HomeSearch by PurposeConfiguring User Authentication and Account Track

Search by Purpose

Configuring User Authentication and Account Track

Settings Anyone can Change

To change the password of the login user ([Change Password])

To display:
  • [Utility]
    • [User Settings]
      • [Change Password]

Change the password of the user who is logged in through user authentication.

To change the E-mail address of the login user ([Change E-Mail Address])

To display:
  • [Utility]
    • [User Settings]
      • [Change E-Mail Address]

Change the E-mail address of the user who is logged in through user authentication.

  • You can specify this option when you are allowed by the administrator to change the setting. When allowing a user to change this setting, change the setting value of [Administrator Security Levels] (default: [Prohibit]). For details, refer to Here.

To register finger vein or IC card information of the login user ([Register Authentication Information])

To display:
  • [Utility]
    • [User Settings]
      • [Register Authentication Information]

Register or delete the biometric authentication information, IC Card or NFC authentication information of the user who is logged in through user authentication.

Tap [Edit], then register authentication information. To delete authentication information, tap [Delete].

This option is available when the machine is equipped with the Authentication Unit and the following setting is permitted by the administrator.

  • [Administrator Settings] - [System Settings] - [Restrict User Access] - [Restrict Access to Job Settings] - [Biometric/IC Card Info. Registration]

  • [Administrator Settings] - [User Authentication/Account Track] - [User Authentication Settings] - [User Registration] - [Edit] - [Function Permission/Authority] - [Function Permission] - [Biometric/IC Card Info. Registration]

In order that the login user changes whether to synchronize the user authentication and account track ([Synchronize User Auth. and Account Track])

To display:
  • [Utility]
    • [User Settings]
      • [Synchronize User Auth. and Account Track]

When user authentication and account track are both employed, specify whether to synchronize user authentication and account track setting for the login user.

Settings

Description

[Synchronize]/[Do Not Synchronize]

Select whether to synchronize user authentication and account track setting.

If you select [Synchronize] and login by using the user name and password that are used for user authentication, you are also allowed to login to the account to which you belong.

[Account Name]

When you have selected [Synchronize], select the account to which you belong.

  • You can specify this option when you are allowed by the administrator to select whether to synchronize user authentication and account track setting.

To change the destination access rights of the login user ([Limiting Access to Destinations])

To display:
  • [Utility]
    • [One-Touch/User Box Registration]
      • [Limiting Access to Destinations]

Limit the access to destinations for each user.

Settings

Description

[Apply Levels/Groups to Destinations]

To limit access to a destination by users, assign a reference allowed level or reference allowed group to the destination.

After selecting a destination from [Address Book], [Group] or [Program], tap [Apply Level] or [Apply Group], then assign a reference allowed level or reference allowed group to the destination.

  • The Hard Disk is optional in some areas. To use this function, the optional Hard Disk is required.

  • You can specify [Apply Levels/Groups to Destinations] within the reference allowed level for the respective users. For details, contact your administrator.

  • To specify a reference allowed group, the administrator must register the group in advance. For details, contact your administrator.

  • How to configure the setting for limiting the access to destinations for each user is explained using Web Connection. For details, refer to Here.

Settings only the Administrators can Change

To configure the general settings for user authentication ([User Authentication])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [User Authentication]

Configure the general settings for user authentication.

Settings

Description

[Authenticate]/[OFF]

Specify whether to implement user authentication.

[OFF] is specified by default.

[Authentication Method]

Select a user authentication method.

[ON (MFP)]

The authentication function of this machine is used for user authentication. This authentication method only allows users registered on this machine to use it.

[ON (MFP)] is specified by default.

[External Server Authentication]

Interacts with the authentication server used for user authentication in the operating environment. This authentication method only allows users registered on the authentication server to use this machine.

Register the authentication server beforehand from [Administrator Settings] - [User Authentication/Account Track] - [External Server Settings].

[Main + External Server]

Select this option to enable login using the authentication function of the MFP in case a trouble occurs on the external authentication server.

[Enhanced Server Authentication]

Interacts with the enhanced server such as Authentication Manager. This authentication method only allows users registered on the enhanced server to use this machine.

[Main + Enhanced Server]

Select this option to enable login using the authentication function of the MFP in case a trouble occurs on the enhanced server such as Authentication Manager.

[Default Authentication Method]

Select your preferred authentication method if [Main + External Server] or [Main + Enhanced Server] is selected with [Authentication Method].

  • If [Authentication Method] is set to [Main + External Server], [External Server Authentication] is specified by default.

  • If [Authentication Method] is set to [Main + Enhanced Server], [Enhanced Server Authentication] is specified by default.

[Overwrite User Info]

Configure this option if [External Server Authentication] or [Main + External Server] is selected with [Authentication Method].

When the external server authentication is used, authenticated user information is also managed on this machine.

If the number of users who have executed the external server authentication reaches the maximum number of users this machine can manage, authentication of any new users will not be permitted. Select whether to allow the user to overwrite registered user information for that case.

If you select [Allow], the oldest authenticated user information is erased and the new user is registered.

If [Enhanced Server Authentication] or [Main + Enhanced Server] is selected with [Authentication Method], [Allow] is specified forcibly.

[Restrict] is specified by default.

[Temporarily Save Authentication Info.]

Select whether to temporarily save authentication information in the main unit against a case where an external authentication server shuts down. [OFF] is specified by default.

To temporarily save authentication information, specify the timing to reconnect to the authentication server and the validity period of the data to be saved temporarily.

  • [Reconnection Settings]: Specify the timing to reconnect to the authentication server. Selecting [Reconnect for every login] connects to the authentication server at the time authentication is carried out on this machine. If the authentication server is in the shutdown state at the time authentication is carried out on this machine, first confirm that the authentication server is down, and use the temporarily saved authentication information to log in to this machine. Selecting [Set Reconnect Interval] connects to the authentication server at the time specified in [Reconnection Time], and check the status of the authentication server. If the authentication server is in the shutdown state, use the authentication information temporarily saved in the main unit to log in. [Set Reconnect Interval] is specified by default.

  • [Expiration Date Settings]: Select whether to set the validity period to the temporarily saved authentication information. To set the validity period, enter the desired value. [Disable] is specified by default.

To permit use by unregistered users when installing user authentication ([Public User Access])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Public User Access]

Specify whether to permit users other than the registered in an environment where user authentication is employed. Any user who is going to use this machine without performing authentication operation is called a "public user".

When permitting public users to use this machine, select the login method. [Restrict] is specified by default.

Settings

Description

[Restrict]

Usage of this machine by public users is prohibited.

[ON (With Login)]

Permits that public users use this machine. When a public user uses this machine, tap [Public User Access] on the Login screen to log in to this machine.

[ON (Without Login)]

Permits that public users use this machine. A public user can use this machine without logging in to this machine.

Using this option eliminates the login operations, providing advantages in an environment with a large number of public users.

To display the login screen when using a function restricted for public users ([Prohibited Function Login Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Prohibited Function Login Setting]

Specify whether to request switching of the user by displaying the login screen when a public user attempts to use any restricted function.

For example, if color scan is restricted for public users, the Login screen appears when a public user attempts a color scan operation. In this case, the user can log in to this machine as another user for whom color scan is allowed, and use the color scan function.

[Do Not Request] (not request) is specified by default.

To configure whether to install account track ([Account Track])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Account Track]

Specify whether account tracking should be implemented to manage users by account.

[OFF] is specified by default.

