[User Authentication]

When enabling user authentication, select the user authentication method (default: [OFF]).

• [OFF]: Does not enable user authentication.

• [ON (External Server)]: This authentication method only allows users registered on your authentication server to use this machine. Select [Utility] - [Administrator] - [User Auth/Account Track] - [External Server Settings], and register your authentication server.

• [ON (MFP)]: The authentication function of this machine is used for user authentication. This authentication method only allows users registered on this machine to use it.

• [ON (MFP + External Server)]: Select this option to enable login using the authentication function of the MFP in case a trouble occurs on the external authentication server.

• [Enhanced Server Authentication]: Associates with the enhanced server. This authentication method only allows users registered on the enhanced server to use this machine.

• [MFP Device + Enhanced Server Authentication]: Select this option to enable login using the authentication function of the MFP in case a trouble occurs on the enhanced server.

[Update Billing Information]

Select whether to overwrite existing billing information if the billing information that can be managed on this machine reached the upper limit when the enhanced server shut down (default: [Restrict]).

[Default Authentication Method]

Select your preferred authentication method when [ON (MFP + External Server)] or [MFP Device + Enhanced Server Authentication] is selected in [User Authentication].

• If [User Authentication] is set to [ON (MFP + External Server)], [ON (External Server)] is specified by default.

• If [User Authentication] is set to [MFP Device + Enhanced Server Authentication], [Enhanced Server Authentication] is specified by default.

[Public User Access]

Select whether to allow use of an unregistered user (public user) (default: [Restrict]).

• [Restrict]: Restricts a use of a public user.

• [ON (With Login)]: Allows that public users to use this machine. When a public user uses this machine, select [Used by public user>] on the Login screen.

• [ON (Without Login)]: Allows that public users to use this machine. A public user can use this machine without logging in to this machine. Using this option, you do not need to log in to this machine even when there are many public users.

[Ticket Hold Time Setting (Active Directory)]

Change the retention time for a Kerberos authentication ticket if Active Directory is used as an authentication server (default: [5] min.).

If [0] min. is specified, the Kerberos authentication ticket is discarded after authentication has been completed.

[Account Track]

When enabling account track, set this option to ON (default: OFF).

[Account Track Input Method]

When enabling account track, select the account track method (default: [Account Name & Password]).

• [Account Name & Password]: Enter the account name and password to log in. When using user authentication and account track in combination, the setting cannot be changed from [Account Name & Password].

• [Password Only]: Enter only the password to log in.

[Synchronize User Authentication / Account Track]

When using user authentication and account track in conjunction, select whether to synchronize user authentication and account track (default: [Synchronize]).

• [Synchronize]: Select this option when the user and account is in one-to-one relation. If you specify the department of a user when registering him/her, you can log in to the account simply by logging in as the user.

• [Do Not Synchronize]: Select this option when the user joins multiple accounts. To log in to this machine, enter the user name, then specify the account.

• [Synchronize by User]: Enables the user to select whether to synchronize the user authentication and account authentication.

[Number of Counters Assigned]

Counter management is carried out for each user or account track to install user authentication or account track. This machine provides 1000 counter areas to carry out counter management. In this option, specify the number of counter areas to be assigned to each user (default: [500]).

If [User Authentication] is set to [MFP Device + Enhanced Server Authentication], a counter area can be assigned to temporarily save data when the enhanced server has shut down. Up to 1000 counter areas can be assigned for users, account tracks, and the enhanced server in total.

[When Number of Jobs Reach Maximum]

Sets the maximum number of sheets that each user can print. Here, select an operation if the number of sheets exceeds the maximum number of sheets that can be printed (default: [Skip Job]).

• [Skip Job]: Stops the job currently running, and starts printing the next job.

• [Stop Job]: Stops all jobs.

• [Delete Job]: Deletes the active job.

To restart a suspended job, reset the counter.

[Enable NFC]

Select whether to use NFC authentication.

• [Enable NFC]: When using NFC, set this option to ON (default: OFF). This setting is synchronized with [Utility] - [Administrator] - [System Settings] - [System Connection Setting] - [Mobile Connection Settings] - [Simple Connection Setting] - [Enable NFC].

• [NFC Authentication Setting]: When using NFC authentication, set this option to ON (default: OFF).

[Enable Bluetooth LE]

Select whether to use Bluetooth LE authentication.

• [Enable Bluetooth LE]: When using the Bluetooth LE, set this option to ON (default: OFF). This setting is synchronized with [Utility] - [Administrator] - [System Settings] - [System Connection Setting] - [Mobile Connection Settings] - [Simple Connection Setting] - [Enable Bluetooth LE].

• [Bluetooth LE Authentication Setting]: When using Bluetooth LE authentication, set this option to ON (default: OFF).

