User GuideIM C300/C300F/C300FLT/C400F/C400SRF/C400FLT

Verifying Users to Operate the Machine (User Authentication)

"User authentication" is a system to authenticate users and grant them privileges to use the machine. The machine requires entering an arbitrary text, the login user name, or the login password to authenticate a user.

Illustration of verifying users to operate the machine

User Authentication Method

There are four types of user authentication methods including Basic authentication that limits use of the machine and methods that use an authentication server in the network. Select a method depending on the usage condition or the number of users. You cannot use more than one authentication method at the same time.

User Authentication Method

Explanation

User Code authentication

Authentication is performed using an eight-digit user code.

When specifying User Code authentication, the machine prompts you to enter the user code to use the machine.

Multiple users can use the same user code.

You can activate User Code authentication without activating Administrator Authentication.

Basic authentication

Authentication is performed using the login user name and login password registered in the Address Book on the machine.

When specifying Basic authentication, the machine prompts you to enter the login information to use the machine.

Windows authentication

Authentication is performed using the account registered in the Active Directory of the Windows server.

When specifying Windows authentication, the machine prompts you to enter the login information to use the machine.

LDAP authentication

Authentication is performed using the user information registered in the LDAP server.

When specifying LDAP authentication, the machine prompts you to enter the login information to use the machine.

  • In Windows or LDAP authentication, the machine can authenticate you without registering your user information in the machine's Address Book manually, as the user information in the server is registered in the machine automatically.

  • In Windows or LDAP authentication, you can manage user information centrally in the server. You can also always use the address provided by the server as the sender (From) of e-mails sent from the machine. These features are useful to avoid data leakage by erroneous input of information or spoofing by an unauthorized user.

  • When switching the authentication method from User Code authentication to another method, the user code will be used as the login user name. In this case, the login password is not specified. To avoid unauthorized use, delete unnecessary user information and set up a password for the continuing users.

Note

  • If user authentication cannot be performed due to a problem with the machine or network, the machine administrator can disable user authentication temporarily in order to use the machine. Take this measure only during emergencies.

  • After the main power of the machine turns on, extended features may not appear in the list of user authentication items on the User Authentication Management screen. If this happens, wait a while, and then open the User Authentication Management screen again.

  • User authentication can also be activated via Web Image Monitor. For details, see Web Image Monitor Help.

Specifying User Code Authentication

Specify the functions to restrict with User Code authentication.

1Log in to the machine as the machine administrator on the control panel.

Logging in to the Machine as the Administrator

2On the Home screen, press [Settings].

Operation panel screen illustration

3On the Settings screen, press [System Settings].

Operation panel screen illustration

4Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].

5Select [User Code Authentication] from the list next to User Authentication Management.

Operation panel screen illustration

6From Functions to Restrict, select the functions to restrict against use.

  • Specify whether to perform User Code authentication for each function. For Copier Function and Printer Function, you can specify to perform User Code authentication for all Copier or Printer functions, or for the color print mode only.

  • When registering the user code of the printer driver automatically, select [PC Control] for Printer Function. Specify the user code registered in the Address Book to the printer driver.

  • When [PC Control] is selected, the user code specified in the printer driver is registered in the Address Book automatically and is excluded from the print volume use limitation. To limit the print volume use, select other than [PC Control] for Printer Function.

    Specifying Maximum Print Volume Use of Each User

    For Printer Job Authentication, specify the security level for print jobs using the printer driver.

    Executing a Print Job with Authentication Information Only

7Press [OK].

8Press [Home] (Operation panel screen illustration).

9When the confirmation dialog is displayed, press [OK], and then log out of the machine.

If registration of the user information is not completed, register the user in the Address Book and specify the user code.

Registering the User Code in the Address Book

Specifying Basic Authentication

Register the default values of the functions available to each user with Basic authentication.

1Log in to the machine as the machine administrator on the control panel.

Logging in to the Machine as the Administrator

2On the Home screen, press [Settings].

Operation panel screen illustration

3On the Settings screen, press [System Settings].

Operation panel screen illustration

4Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].

5Select [Basic Authentication] from the list next to User Authentication Management.

Operation panel screen illustration

6From Available Functions, select the functions available to the user.

  • Specify the functions available to the user for each function. For Copier Function and Printer Function, you can specify that the user can use all Copier or Printer functions, or the black-and-white or two-color print mode only.

  • For Printer Job Authentication, specify the security level for print jobs using the printer driver.

    Executing a Print Job with Authentication Information Only

7Press [OK].

8Press [Home] (Operation panel screen illustration).