To configure the general settings for account track ([Account Track Input Method])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Account Track Input Method]

When you have selected [ON] for [Account Track], select the account tracking method. [Account Name & Password] is specified by default.

Settings

Description

[Account Name & Password]

Enter the account name and password to log in. When cusing user authentication and account track in combination, the setting cannot be changed from [Account Name & Password].

[Password Only]

Enter only the password to log in.

To synchronize user authentication and account track when installing them ([Synchronize User Authentication & Account Track])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Synchronize User Authentication & Account Track]

When using user authentication and account track in conjunction, specify whether to synchronize user authentication and account track. [Synchronize] is specified by default.

Settings

Description

[Synchronize]

Select this option when users and accounts are in a one-on-one relation. When registering a user, just specify the department of a user, and login as the user also results in login as the associated account.

[Do Not Synchronize]

Select this option for users who join more than one account. To log in to this machine, users need to specify an account after entering the user name.

[Synchronize by User]

Have users select whether or not to synchronize user authentication and account track.

To specify whether to allow other users to print data when printing stopped because the number of print sheets exceeded the maximum number specified for the user ([When # of Jobs Reach Maximum])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [When # of Jobs Reach Maximum]

Sets the maximum number of sheets that each user can print. Here, select an operation if the number of sheets exceeds the maximum number of sheets that can be printed. [Skip Job] is specified by default.

Settings

Description

[Skip Job]

Stops the running job, and then starts the next job.

[Stop Job]

Stops all jobs.

[Delete Job]

Deletes the active job.

  • To restart a suspended job, reset the counter.

To specify the maximum number of users when installing user authentication and account track ([Number of Counters Assigned])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Number of Counters Assigned]

Counter management is carried out for each user or account track to install user authentication or account track. This machine provides 1,000 counter areas to carry out counter management. In this option, specify the number of counter areas to be assigned to each user.

[500] is specified by default.

  • If [Authentication Method] is set to [Main + External Server], a counter area can be assigned to temporarily save data when the enhanced server has shut down. Up to 1,000 counter areas can be assigned for users, account tracks, and the enhanced server in total.

  • The Hard Disk is optional in some areas. If the Hard Disk is not installed, up to 100 counter areas are available.

To change the time to hold the Kerberos authentication ticket at Active Directory authentication ([Ticket Hold Time Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Ticket Hold Time Setting]

Change the retention time for a Kerberos authentication ticket if Active Directory is used as an authentication server.

If [0] min. is specified, the Kerberos authentication ticket is discarded after authentication has been completed.

[5] min. is specified by default.

To verify the authentication ticket obtained from Active Directory on this machine when performing Active Directory authentication to log in to this machine ([Self-Verification Setting in AD Authentication])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Self-Verification Setting in AD Authentication]

Specify whether to verify authentication information (ticket) obtained from Active Directory on this machine when logging in to this machine while Active Directory is used as the authentication server.

Settings

Description

[ON]/[OFF]

Select whether to verify authentication information (ticket) obtained from Active Directory on this machine when logging in to this machine while Active Directory is used as the authentication server.

[OFF] is specified by default.

[Host Name]

Enter the host name of this machine (using up to 253 characters).

[Domain Name]

Enter the domain name of Active Directory (using up to 64 characters).

[Account Name]

Enter the administrator's account name of the Active Directory domain (using up to 64 characters).

[Password]

Enter the administrator's password of the Active Directory domain (using up to 64 characters).

[Timeout]

Change the time-out time of domain joining processing if necessary.

[30] sec. is specified by default.

  • If you change [Host Name] or [Domain Name] while Active Directory's single sign-on is enabled on this machine, [Utility] - [Administrator Settings] - [Network Settings] - [Single Sign-On Setting] - [Domain Login Setting] is changed to [OFF].

To check the status of a connection with the external authentication server ([Auth. Server Conn. status])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Auth. Server Conn. status]

Displays the status of the connection with the server used for external server authentication, quick authentication, and LDAP-IC card authentication.

  • [Connection Enabled]: Enables a connection of both the primary server and the secondary server. When the secondary server is not registered, it means that the machine can be connected to the primary server.

  • [Server Connection Restrictions]: Disables a connection with either server when the primary and secondary servers are registered.

  • [Connect. Not Allowed]: Disables a connection of both the primary server and the secondary server. When the secondary server is not registered, it means that the machine cannot be connected to the primary server.

  • If the primary server is not registered, this option is blank.

Tapping [Details] displays the connection status of each of the primary and secondary servers.

To specify whether NFC authentication is to be deployed ([Enable NFC])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Enable NFC]

Select whether to use NFC authentication.

Settings

Description

[ON]/[OFF]

Select whether to use NFC in order to establish a pairing with an Android terminal.

This setting is synchronized with [Utility] - [Administrator Settings] - [System Connection] - [Mobile Connection Settings] - [Simple Connection Setting] - [Enable NFC].

[OFF] is specified by default.

[NFC Authentication Setting]

Select whether to use NFC authentication.

[OFF] is specified by default.

To specify whether Bluetooth LE authentication is to be deployed ([Enable Bluetooth LE])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Enable Bluetooth LE]

Select whether to use Bluetooth LE authentication.

Settings

Description

[ON]/[OFF]

Select whether to use Bluetooth LE in order to establish a pairing with an iOS terminal.

This setting is synchronized with [Utility] - [Administrator Settings] - [System Connection] - [Mobile Connection Settings] - [Simple Connection Setting] - [Enable Bluetooth LE].

[OFF] is specified by default.

[Bluetooth LE Authentication Setting]

Select whether to use Bluetooth LE authentication.

[OFF] is specified by default.

  • The optional Local Interface Kit (voice guidance / Bluetooth LE compatible) is required to use this function. This setting must be configured in advance by your service representative. For details, contact your service representative.

To save the user’s DN information on the machine and realize high-speed authentication by the LDAP server ([External Server DN Cache])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [External Server DN Cache]

Select whether to save DN (Distinguished Name) information on the machine to speed up the LDAP server authentication.

If [ON] is selected, information related to the user’s DN is saved on the machine when authentication succeeds in the LDAP server. At the next authentication, a user search is performed using the saved information.

You can set this option by selecting [External Server Authentication] or [Main + External Server] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [User Authentication] - [Authentication Method].

[OFF] is specified by default.

To extend the number of users to be authenticated on this machine ([Extended User DB])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Extended User DB]

Select whether to extend the number of users to be authenticated on the machine using the advanced user database.

Using the advanced user database, the number of users to be authenticated is extended to a maximum of 50,000.

You can set this option by selecting [External Server Authentication] or [Main + External Server] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [User Authentication] - [Authentication Method].

[OFF] is specified by default.

  • The Hard Disk is optional in some areas. To use this function, the optional Hard Disk is required.

To perform IC card authentication via the LDAP server ([LDAP-IC Card Authentication Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [LDAP-IC Card Authentication Setting]

Configure settings for authentication by the LDAP server using the card ID registered on authentication cards in an environment with IC card-based user authentication implemented by connecting an Authentication Unit (IC card type).

You can set this option by selecting [External Server Authentication] or [Main + External Server] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [User Authentication] - [Authentication Method].

Settings

Description

[ON]/[OFF]

Specify whether to enable authentication by the LDAP server using the card ID registered on authentication cards.

To enable authentication, register the LDAP server. If you group two servers, you can switch to another server to perform authentication when a server shuts down. For details, refer to "Newly registering and editing authentication server" shown below.

[OFF] is specified by default.

Newly registering and editing authentication server

Settings

Description

[Server Name]

Enter the name of your authentication server group (using up to 32 characters).