[External Server DN Cache]

Select whether to save DN (Distinguished Name) information on the machine to speed up the LDAP server authentication (default: [OFF]).

If [ON] is selected, information related to the user’s DN is saved on the machine when authentication succeeds in the LDAP server. At the next authentication, a user search is performed using the saved information.

This option is available when [ON (External Server)] or [ON (MFP + External Server)] is selected in [User Authentication].

[Extended User DB]

Select whether to extend the number of users to be authenticated on the machine using the advanced user database (default: [OFF]).

Using the advanced user database, the number of users to be authenticated is increased to a maximum of 50000.

This option is available when [ON (External Server)] or [ON (MFP + External Server)] is selected in [User Authentication].

[IdP Authentication]

When using the cloud authentication service (IdP) to perform user authentication, set this option to ON (default: OFF).

• [Give priority to IdP authentication]: When giving priority to the IdP authentication while the MFP authentication or the external server authentication is combined with the IdP authentication, set this option to ON (default: OFF).

To use IdP authentication, you need to use MarketPlace and install the IWS application. For details, contact your service representative.

[IC card usage]

Select the authentication method when authenticating with the IC card (default: [Other authentication than IdP]). To use IdP authentication, select [IdP authentication only]. If you select [Other authentication than IdP], the IC card is authenticated using this machine or the authentication server without using IdP authentication.

If [IdP authentication only] is selected, [Temporarily Save Authentication Information] is set to ON in [User Auth/Account Track] - [User Authentication Setting] - [IdP user authentication settings], and [Overwrite User Info] to [Restrict].

[External Authentication server setting]

Set server authentication operations.

• [Temporarily Save Authentication Information]: To temporarily save authentication information in the main unit against a case where an external authentication server shuts down, set this option to ON (default: OFF).

• [Reconnection Settings]: Specify the timing to reconnect to the authentication server (default: [Set Reconnect Interval]).
  [Reconnect for every login]: Connects to the authentication server at the time authentication is carried out on this machine. If the authentication server is in the shutdown state at the time authentication is carried out on this machine, first confirm that the authentication server is down, and use the temporarily saved authentication information to log in to this machine.
  [Set Reconnect Interval]: Connect to the authentication server at the time specified in [Reconnection Time], and check the status of the authentication server. If the authentication server is in the shutdown state, use the authentication information temporarily saved in the main unit to log in.

• [Expiration Date Settings]: When specifying the validity period to the temporarily saved authentication information, set this option to ON (default: OFF). Also, enter the expiration date.

• [Overwrite User Info]: When the external server authentication is used, authenticated user information is also managed on this machine. If the number of users who have executed the external server authentication reaches the maximum number of users this machine can manage, authentication of any new users will not be permitted. Select whether to allow the user to overwrite registered user information for that case (default: [Restrict]). If you select [Allow], the oldest authenticated user information is erased and the new user is registered.
  If [Enhanced Server Authentication] or [MFP Device + Enhanced Server Authentication] is selected in [User Authentication], [Allow] is specified forcibly.

• [Billing counter management]: Select whether to manage the user's counter information by the external server authentication. When managing the counter information, set [Manage using an integrated management system] to ON (default: OFF). This setting is available when [IdP Authentication] is set to ON because the counter information is managed with the cloud aggregation service using the IdP authentication mechanism.

[No.]

Specify the user's registration number.

Select [Use opening number] to automatically assign the smallest available number. When you want to specify a number, select [Input directly] and then enter a number.

[User Name]

Enter the user name (using up to 64 double-byte or single-byte characters).

You cannot configure the same user name as an the one that has already been assigned to a registered user. Once a user name is registered, it cannot be changed.

[E-mail Address]

Enter the user's E-mail address (using up to 320 single-byte characters, excluding spaces).

If the E-mail address is registered, the Scan to Me function and the Scan to URL function are available.

[PIN Code]

When VLAN is set, enter the PIN code for two-factor authentication (using up to 8 single-byte digits).

[User Password]

Enter the password to log in to this machine (using up to 64 single-byte characters).

[Synchronize Account Track]

Specify whether to synchronize user authentication and account track when both user authentication and account track are implemented.

Select [All Users] to apply the same setting to all users.

This setting is displayed when [Synchronize User Authentication / Account Track] is set to [Synchronize by User] in [Utility] - [Administrator] - [User Auth/Account Track] - [Authentication Method].

[Account Name]

When synchronizing user authentication and account track, select the account to which the user belongs.

[Temporarily stop use]

When temporarily disabling the registered users, set this option to ON (default: OFF).

Select [All Users] to apply the same setting to all users.

[Function Permission]

Restrict functions available to users. Select [All Users] to apply the same setting to all users.

