Verifying Users to Operate the Machine (User Authentication)
"User authentication" is a system to authenticate users and grant them privileges to use the machine. The machine requires entering an arbitrary text, the login user name, or the login password to authenticate a user.
User authentication prevents unauthorized users from operating the machine and is useful for managing and analyzing usage of the machine regarding the user, operation time, and frequency.
You can use the IC card or smart device instead of entering your authentication information on the control panel for user authentication.
Logging in to the Machine Using an IC Card or a Smart Device
User Authentication Method
There are four types of user authentication methods including Basic authentication that limits use of the machine and methods that use an authentication server in the network. Select a method depending on the usage condition or the number of users. You cannot use more than one authentication method at the same time.
User Authentication Method | Explanation |
---|---|
User Code authentication | Authentication is performed using an eight-digit user code. When specifying User Code authentication, the machine prompts you to enter the user code to use the machine. Multiple users can use the same user code. You can activate User Code authentication without activating Administrator Authentication. |
Basic authentication | Authentication is performed using the login user name and login password registered in the Address Book on the machine. When specifying Basic authentication, the machine prompts you to enter the login information to use the machine. |
Windows authentication | Authentication is performed using the account registered in the Active Directory of the Windows server. When specifying Windows authentication, the machine prompts you to enter the login information to use the machine. |
LDAP authentication | Authentication is performed using the user information registered in the LDAP server. When specifying LDAP authentication, the machine prompts you to enter the login information to use the machine. |
In Windows or LDAP authentication, the machine can authenticate you without registering your user information in the machine's Address Book manually, as the user information in the server is registered in the machine automatically.
In Windows or LDAP authentication, you can manage user information centrally in the server. You can also always use the address provided by the server as the sender (From) of e-mails sent from the machine. These features are useful to avoid data leakage by erroneous input of information or spoofing by an unauthorized user.
When switching the authentication method from User Code authentication to another method, the user code will be used as the login user name. In this case, the login password is not specified. To avoid unauthorized use, delete unnecessary user information and set up a password for the continuing users.
If user authentication cannot be performed due to a problem with the machine or network, the machine administrator can disable user authentication temporarily in order to use the machine. Take this measure only during emergencies.
After the main power of the machine turns on, extended features may not appear in the list of user authentication items on the User Authentication Management screen. If this happens, wait a while, and then open the User Authentication Management screen again.
User authentication can also be activated via Web Image Monitor. For details, see Web Image Monitor Help.
Specifying User Code Authentication
Specify the functions to restrict with User Code authentication.
Log in to the machine as the machine administrator on the control panel.
On the Home screen, press [Settings].
On the Settings screen, press [System Settings].
Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].
Select [User Code Authentication] from the list next to User Authentication Management.
From Functions to Restrict, select the functions to restrict against use.
Specify whether to perform User Code authentication for each function. For Copier Function and Printer Function, you can specify to perform User Code authentication for all Copier or Printer functions, or for the color print mode only.
When registering the user code of the printer driver automatically, select [PC Control] for Printer Function. Specify the user code registered in the Address Book to the printer driver.
When [PC Control] is selected, the user code specified in the printer driver is registered in the Address Book automatically and is excluded from the print volume use limitation. To limit the print volume use, select other than [PC Control] for Printer Function.
Specifying Maximum Print Volume Use of Each User
For Printer Job Authentication, specify the security level for print jobs using the printer driver.
Press [OK].
Press [Home] ().
When the confirmation dialog is displayed, press [OK], and then log out of the machine.
If registration of the user information is not completed, register the user in the Address Book and specify the user code.
Specifying Basic Authentication
Register the default values of the functions available to each user with Basic authentication.
Log in to the machine as the machine administrator on the control panel.
On the Home screen, press [Settings].
On the Settings screen, press [System Settings].
Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].
Select [Basic Authentication] from the list next to User Authentication Management.
From Available Functions, select the functions available to the user.
Specify the functions available to the user for each function. For Copier Function and Printer Function, you can specify that the user can use all Copier or Printer functions, or the black-and-white or two-color print mode only.
For Printer Job Authentication, specify the security level for print jobs using the printer driver.
Press [OK].