Assign a name that helps you easily identify the authentication server group.

[1st Server Registration]

Register the primary server in the server group.

For details, refer to "Settings of [1st Server Registration]" shown below.

[2nd Server Setting]

Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server.

For details, refer to "Settings of [2nd Server Setting]" shown below.

[Round Robin function]

Select whether to alternately connect to the primary and secondary servers.

If you select [Enable], you can alternately connect the primary and secondary servers to distribute the server load.

[Disable] is specified by default.

[External Server Authentication]

Select the external authentication server group used to associate the LDAP-IC card authentication.

When LDAP-IC card authentication succeeds, user authentication information is registered on the machine to manage users on the machine. This authentication information includes the user name and external authentication server name. The external authentication server name selected here is registered on the machine together with the user name.

[Card Information Registration Settings]

When authentication is performed on the machine using an IC card not registered in the LDAP server, select whether to register the IC card in the LDAP server.

If [ON] is selected, configure the following settings.

  • [1st Server]: Tap [User Name Attribute], then specify the attribute such as "uid" that is to be searched as the user name.

  • [2nd Server]: Tap [Same as 1st Server] to use the same setting as for the primary server. To use a setting different from that of the primary server, tap [User Name Attribute], then specify the attribute that is to be searched as the user name.

  • [Sequential Server Card Registration]: Specify the server to register card information in. If you select [Primary Server for Card Registration], card information is registered in the server with authentication succeeded among the primary and secondary servers.

[OFF] is specified by default.

[Card Info. Character Type During Search]

Select the search string conversion method to search for the card ID via the LDAP server.

When the target card attribute information on the server is unified into upper and lower case letters, in some cases, you can convert the character type of the search string and subsequently reduce the search speed.

  • [Uppercase/Lowercase]: Converts the card ID into upper or lower case letters to carry out a search.

  • [Uppercase Letters]: Converts the card ID to uppercase letters to carry out a search.

  • [Lowercase Letters]: Converts the card ID to lowercase letters to carry out a search.

[Uppercase/Lowercase] is specified by default.

Settings of [1st Server Registration]

Settings

Description

[Setting Up LDAP]

Register the LDAP server to be used for authenticating the user ID of the IC card.

Tap [Check Connection] to try connecting to the LDAP server using the entered information and check if the information registered is correct.

Tap [Reset All Settings] to reset all the information entered.

[User Name Acquisition]

Select how to obtain the user name when logging in to this machine.

  • [Use Card ID]: Select this option when only IC card information is registered on the server. Uses the card ID in the IC card as the user name.

  • [Acquiring]: Select this option when user information other than IC card information is registered on the server. Uses the user name obtained from the server. Enter the attribute to be searched as the user name ("uid") at [User Name Attribute].

[Use Card ID] is specified by default.

[Timeout]

If necessary, change the time-out time to limit a communication with the LDAP server.

[60 sec.] is specified by default.

[Search Attribute]

Enter attributes for the place in which you have entered IC card information (using up to 64 characters).

The attribute must start with an alphabet character.

[uid] is specified by default.

[Search Directory Service]

If you select [Active Directory], you can limit a search target for authentication to users. However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory (Windows Server 2008 or later).

[Other] is specified by default.

[Server Address]

Enter the LDAP server address.

Use one of the following formats.

  • Example of host name entry: "host.example.com"

  • Example of IP address (IPv4) entry: "192.168.1.1"

  • Example of IP address (IPv6) entry: "fe80::220:6bff:fe10:2f16"

[Search Base 1] to [Search Base 3]

Specify the starting point to search for a user to be authenticated.

  • [Search Base]: Specify the starting point to search for a target (using up to 255 characters).
    Example of entry: "cn=users,dc=example,dc=com"

  • [Search Range]: Select a tree search range. [Full Tree] is specified by default.
    Selecting [Full Tree] makes a search, including the tree structure under the entered starting point. Selecting [Next hierarchy only] searches for only one level directly beneath the entered starting point. In this case, the level at the starting point is not included as a search target.

[SSL Setting]

Specify whether or not to use SSL for communication with the LDAP server.

[OFF] is specified by default.

[Port Number]

If necessary, change the LDAP server port number.

In normal circumstances, you can use the original port number.

[389] is specified by default.

[Port Number (SSL)]

If necessary, change the SSL communication port number.

In normal circumstances, you can use the original port number.

[636] is specified by default.

[Certificate Verification Level Settings]

To validate the certificate during SSL communication, select items to be verified.

  • [Expiration Date]: Confirm whether the certificate is within the validity period. [Confirm] is specified by default.

  • [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer. [Do Not Confirm] is specified by default.

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine. [Do Not Confirm] is specified by default.

  • [Expiration Date Confirmation]: Confirm whether the certificate has expired. [Do Not Confirm] is specified by default.

  • [CN]: Confirm whether CN (Common Name) of the certificate matches the server address. [Do Not Confirm] is specified by default.

[Authentication Type]

Select the authentication method to log in to the LDAP server.

Select one appropriate for the authentication method used for your LDAP server.

  • [Simple]

  • [Digest-MD5]

  • [GSS-SPNEGO]

  • [NTLM v1]

  • [NTLM v2]

[Simple] is specified by default.

[Referral Setting]

Select whether to use the referral function, if necessary.

Make an appropriate choice to fit the LDAP server environment.

[ON] is specified by default.

[Login Name]

Log in to the LDAP server, and enter the user name to search for a user (using up to 64 characters).

In this step, enter the user (name) that belongs to a specific administrator group on the LDAP server.

[Password]

Enter the password of the user you entered into [Login Name] (using up to 64 characters).

[Domain Name]

Enter the domain name to log in to the LDAP server (using up to 64 characters).

If [GSS-SPNEGO] is selected for [Authentication Type], enter the domain name of Active Directory.

Settings of [2nd Server Setting]

Settings

Description

[ON]/[OFF]

Select whether to use the secondary server.

[OFF] is specified by default.

[Reconnection Set.]

Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server. When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.

  • [Reconnect for every login]: Connects to the primary server each time authentication is carried out on this machine. If the primary server is shutting down, this machine is connected to the secondary server.

  • [Set Reconnect Interval]: Connects to the secondary server when the primary server is shutting down at the time the machine is being authenticated. After this, this machine is connected to the secondary server when machine authentication is occurring until the time specified in [Reconnection Time] lapses. After the time specified in [Reconnection Time] has lapsed, this machine is reconnected to the primary server when machine authentication is occurring.

[Set Reconnect Interval] is specified by default.

[2nd Server Reg.]

Register the secondary server.

For details, refer to "Settings of [1st Server Registration]" shown above.

To extract the primary server setting and configure the secondary server setting, tap [Retrieve from 1st Server].

To specify whether to display a list of registered users on the login screen and allow a user to select a desired one ([User Name List])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [User Name List]

Select whether to display the [User Name List] icon in the login screen.

Selecting [ON] enables you to select the login user from the list of user names registered on this machine.

[OFF] is specified by default.

To specify the default function permission applied to users when external server authentication is installed ([Default Function Permission])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [Default Function Permission]

Specify the default function permission applied to users when an external authentication server is used.

Functions available to users who log in to this machine for the first time are limited according to the settings configured here.

  • The default function permission can also be specified with Web Connection. For details, refer to Here.

To specify operations for the ID & Print function ([ID & Print Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [ID & Print Settings]

Specify the operations of the ID & Print function.

Settings

Description

[ID & Print]

Select whether to handle jobs normally printed from the printer driver as ID & Print jobs.

