter an optional character string in "***".) You cannot use these user names for authentication because they are already in use in the machine.
Specifying Windows Authentication
Use Web Image Monitor and register the information required for authentication in the Windows server.
In advance, check the use conditions in the Windows server, and install the Web server (IIS) and the Active Directory Certificate Service in the Windows server.
To use Kerberos Authentication in the server, register the realm in advance to determine the network area.
Log in to the machine as the machine administrator from Web Image Monitor.
Click [Configuration] from the [Device Management] menu.
Click [User Authentication Management] in the "Device Settings" category.
Select [Windows Authentication] in "User Authentication Management".
Specify the security level, the information required for authentication, and the usable functions.
Printer Job Authentication
Select the security level for print jobs using the printer driver.
SSL
To encrypt communication signals, click [On].
Kerberos Authentication
To enable Kerberos Authentication, click [On].
Domain Name
To disable Kerberos authentication, enter the domain name to authenticate.
Realm Name
To enable Kerberos authentication, select the realm name to authenticate.
Group Settings for Windows Authentication
If global groups have been registered, you can specify usable functions for each global group*. Enter the same name as the one registered in the server in "*Default Group" to specify the available functions.
Users who are registered in multiple groups can use all functions available to those groups.
A user who is not registered in any group can use the authority specified in "*Default Group". By default, all functions are available to the Default Group members.
Available Functions
Specify the functions available to each group.
After completing the configuration, click [OK] and exit the Web browser.
For the characters that can be used for login user names and passwords, see the section below:
When accessing the machine subsequently, you can use all the functions available to your group and to you as an individual user.
Users who are registered in multiple groups can use all functions available to those groups.
Under Windows Authentication, you do not need to create a server certificate unless you want to automatically register user information such as user names using SSL.
Specifying LDAP Authentication
Use Web Image Monitor and register the information required for authentication in the LDAP server.
In advance, check the use conditions in the LDAP server, and register the LDAP server in the machine.
Log in to the machine as the machine administrator from Web Image Monitor.
Click [Configuration] from the [Device Management] menu.
Click [User Authentication Management] in the "Device Settings" category.
Select [LDAP Authentication] in "User Authentication Management".
Specify the security level, the information required for authentication, and the usable functions.
Printer Job Authentication
Select the security level for print jobs using the printer driver.
LDAP Authentication
Select the LDAP server to authenticate.
Login Name Attribute
Use this as a search criterion to obtain user information. Create a search filter based on the login name attribute, select a user, and then retrieve the user information from the LDAP server to transfer to the machine's address book.
When separating multiple login attributes with a comma (,), the search will return hits by entering a login name for either or both attributes.
Also, by entering two login names separated by an equal sign (=) (for example: cn=abcde, uid=xyz), the search will return hits only for a match of the attributes of both login names. This search function can be applied when Cleartext authentication is specified.
Unique Attribute
Specify this to match the user information in the LDAP server with that in the machine. A user whose unique attribute registered in the LDAP server matches that of a user registered in the machine is treated as the same user in the machine. Specify the attribute that is used for unique information in the server as the Unique Attribute. You can enter "cn" or "employeeNumber" to use as "serialNumber" or "uid" as long as it is unique.
Available Functions
Specify the functions available to the user.
After completing the configuration, click [OK] and exit the Web browser.
For the characters that can be used for login user names and passwords, see the section below:
In LDAP simple authentication mode, authentication will fail if the password is left blank. To use blank passwords, contact your service representative.