Press [Home] ().
When the confirmation dialog is displayed, press [OK], and then log out of the machine.
If registration of the user information is not completed, register the user in the Address Book and specify the login information.
Registering a User in the Address Book and Specifying the Login Information
The login user name and login password can be used to authenticate the user in the SMTP or LDAP server, or to authenticate shared folders.
Use a login user name other than "other", "admin", "supervisor", or "HIDE***". (Enter an optional character string in "***".) You cannot use these user names for authentication because they are already in use in the machine.
Specifying Windows Authentication
Register the Windows server information required for authentication with the Windows server.
In advance, check the use conditions in the Windows server, and install the Web server (IIS) and the Active Directory Certificate Service in the Windows server.
To use Kerberos authentication in the server, register the realm in advance to determine the network area.
Log in to the machine as the machine administrator on the control panel.
On the Home screen, press [Settings].
On the Settings screen, press [System Settings].
Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].
Select [Windows Authentication] from the list next to User Authentication Management.
Register the server for authentication and specify the usable functions.
Kerberos Authentication: To enable Kerberos authentication, select [On].
Domain Name: To disable Kerberos authentication, enter the domain name to authenticate.
Realm Name: To enable Kerberos authentication, select the realm name to authenticate.
Use Secure Connection (SSL): To encrypt communication signals, select [On].
Printer Job Authentication: Specify the security level for print jobs using the printer driver.
Group: If global groups have been registered, you can specify usable functions for each global group. Press [* Not Programmed], and then enter the same name as the one registered in the server to specify the available functions.
Users who are registered in multiple groups can use all functions available to those groups.
A user who is not registered in any group can use the authority specified in [*Default Group]. By default, all functions are available to the Default Group members.
For Available Functions, specify the functions available to each group. For Copier Function and Printer Function, you can specify whether the user can use all Copier or Printer functions, or the black-and-white or two-color print mode only.
Press [OK].
Press [Home] ().
When the confirmation dialog is displayed, press [OK], and then log out of the machine.
For the characters that can be used for login user names and passwords, see the section below:
When accessing the machine subsequently, you can use all the functions available to your group and to you as an individual user.
Users who are registered in multiple groups can use all functions available to those groups.
Under Windows authentication, you do not need to create a server certificate unless you want to automatically register user information such as user names using SSL.
Specifying LDAP Authentication
Register the LDAP server information required for authentication with the LDAP server.
In advance, check the use conditions in the LDAP server, and register the LDAP server in the machine.
Log in to the machine as the machine administrator on the control panel.
On the Home screen, press [Settings].
On the Settings screen, press [System Settings].
Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].
Select [LDAP Authentication] from the list next to User Authentication Management.
Select the server for authentication and specify the available functions.
LDAP Servers: Select the LDAP server to authenticate.
Login Name Attribute: Use this as a search criterion to obtain user information. Create a search filter based on the login name attribute, select a user, and then retrieve the user information from the LDAP server to transfer to the machine's Address Book.
When separating multiple login attributes with a comma (,), the search will return hits by entering a login name for either or both attributes.
Also, by entering two login names separated by an equal sign (=) (for example: cn=abcde, uid=xyz), the search will return hits only for a match of the attributes of both login names. This search function can be applied when "Cleartext authentication" is specified.
Unique Attribute: Specify this to match the user information in the LDAP server with that in the machine. A user whose unique attribute registered in the LDAP server matches that of a user registered in the machine is treated as the same user in the machine. Specify the attribute that is used for unique information in the server as the Unique Attribute. You can enter "cn" or "employeeNumber" to use as "serialNumber" or "uid" as long as it is unique.
Available Functions: Specify the functions available to the user for each function. For Copier Function and Printer Function, you can specify whether the user can use all Copier or Printer functions, or the black-and-white or two-color print mode only.
For Printer Job Authentication, specify the security level for print jobs using the printer driver.
Press [OK].
Press [Home] ().
When the confirmation dialog is displayed, press [OK], and then log out of the machine.
For the characters that can be used for login user names and passwords, see the section below:
In LDAP simple authentication mode, authentication will fail if the password is left blank. To use blank passwords, contact your service representative.