  • [ON]: Jobs that are normally printed are handled as ID & Print jobs.

  • [OFF]: Only jobs for which ID & Print is set are handled as print jobs.

[OFF] is specified by default.

[Public User]

Select the process performed when a public user job or a job without user authentication information is received.

  • [Print Immediately]: Prints the job without saving it in the ID & Print User Box.

  • [Save]: Saves the job in the ID & Print User Box.

[Print Immediately] is specified by default.

  • The Hard Disk is optional in some areas. To use this function, the optional Hard Disk is required.

To specify the printing method when using the ID & Print function in the authentication unit ([ID & Print Operation Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [ID & Print Operation Settings]

When using the ID & Print function on an Authentication Unit, select whether to request user authentication for printing each job or to allow the user to print all jobs once the user is authenticated. [Print All Jobs] is specified by default.

Settings

Description

[Print All Jobs]

One successful authentication session allows the user to print all jobs.

[Print Each Job]

One successful authentication session allows the user to print a single job.

  • The Hard Disk is optional in some areas. To use this function, the optional Hard Disk is required.

To specify the default operation to be performed after authentication on the login screen when using the ID & Print function ([Auth. Operation Setting when print Documents are Stored])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [Auth. Operation Setting when print Documents are Stored]

Specify the default operation to perform authentication on the login page when ID & Print jobs are stored.

Settings

Description

[Change to Basic Screen after ID & Print]

Select whether to simultaneously perform ID & Print and the authentication to log in to this machine.

If [ON] is selected, [Login after Print] is displayed in [ID & Print] on the login page.

[Restrict] is specified by default.

[Auth. Operation Setting when print Documents are Stored]

Select the default value for the operation that is performed after authentication in the login window.

  • [Logout after Print]: Prints ID & Print jobs. The user is not logged in to this machine.

  • [Login without Print]: The user is logged in to this machine. The ID & Print job is not executed.

  • [Login after Print]: Prints the ID & Print job, and the user is logged in to this machine. This setting is available when [ON] is selected for [Change to Basic Screen after ID & Print].

[Logout after Print] is specified by default.

  • The Hard Disk is optional in some areas. To use this function, the optional Hard Disk is required.

To register user information ([User Registration])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [User Registration]

Register the user information. In addition, configure function permission and the upper limit of the number of printable sheets for each user.

Select a number and tap [Edit], and the user registration or editing screen is displayed.

To limit the public user functions, tap [] on the number selection screen. Then, select [Public] and tap [Edit].

Settings

Description

[User Name]

Enter the user name to log in to this machine (using up to 64 characters).

You cannot configure the same user name as an the one which has already been assigned to a registered user. Once a user name is registered, it cannot be changed.

[Password]

Enter the password to log in to this machine (using up to 64 characters).

[E-Mail Address]

Enter the user's E-mail address (using up to 320 characters) if necessary.

If the E-mail address is registered, the Scan to Me function and the Scan to URL function are available.

[Max. Allowance Set]

Set the maximum number of pages that the user can print.

  • [Total Allowance]: Specify the total number of pages that can be printed. To omit setting of the maximum, select [No Limit].

Tap [All Users] to apply the maximum setting to all users.

[No Limit] is specified by default.

[Register Auth. Info.]

If an Authentication Unit is used to adopt the user authentication, tap [Edit] to register authentication information.

To delete authentication information, tap [Delete].

[Function Permission/Authority] - [Function permission]

Restrict functions available to users.

Specify whether to restrict the following functions, respectively:

  • [Copy]: [Allow] is specified by default.

  • [Scan]: [Full Color/Black] is specified by default.

  • [Fax]: [Full Color/Black] is specified by default.

  • [Print]: [Allow] is specified by default.

  • [User Box]: [Allow] is specified by default.

  • [Print Scan/Fax TX]: [Allow] is specified by default.

  • [Save to External Memory]: [Restrict] is specified by default.

  • [External Memory Document Scan]: [Restrict] is specified by default.

  • [Manual Destination Input]: [Allow] is specified by default.

  • [Biometric/IC Card Info. Registration]: [Restrict] is specified by default.

  • [Web Browser]: [Allow] is specified by default.

Tap [All Users] to apply the Function Permission to all users.

[Function Permission/Authority] - [Permission Setting]

Assigns administrator privileges to the user.

Specify whether to assign each of the following privileges to the user.

  • [Administrative Rights]: [Not Allowed] is specified by default.

  • [User Box Administrator Rights]: [Not Allowed] is specified by default.

Tap [All Users] to apply the assignment of privileges to all users.

This option is available when [Allow] is selected in [Administrator Settings] - [User Authentication/Account Track] - [User Authentication Settings] - [Administrative Settings] - [Login Allowed with Administrative Rights].

[Pause]

Disable registered users temporarily if necessary. If [Stop Job] is set, the users cannot log in to the MFP any longer.

Tap [All Users] to temporarily suspend the use of this machine by any user.

[Continue Job] is specified by default.

[Custom Pattern Function]

Specify the display pattern of function keys in the Copy, Scan/Fax and User Box modes for each user.

  • [Full Functions]: Displays all function keys.

  • [Standard Functions] (Not displayed in some areas): Displays commonly used function keys.

  • [Basic Functions]: Displays the more basic function keys than [Standard Functions].

  • [Disable]: User-specific pattern is not configured. The settings of this machines are applied.

You can set this option by selecting [Allow] in [Administrator Settings] - [System Settings] - [Custom Display Settings] - [User/Admin Function Permissions].

[Disable] is specified by default.

[Synchronize Account Track]

Specify whether to synchronize user authentication and account track when both user authentication and account track are implemented.

Tap [All Users] to apply the setting for synchronizing user authentication and account track to all users.

You can set this option by selecting [Synchronize by User] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [Synchronize User Authentication & Account Track].

[Account Name]

If user authentication and account track are implemented and if they are synchronized with each other, select the account to which the user belongs.

Account names must be registered in advance.

  • To change the registered user information, select the registration number and tap [Edit].

  • To delete a registered user, select the registration number and tap [Delete].

  • When using user authentication and account track in combination, register account information beforehand in [Administrator Settings] - [User Authentication/Account Track] - [Account Track Settings] - [Account Track Registration].

  • Information on users authenticated by the external authentication server is also registered. You can change the settings of [Max. Allowance Set], [Function Permission], [Custom Pattern Function], [Synchronize Account Track], and [Account Name] for users authenticated by the external authentication server if necessary.

To specify the function permission and the upper limit of sheets for each user ([User Registration])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [User Registration]

Register the user information. In addition, configure function permission and the upper limit of the number of printable sheets for each user.

Select a number and tap [Edit], and the user registration or editing screen is displayed.

To limit the public user functions, tap [] on the number selection screen. Then, select [Public] and tap [Edit].

Settings

Description

[User Name]

Enter the user name to log in to this machine (using up to 64 characters).

You cannot configure the same user name as an the one which has already been assigned to a registered user. Once a user name is registered, it cannot be changed.

[Password]

Enter the password to log in to this machine (using up to 64 characters).

[E-Mail Address]

Enter the user's E-mail address (using up to 320 characters) if necessary.

If the E-mail address is registered, the Scan to Me function and the Scan to URL function are available.

[Max. Allowance Set]

Set the maximum number of pages that the user can print.

  • [Total Allowance]: Specify the total number of pages that can be printed. To omit setting of the maximum, select [No Limit].

Tap [All Users] to apply the maximum setting to all users.