9When the confirmation dialog is displayed, press [OK], and then log out of the machine.

If registration of the user information is not completed, register the user in the Address Book and specify the login information.

Registering a User in the Address Book and Specifying the Login Information

Note

  • The login user name and login password can be used to authenticate the user in the SMTP or LDAP server, or to authenticate shared folders.

  • Use a login user name other than "other", "admin", "supervisor", or "HIDE***". (Enter an optional character string in "***".) You cannot use these user names for authentication because they are already in use in the machine.

Specifying Windows Authentication

Register the Windows server information required for authentication with the Windows server.

Important

1Log in to the machine as the machine administrator on the control panel.

Logging in to the Machine as the Administrator

2On the Home screen, press [Settings].

Operation panel screen illustration

3On the Settings screen, press [System Settings].

Operation panel screen illustration

4Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].

5Select [Windows Authentication] from the list next to User Authentication Management.

Operation panel screen illustration

6Register the server for authentication and specify the usable functions.

  • Kerberos Authentication: To enable Kerberos authentication, select [On].

  • Domain Name: To disable Kerberos authentication, enter the domain name to authenticate.

  • Realm Name: To enable Kerberos authentication, select the realm name to authenticate.

  • Use Secure Connection (SSL): To encrypt communication signals, select [On].

  • Printer Job Authentication: Specify the security level for print jobs using the printer driver.

    Executing a Print Job with Authentication Information Only

  • Group: If global groups have been registered, you can specify usable functions for each global group. Press [* Not Programmed], and then enter the same name as the one registered in the server to specify the available functions.

    Users who are registered in multiple groups can use all functions available to those groups.

    A user who is not registered in any group can use the authority specified in [*Default Group]. By default, all functions are available to the Default Group members.

    For Available Functions, specify the functions available to each group. For Copier Function and Printer Function, you can specify whether the user can use all Copier or Printer functions, or the black-and-white or two-color print mode only.

7Press [OK].

8Press [Home] (Operation panel screen illustration).

9When the confirmation dialog is displayed, press [OK], and then log out of the machine.

Note

  • For the characters that can be used for login user names and passwords, see the section below:

  • Usable Characters for User Names and Passwords

  • When accessing the machine subsequently, you can use all the functions available to your group and to you as an individual user.

  • Users who are registered in multiple groups can use all functions available to those groups.

  • Under Windows authentication, you do not need to create a server certificate unless you want to automatically register user information such as user names using SSL.

Specifying LDAP Authentication

Register the LDAP server information required for authentication with the LDAP server.

Important

1Log in to the machine as the machine administrator on the control panel.

Logging in to the Machine as the Administrator

2On the Home screen, press [Settings].

Operation panel screen illustration

3On the Settings screen, press [System Settings].

Operation panel screen illustration

4Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].

5Select [LDAP Authentication] from the list next to User Authentication Management.

Operation panel screen illustration

6Select the server for authentication and specify the available functions.

  • LDAP Servers: Select the LDAP server to authenticate.

  • Login Name Attribute: Use this as a search criterion to obtain user information. Create a search filter based on the login name attribute, select a user, and then retrieve the user information from the LDAP server to transfer to the machine's Address Book.

    When separating multiple login attributes with a comma (,), the search will return hits by entering a login name for either or both attributes.

    Also, by entering two login names separated by an equal sign (=) (for example: cn=abcde, uid=xyz), the search will return hits only for a match of the attributes of both login names. This search function can be applied when "Cleartext authentication" is specified.

  • Unique Attribute: Specify this to match the user information in the LDAP server with that in the machine. A user whose unique attribute registered in the LDAP server matches that of a user registered in the machine is treated as the same user in the machine. Specify the attribute that is used for unique information in the server as the Unique Attribute. You can enter "cn" or "employeeNumber" to use as "serialNumber" or "uid" as long as it is unique.

  • Available Functions: Specify the functions available to the user for each function. For Copier Function and Printer Function, you can specify whether the user can use all Copier or Printer functions, or the black-and-white or two-color print mode only.

    For Printer Job Authentication, specify the security level for print jobs using the printer driver.

    Executing a Print Job with Authentication Information Only

7Press [OK].

8Press [Home] (Operation panel screen illustration).

9When the confirmation dialog is displayed, press [OK], and then log out of the machine.

Note

  • For the characters that can be used for login user names and passwords, see the section below:

  • Adding Administrators or Changing the Privileges

  • In LDAP simple authentication mode, authentication will fail if the password is left blank. To use blank passwords, contact your service representative.