[No Limit] is specified by default.

[Register Auth. Info.]

If an Authentication Unit is used to adopt the user authentication, tap [Edit] to register authentication information.

To delete authentication information, tap [Delete].

[Function Permission/Authority] - [Function permission]

Restrict functions available to users.

Specify whether to restrict the following functions, respectively:

  • [Copy]: [Allow] is specified by default.

  • [Scan]: [Full Color/Black] is specified by default.

  • [Fax]: [Full Color/Black] is specified by default.

  • [Print]: [Allow] is specified by default.

  • [User Box]: [Allow] is specified by default.

  • [Print Scan/Fax TX]: [Allow] is specified by default.

  • [Save to External Memory]: [Restrict] is specified by default.

  • [External Memory Document Scan]: [Restrict] is specified by default.

  • [Manual Destination Input]: [Allow] is specified by default.

  • [Biometric/IC Card Info. Registration]: [Restrict] is specified by default.

  • [Web Browser]: [Allow] is specified by default.

Tap [All Users] to apply the Function Permission to all users.

[Function Permission/Authority] - [Permission Setting]

Assigns administrator privileges to the user.

Specify whether to assign each of the following privileges to the user.

  • [Administrative Rights]: [Not Allowed] is specified by default.

  • [User Box Administrator Rights]: [Not Allowed] is specified by default.

Tap [All Users] to apply the assignment of privileges to all users.

This option is available when [Allow] is selected in [Administrator Settings] - [User Authentication/Account Track] - [User Authentication Settings] - [Administrative Settings] - [Login Allowed with Administrative Rights].

[Pause]

Disable registered users temporarily if necessary. If [Stop Job] is set, the users cannot log in to the MFP any longer.

Tap [All Users] to temporarily suspend the use of this machine by any user.

[Continue Job] is specified by default.

[Custom Pattern Function]

Specify the display pattern of function keys in the Copy, Scan/Fax and User Box modes for each user.

  • [Full Functions]: Displays all function keys.

  • [Standard Functions] (Not displayed in some areas): Displays commonly used function keys.

  • [Basic Functions]: Displays the more basic function keys than [Standard Functions].

  • [Disable]: User-specific pattern is not configured. The settings of this machines are applied.

You can set this option by selecting [Allow] in [Administrator Settings] - [System Settings] - [Custom Display Settings] - [User/Admin Function Permissions].

[Disable] is specified by default.

[Synchronize Account Track]

Specify whether to synchronize user authentication and account track when both user authentication and account track are implemented.

Tap [All Users] to apply the setting for synchronizing user authentication and account track to all users.

You can set this option by selecting [Synchronize by User] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [Synchronize User Authentication & Account Track].

[Account Name]

If user authentication and account track are implemented and if they are synchronized with each other, select the account to which the user belongs.

Account names must be registered in advance.

  • To change the registered user information, select the registration number and tap [Edit].

  • To delete a registered user, select the registration number and tap [Delete].

  • When using user authentication and account track in combination, register account information beforehand in [Administrator Settings] - [User Authentication/Account Track] - [Account Track Settings] - [Account Track Registration].

  • Information on users authenticated by the external authentication server is also registered. You can change the settings of [Max. Allowance Set], [Function Permission], [Custom Pattern Function], [Synchronize Account Track], and [Account Name] for users authenticated by the external authentication server if necessary.

To check the operation conditions of this machine for each user or eco information (economy level) ([User Counter])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [User Counter]

Use this option to check the number of pages for each user and to reset the counter.

Select the registration number of a user subject to counter checking and tap [Counter Details].

Settings

Description

[Counter Details]

Shows the counter for the selected user. You can check the number of pages used for each function.

Tap [Eco Info] to display 2-sided printing, page combination, and other information related to the user, and check how effectively toner and paper are being saved.

Tap [Clear Counter] to clear the user's counter.

[Reset All Counters]

Resets counters for all users.

To register account track information ([Account Track Registration])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Account Track Settings]
          • [Account Track Registration]

Register account information. In addition, configure function permission and the maximum allowance on the number of pages printed for each account.

Select a number and tap [Edit], and the account track registration or editing screen is displayed.

Settings

Description

[Account Name]

Enter the account name used for logging in to this machine (using up to eight characters).

[Password]

Enter the password to log in to this machine (using up to 64 characters).

[Max. Allowance Set]

Restricts the number of pages each account can print.

  • [Total Allowance]: Specify the total number of pages that can be printed. To omit setting of the maximum, select [No Limit].

Tap [All Accounts] to apply the maximum setting to all accounts.

[No Limit] is specified by default.

[Function Permission]

Restrict functions available to users.

Specify whether to restrict the following functions, respectively:

  • [Copy]: [Allow] is specified by default.

  • [Scan]: [Full Color/Black] is specified by default.

  • [Fax]: [Full Color/Black] is specified by default.

  • [Print]: [Allow] is specified by default.

  • [Print Scan/Fax TX]: [Allow] is specified by default.

Tap [All Accounts] to apply function permission setting to all accounts.

[Pause]

Disable registered accounts temporarily if necessary. If [Stop Job] is set, the users cannot log in to the MFP any longer.

Tap [All Accounts] to temporarily suspend the use of this machine by any account.

[Continue Job] is specified by default.

[Custom Pattern Function]

Specify the display pattern of function keys in the Copy, Scan/Fax and User Box modes for each account.

  • [Full Functions]: Displays all function keys.

  • [Standard Functions] (Not displayed in some areas): Displays commonly used function keys.

  • [Basic Functions]: Displays the more basic function keys than [Standard Functions].

  • [Disable]: Account-specific pattern is not configured. The settings of this machines are applied.

You can set this option by selecting [Allow] in [Administrator Settings] - [System Settings] - [Custom Display Settings] - [User/Admin Function Permissions].

[Disable] is specified by default.

  • To change the registered account information, select the registration number and tap [Edit].

  • To delete a registered account, select the registration number and tap [Delete].

To specify the function permission and the upper limit of sheets for each account track ([Account Track Registration])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Account Track Settings]
          • [Account Track Registration]

Register account information. In addition, configure function permission and the maximum allowance on the number of pages printed for each account.

Select a number and tap [Edit], and the account track registration or editing screen is displayed.

Settings

Description

[Account Name]

Enter the account name used for logging in to this machine (using up to eight characters).

[Password]

Enter the password to log in to this machine (using up to 64 characters).

[Max. Allowance Set]

Restricts the number of pages each account can print.

  • [Total Allowance]: Specify the total number of pages that can be printed. To omit setting of the maximum, select [No Limit].

Tap [All Accounts] to apply the maximum setting to all accounts.

[No Limit] is specified by default.

[Function Permission]

Restrict functions available to users.

Specify whether to restrict the following functions, respectively:

  • [Copy]: [Allow] is specified by default.

  • [Scan]: [Full Color/Black] is specified by default.

  • [Fax]: [Full Color/Black] is specified by default.

  • [Print]: [Allow] is specified by default.

  • [Print Scan/Fax TX]: [Allow] is specified by default.

Tap [All Accounts] to apply function permission setting to all accounts.

[Pause]

Disable registered accounts temporarily if necessary. If [Stop Job] is set, the users cannot log in to the MFP any longer.

Tap [All Accounts] to temporarily suspend the use of this machine by any account.

[Continue Job] is specified by default.

[Custom Pattern Function]

Specify the display pattern of function keys in the Copy, Scan/Fax and User Box modes for each account.

  • [Full Functions]: Displays all function keys.

  • [Standard Functions] (Not displayed in some areas): Displays commonly used function keys.

  • [Basic Functions]: Displays the more basic function keys than [Standard Functions].

  • [Disable]: Account-specific pattern is not configured. The settings of this machines are applied.

You can set this option by selecting [Allow] in [Administrator Settings] - [System Settings] - [Custom Display Settings] - [User/Admin Function Permissions].

[Disable] is specified by default.

  • To change the registered account information, select the registration number and tap [Edit].

  • To delete a registered account, select the registration number and tap [Delete].

To check the operation conditions of this machine for each account track or eco information (economy level) ([Account Track Counter])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Account Track Settings]
          • [Account Track Counter]

You can check the number of pages used for each account and reset the counter.

Select the registration number of an account subject to counter checking and tap [Counter Details].

Settings

Description

[Counter Details]

Shows the counter for the selected account. You can check the number of pages used for each function.

Tap [Eco Info] to display 2-sided printing, page combination, and other information to the user, and check how effectively toner and paper are being saved.

Tap [Clear Counter] to clear the account's counter.

[Reset All Counters]

Resets counters for all accounts.

To specify an action to be taken when this machine receives a print job without authentication information ([Print without Authentication])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Print without Authentication]

Select whether to permit printing of a job without authentication information when User Authentication/Account Track is enabled on the machine.

To print data without adding authentication information using the printer driver, for example, when you want to directly send jobs from the mission-critical system such as ERP (Enterprise Resource Planning) to the machine and make prints, permit printing of a job without authentication information.

Settings

Description

[TRAP Setting]

  • [Allow]: Only black and white printing is allowed. Print jobs are counted as public user jobs.

  • [Restrict]: Printing is restricted. Canceling [Restrict] allows everybody to perform printing. Select [Restrict] to control user access and ensure security.

[Restrict] is specified by default.

[IP Filtering (Permit Access)]

If [Allow] is selected in [TRAP Setting], specify a computer that allows an access to this machine using the IP address.

[Enable]/[Disable]

Select whether to specify an IP address that allows access to this machine.

[Disable] is specified by default.

[Set 1] to [Set 5]

Enter the range of IP addresses that allow access using the following format.

  • Entry example: "192.168.1.1 - 192.168.1.10"

  • To allow access from a single IP address, you can only enter the address in one side of the range.

To print a list in which the operation conditions of this machine are calculated for each user or account track ([Print Counter List])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Print Counter List]

A print counter list is printed. You can print a list if user authentication or account track has been adopted.

In [Print Item], specify whether to print all information or only to print typed information. In [Detailed Counter], select whether to print detailed counter information.

Change print settings as required, then tap [Start] to start printing.

To register an external server for user authentication ([External Server Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [External Server Settings]

When employing external server authentication, register the authentication server.

If you group two servers, you can switch to another server to perform authentication when a server shuts down.

Select a number for registering the server and tap [New].

Settings

Description

[Server Name]

Enter the name of your authentication server group (using up to 32 characters).

Assign a name that helps you easily identify the authentication server group.

[1st Server Registration]

Register the primary server in the server group.

For details, refer to "Settings of [1st Server Registration]" shown below.

[2nd Server Setting]

Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server.

For details, refer to "Settings of [2nd Server Setting]" shown below.

[Round Robin function]

Select whether to alternately connect to the primary and secondary servers.

If you select [Enable], you can alternately connect the primary and secondary servers to distribute the server load.

[Disable] is specified by default.

Settings of [1st Server Registration]

Settings

Description

[Active Directory]

Register server information when Active Directory is used as the authentication server.

  • [Default Domain Name]: Enter the default domain name of your Active Directory (using up to 64 characters).

  • [Timeout]: Change the timeout interval for communication with Active Directory, if required.
    [60 sec.] is specified by default.

[NTLM v1]

Register server information when NTLM v1 is used as the authentication server.

  • [Default Domain Name]: Enter the default domain name of your authentication server (using up to 64 characters). The default domain name must be uppercase letters.

[NTLM v2]

Register server information when NTLM v2 is used as the authentication server.

  • [Default Domain Name]: Enter the default domain name of your authentication server (using up to 64 characters). The default domain name must be uppercase letters.

[LDAP]

Register server information when LDAP is used as the authentication server.

  • [Server Address]: Enter your LDAP server address.

  • [Search Base 1] to [Search Base 3]: Specify the starting point and range to search a user to be authenticated.
    [Search Base]: Specify the starting point to search for a target (using up to 255 characters).
    Example of entry: "cn=users,dc=example,dc=com"
    [Search Range]: Select a tree search range. [Full Tree] is specified by default. Selecting [Full Tree] makes a search, including the tree structure under the entered starting point. Selecting [Next hierarchy only] searches for only one level directly beneath the entered starting point. In this case, the level at the starting point is not included as a search target.

  • [SSL Setting]: Specify whether to use SSL for communications. [OFF] is specified by default.

  • [Port No.]: If necessary, change the port number. [389] is specified by default.

  • [Timeout]: Change the timeout interval for communication with the LDAP server, if required. [60] sec. is specified by default.

  • [Authentication Type]: Select the authentication method to log in to the LDAP server. Select one appropriate for the authentication method used for your LDAP server. [Simple] is specified by default.

  • [Search Attribute(s)]: Enter the search attribute used in user account search (using up to 64 characters). [uid] is specified by default.

  • [Search Directory Service]: If you select [Active Directory], you can limit a search target for authentication to users. However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory (Windows Server 2008 or later). [Other] is specified by default.

  • [Search Attributes Authentication]: Specify whether to have DN (Distinguished Name) generated automatically that is required for authentication by the LDAP server when [Simple] is selected for [Authentication Type]. Also, enter authentication information used for logging in to the LDAP server in order to search for the user ID. [No Limit] is specified by default.

Settings of [2nd Server Setting]

Settings

Description

[ON]/[OFF]

Select whether to use the secondary server.

[OFF] is specified by default.

[Reconnection Set.]

Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server. When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.

  • [Reconnect for every login]: Connects to the primary server each time authentication is carried out on this machine. If the primary server is shutting down, this machine is connected to the secondary server.

  • [Set Reconnect Interval]: Connects to the secondary server when the primary server is shutting down at the time the machine is being authenticated. After this, this machine is connected to the secondary server when machine authentication is occurring until the time specified in [Reconnection Time] lapses. After the time specified in [Reconnection Time] has lapsed, this machine is reconnected to the primary server when machine authentication is occurring.

[Set Reconnect Interval] is specified by default.

[2nd Server Reg.]

Register the secondary server.

For details, refer to "Settings of [1st Server Registration]".

  • To change the registered authentication server information, select the registration number and tap [Edit].

  • To delete the registered authentication server, select the registration number and tap [Delete].

  • When registering multiple authentication servers, select the authentication server that is normally used and then tap [Set as Default] to register it as the default.

To restrict the registered destinations that can be accessed by users ([Limiting Access to Destinations])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Limiting Access to Destinations]

Limit the access to destinations for each user.

Restrict destinations that can be browsed by users by combining [Apply Levels/Groups to Destinations] and [Apply Levels/Groups to Users].

  • For details on the restriction of browsing destinations, refer to Here.

Settings

Description

[Create Group]

Register a reference allowed group.

In a reference allowed group, destinations and users can be registered, and such users can reference destinations registered in the same group.

  • To register a group, select the registration number and tap [Edit].

  • To check destinations or users registered in a group, tap [Details].

[Group Name]

Enter the name of the group (using up to 24 characters).

[Access Allowed Level]

To manage the address book by combining the reference allowed level and reference allowed group, select a reference allowed level of the reference allowed group.

[Level 0] is specified by default.

[Apply Levels/Groups to Destinations]

Select a registered destination from [Address Book], [Group], or [Program], and then configure either the reference allowed group or reference allowed level.

[Apply Group]

Assign a reference allowed group to the registered destination you have selected.

Before you can assign a reference allowed group, you need to register the reference allowed group in [Create Group].

[Apply Level]

Assign a reference allowed level to the registered destination you have selected.

[Level 0] is specified by default.

[Apply Levels/Groups to Users]

Select a registered user or public user and specify a reference allowed group or reference allowed level. You can combine reference allowed group and reference allowed level settings.

[Apply Group]

Assign a reference allowed group to the registered user you have selected.

Before you can assign a reference allowed group, you need to register the reference allowed group in [Create Group].

[Apply Level]

Assign a reference allowed level to the registered user you have selected.

[Level 0] is specified by default.

To specify how to log in to the IC card authentication or which operation is to be performed at authentication ([General Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Authentication Device Settings]
          • [General Settings]

Configure how to log in with IC card, NFC, or biometric authentication as well as operations to take place upon authentication.

Settings

Description

[Card Authentication]

To use this function, the optional Authentication Unit (IC card type) is required.

[IC Card type setting]

Select whether to permit a use for each IC card type.

  • Specify the authentication destination in [Authentication Assignment Dest.]. You can select the authentication server group or MFP, which is specified in [LDAP-IC Card Authentication Setting], as the authentication destination. Also, you can specify up to three authentication destinations to search for their user information in parallel.
    [Authentication Assignment Dest.] is available when [External Server Authentication] or [Main + External Server] is selected in the [Authentication Method] of user authentication, and FeliCa, TypeA, MIFARE(PID), or NFC(HCE) is specified as the IC card type.
    The MFP can be specified as the authentication destination only when [Main + External Server] is selected in the [Authentication Method] of user authentication. For details on the [Authentication Method] of user authentication, refer to Here.

  • When using [SSFC], you can register detailed information such as the company identification code or company code.

  • When using [FCF], you can register the section code.

  • When using [FCF (Campus)], you can register the campus identification code.

  • When using [MIFARE(PID)], register detailed information such as the key code.

[IC Card Type]

The specified IC card type is displayed depending on the type of your loadable driver.

[Operation Settings]

Select how to log in to this machine.

  • [Card Authentication]: Logs in simply by placing your IC card or NFC-compatible Android terminal on the authentication unit.

  • [Card Authentication + Password]: Logs in by placing the IC card or NFC-compatible Android terminal on the authentication unit and entering the password.

[Card Authentication] is specified by default.

[Authentication Card ID Number]

Select whether to notify the counter, which collects the use status of this machine, of the authentication card ID.

[Ignore] is specified by default.

[Bio Authentication]

To use this function, the optional Authentication Unit (biometric type) is required.

[Beep Sound]

Select whether to give a "blip" sound when the finger vein pattern is scanned successfully.

[ON] is specified by default.

[Operation Settings]

Select how to log in to this machine.

  • [1-to-many authentication]: A user simply needs to place his or her finger to log in.

  • [1-to-1 authentication]: Enter the user name and position his or her finger to log in.

[1-to-many authentication] is specified by default.

To specify how to log in to the biometric authentication or which operation is to be performed at authentication ([General Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Authentication Device Settings]
          • [General Settings]

Configure how to log in with IC card, NFC, or biometric authentication as well as operations to take place upon authentication.

Settings

Description

[Card Authentication]

To use this function, the optional Authentication Unit (IC card type) is required.

[IC Card type setting]

Select whether to permit a use for each IC card type.

  • Specify the authentication destination in [Authentication Assignment Dest.]. You can select the authentication server group or MFP, which is specified in [LDAP-IC Card Authentication Setting], as the authentication destination. Also, you can specify up to three authentication destinations to search for their user information in parallel.
    [Authentication Assignment Dest.] is available when [External Server Authentication] or [Main + External Server] is selected in the [Authentication Method] of user authentication, and FeliCa, TypeA, MIFARE(PID), or NFC(HCE) is specified as the IC card type.
    The MFP can be specified as the authentication destination only when [Main + External Server] is selected in the [Authentication Method] of user authentication. For details on the [Authentication Method] of user authentication, refer to Here.

  • When using [SSFC], you can register detailed information such as the company identification code or company code.

  • When using [FCF], you can register the section code.

  • When using [FCF (Campus)], you can register the campus identification code.

  • When using [MIFARE(PID)], register detailed information such as the key code.

[IC Card Type]

The specified IC card type is displayed depending on the type of your loadable driver.

[Operation Settings]

Select how to log in to this machine.

  • [Card Authentication]: Logs in simply by placing your IC card or NFC-compatible Android terminal on the authentication unit.

  • [Card Authentication + Password]: Logs in by placing the IC card or NFC-compatible Android terminal on the authentication unit and entering the password.

[Card Authentication] is specified by default.

[Authentication Card ID Number]

Select whether to notify the counter, which collects the use status of this machine, of the authentication card ID.

[Ignore] is specified by default.

[Bio Authentication]

To use this function, the optional Authentication Unit (biometric type) is required.

[Beep Sound]

Select whether to give a "blip" sound when the finger vein pattern is scanned successfully.

[ON] is specified by default.

[Operation Settings]

Select how to log in to this machine.

  • [1-to-many authentication]: A user simply needs to place his or her finger to log in.

  • [1-to-1 authentication]: Enter the user name and position his or her finger to log in.

[1-to-many authentication] is specified by default.

To specify an operation to be carried out after original scanning was completed when user authentication is performed using an authentication unit ([Logoff Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Authentication Device Settings]
          • [Logoff Settings]

Specify whether to log out automatically when scanning of the original finishes.

[Do not log off] is specified by default.

To specify whether to display the logout confirmation screen at logout ([Logout Confirmation Screen Display Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User/Account Common Setting]
          • [Logout Confirmation Screen Display Setting]

Specify whether to display the logout confirmation screen on the Touch Panel when you log out of the login mode (Recipient User or Public User) entered by pressing the Access key.

[ON] is specified by default.

To specify whether to allow a user to obtain counter information of this machine from the remote diagnosis system ([Counter Remote Control])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User/Account Common Setting]
          • [Counter Remote Control]

Specify whether to allow acquisition of counter information managed on this machine when a remote diagnosis system is used.

[Restrict] is specified by default.

To specify whether to enable the Scan to Home function ([Scan to Home Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Scan to Home Settings]

Select whether to enable the Scan to Home function.

This item can be configured when Active Directory is used as an authentication server.

[Disable] is specified by default.

To quote user's authentication information for access to a shared folder ([Scan to Authorized Folder Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Scan to Authorized Folder Settings]

Specify whether to limit the transmission destinations. The authentication information of the users who have logged in to this machine is used for accessing a shared folder on the network.

If [Scan to Authorized Folder Settings] is set to [Limit], the following restrictions will be applied:

  • Addresses cannot be specified by direct input for scan transmission.

  • Users cannot save files to User Boxes.

  • Users cannot send files from User Boxes.

  • Users cannot use annotation User Boxes.

  • Users cannot select addresses from transmission log.

  • Users cannot use the URL notification function.

[Do Not Limit] is specified by default.

To print data from the printer driver without entering a password when user authentication is installed ([Simple Auth. setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Simple Auth. setting]

Select whether to allow authentication that is based only on the user name (without a password) when the printer driver is used for printing in an environment where user authentication is employed. When employing external server authentication, register the authentication server for quick authentication.

Settings

Description

[Authentication Setting]

Select whether to allow authentication that is based only on the user name (without a password) when the printer driver is used for printing in an environment where user authentication is employed.

To permit the quick authentication, the login user name for this machine for MFP authentication, external server authentication, and enhanced server authentication must match the Windows login ID.

[Restrict] is specified by default.

[Register Authentication Server]

When external server authentication is implemented, register the LDAP server to check user names.

If you group two servers, you can switch to another server to perform authentication when a server shuts down.

For details, refer to "Newly registering and editing authentication server" shown below.

Newly registering and editing authentication server

Settings

Description

[Server Name]

Enter the name of your authentication server group (using up to 32 characters).

Assign a name that helps you easily identify the authentication server group.

[1st Server Registration]

Register the primary server in the server group.

For details, refer to "Settings of [1st Server Registration]" shown below.

[2nd Server Setting]

Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server.

For details, refer to "Settings of [2nd Server Setting]" shown below.

[Round Robin function]

Select whether to alternately connect to the primary and secondary servers.

If you select [Enable], you can alternately connect the primary and secondary servers to distribute the server load.

[Disable] is specified by default.

[External Server Authentication]

Select the external authentication server group used to associate the quick authentication.

When quick authentication succeeds, user authentication information is registered on the machine to manage users on the machine. This authentication information includes the user name and external authentication server name. The external authentication server name selected here is registered on the machine together with the user name.

Settings of [1st Server Registration]

Settings

Description

[Timeout]

If necessary, change the time-out time to limit a communication with the LDAP server.

[60 sec.] is specified by default.

[Search Attribute]

Enter the search attribute to be used for search of a user using the LDAP server (using up to 64 characters).

The attribute must start with an alphabet character.

[uid] is specified by default.

[Search Directory Service]

If you select [Active Directory], you can limit a search target for authentication to users. However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory (Windows Server 2008 or later).

[Other] is specified by default.

[Server Address]

Enter the LDAP server address.

Use one of the following formats.

  • Example of host name entry: "host.example.com"

  • Example of IP address (IPv4) entry: "192.168.1.1"

  • Example of IP address (IPv6) entry: "fe80::220:6bff:fe10:2f16"

[Search Base 1] to [Search Base 3]

Specify the starting point to search for a user to be authenticated.

  • [Search Base]: Specify the starting point to search for a target (using up to 255 characters).
    Example of entry: "cn=users,dc=example,dc=com"

  • [Search Range]: Select a tree search range. [Full Tree] is specified by default.
    Selecting [Full Tree] makes a search, including the tree structure under the entered starting point. Selecting [Next hierarchy only] searches for only one level directly beneath the entered starting point. In this case, the level at the starting point is not included as a search target.

[SSL Setting]

Specify whether or not to use SSL for communication with the LDAP server.

[OFF] is specified by default.

[Port Number]

If necessary, change the LDAP server port number.

In normal circumstances, you can use the original port number.

[389] is specified by default.

[Port Number (SSL)]

If necessary, change the SSL communication port number.

In normal circumstances, you can use the original port number.

[636] is specified by default.

[Certificate Verification Level Settings]

To validate the certificate during SSL communication, select items to be verified.

  • [Expiration Date]: Confirm whether the certificate is within the validity period. [Confirm] is specified by default.

  • [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer. [Do Not Confirm] is specified by default.

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine. [Do Not Confirm] is specified by default.

  • [Expiration Date Confirmation]: Confirm whether the certificate has expired. [Do Not Confirm] is specified by default.

  • [CN]: Confirm whether CN (Common Name) of the certificate matches the server address. [Do Not Confirm] is specified by default.

[Authentication Type]

Select the authentication method to log in to the LDAP server.

Select one appropriate for the authentication method used for your LDAP server.

  • [Simple]

  • [Digest-MD5]

  • [GSS-SPNEGO]

  • [NTLM v1]

  • [NTLM v2]

[Simple] is specified by default.

[Referral Setting]

Select whether to use the referral function, if necessary.

Make an appropriate choice to fit the LDAP server environment.

[ON] is specified by default.

[Login Name]

Log in to the LDAP server, and enter the user name to search for a user (using up to 64 characters).

In this step, enter the user (name) that belongs to a specific administrator group on the LDAP server.

[Password]

Enter the password of the user you entered into [Login Name] (using up to 64 characters).

[Domain Name]

Enter the domain name to log in to the LDAP server (using up to 64 characters).

If [GSS-SPNEGO] is selected for [Authentication Type], enter the domain name of Active Directory.

[Check Connection]

Select this option to try connecting to the LDAP server using the entered information and check if the information registered is correct.

[Reset All Settings]

Tap this button to reset all the contents you entered.

Settings of [2nd Server Setting]

Settings

Description

[ON]/[OFF]

Select whether to use the secondary server.

[OFF] is specified by default.

[Reconnection Set.]

Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server. When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.

  • [Reconnect for every login]: Connects to the primary server each time authentication is carried out on this machine. If the primary server is shutting down, this machine is connected to the secondary server.

  • [Set Reconnect Interval]: Connects to the secondary server when the primary server is shutting down at the time the machine is being authenticated. After this, this machine is connected to the secondary server when machine authentication is occurring until the time specified in [Reconnection Time] lapses. After the time specified in [Reconnection Time] has lapsed, this machine is reconnected to the primary server when machine authentication is occurring.

[Set Reconnect Interval] is specified by default.

[2nd Server Reg.]

Register the secondary server.

For details, refer to "Settings of [1st Server Registration]".

To extract the primary server setting and configure the secondary server setting, tap [Retrieve from 1st Server].

  • To change the registered authentication server information, select the registration number and tap [Edit].

  • To delete the registered authentication server, select the registration number and tap [Delete].

To use this machine in the single sign-on environment of Active Directory ([Single Sign-On Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Network Settings]
        • [Single Sign-On Setting]

Join the machine to the Active Directory domain and establish the single sign-on environment.

You can set this option by selecting [External Server Authentication] or [Main + External Server] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [User Authentication] - [Authentication Method].

Settings

Description

[Domain Login Setting]

Configure settings to join services of this machine in a domain.

Joining services of this machine in the domain allows the user to use them if authenticated once by Active Directory.

[ON]/[OFF]

Select whether to use singe-sign on.

Enter the host name, domain name, account name, and password, then tap [OK] to execute domain joining processing.

[OFF] is specified by default.

[Host Name]

Enter the host name of this machine (using up to 253 characters).

Enter the host name you specified in [Administrator Settings] - [Network Settings] - [TCP/IP Settings] - [DNS Host].

[Domain Name]

Enter the domain name of Active Directory (using up to 64 characters).

[Account Name]

Enter the administrator's account name of the Active Directory domain (using up to 64 characters).

[Password]

Enter the administrator's password of the Active Directory domain (using up to 64 characters).

[TX Timeout]

Change the time-out time of domain joining processing if necessary.

[30] is specified by default.

[Applications and Settings]

Displays a list of services of this machine that join the Active Directory domain.

When this machine joins the Active Directory domain, [PRINTER] appears.

[Auto Log Out Time]

When the user uses services of this machine in the Active Directory domain, change the time to hold the user's authentication information on this machine.

Since the user can reuse authentication information while it is held on this machine, they can use the services of this machine without performing authentication again.

[1 Hour] is specified by default.