Specify whether to restrict the following functions, respectively:

• [Copy] (default: [Full Color/Black])

• [Scan] (default: [Full Color/Black])

• [Save to USB flash drive] (default: OFF)

• [Scan documents to USB flash drive] (default: OFF)

• [Fax] (default: [Full Color/Black])

• [Print] (default: [Full Color/Black])

• [User Box] (default: ON)

• [TX Document Print] (default: [Full Color/Black])

• [Manual Destination Input] (default: [Allow All])

• [Web Browser] (default: [Allow All])

• [Biometric/IC Card Information Registration] (default: OFF)

[Custom Function Profile by User]

Select whether to change the display pattern of function keys to be displayed in the Copy, Scan/Fax and User Box modes of classic style (default: [Restrict]). If [Allow] is selected, the display pattern can be changed (default: [Full]). If [Restrict] is selected, the display pattern is set according to [Custom Function Pattern Selection].

This setting is displayed when [Custom Function Profile User/Account] is set to ON in [Utility] - [Administrator] - [System Settings] - [Custom Function Profile User/Account].

[Max. Allowance Set]

Set the maximum number of pages that the user can print.

• [All Users]: Specify whether to apply the maximum setting to all users.

• [Total Allowance]: Specify the total number of pages that can be printed.

• [Individual Allowance]: Specify the number of pages that can be printed separately for [Color] and [Black].

[Register Auth. Info.]

When Authentication Unit is installed, register authentication information to suit your Authentication Unit.

[Permission Setting]

Assigns administrator privileges to the user. Select [All Users] to apply the same setting to all users.

Specify whether to assign each of the following privileges to the user.

• [Administrative Rights] (default: [Do Not Allow])
  When [Give only specific rights] is set, select at least one from the following privilege types.
  [Administration of security settings]: Assigns privileges that can mainly set [Security] of the administrator settings (default: OFF).
  [Administration of network settings]: Assigns privileges that can mainly set [Network] of the administrator settings (default: OFF).
  [Administration of authentication and destination information]: Assigns privileges that can mainly set [User Auth/Account Track] of the administrator settings (default: OFF).

• [User Box Administrator Rights] (default: OFF)

[Function Permission]

Restrict the functions public users can use.

Specify whether to restrict the following functions, respectively:

• [Copy] (default: [Full Color/Black])

• [Scan] (default: [Full Color/Black])

• [Save to USB flash drive] (default: OFF)

• [Scan documents to USB flash drive] (default: OFF)

• [Fax] (default: [Full Color/Black])

• [Print] (default: [Full Color/Black])

• [User Box] (default: ON)

• [TX Document Print] (default: [Full Color/Black])

• [Manual Destination Input] (default: [Allow All])

• [Web Browser] (default: ON)

[ID & Print]

When handling jobs normally printed from the printer driver as ID & Print jobs, set this option to ON (default: OFF).

[Public User]

Select the process performed when a public user job or a job without user authentication information is received (default: [Print Immediately]).

• [Print Immediately]: Prints the job without saving it in the ID & Print User Box.

• [Save]: Saves the job in the ID & Print User Box.

[ID & Print Operation Settings]

Select the processing method when using the ID & Print function in Authentication Unit (default: [Print All Jobs]).

• [Print All Jobs]: One successful authentication session allows the user to print all jobs.

• [Print Each Job]: One successful authentication session allows the user to print one job.

[Change to Basic Screen after ID & Print]

Select whether to display the screen after login when ID & Print was executed (default: [Restrict]).

If [ON] is selected, [Login after Print] is displayed in [ID & Print] on the login page.

[Auth. Operation Setting when print Documents are Stored]

Select the default value for the operation that is performed after authentication in the login window.

• [Logout after Print]: Automatically logs out after data printing.

• [Login without Print]: Logs out without printing data.

• [Login after Print]: Logs in after data printing. This setting is available when [ON] is selected for [Change to Basic Screen after ID & Print].

[Login Allowed with Administrative Rights]

When allowing the user to log in with administrator or User Box administrator privileges, set this option to ON (default: OFF).

[User Name List]

Select whether to display the restoration icon of [User Name List] in the login screen (default: [OFF]).

Selecting [ON] enables you to select the login user from the list of user names registered on this machine.

[Default Browser Settings]

Configure settings related to the operation the next time you start the Web browser on this machine.

• [Delete Web Data]: Select whether to delete the web data saved up to that point the next time you start the web browser on this machine (default: [Do Not Delete]).

• [Delete Authentication Information]: Select whether to delete the authentication information entered up to that point the next time you start the web browser on this machine (default: [Do Not Delete]).

• [Home page]: Set the web page used as the home page on the web browser of this machine (default: [about:blank]).

• [Start up]: Select whether to start from the web page set on [Home page] the next time you start the web browser on this machine (default: [Home page]).

[Detail]

Shows the counter for the selected user. You can check the number of pages used for each function.

• [Eco Info]: Displays 2-sided printing, page combination, and other information related to the user, and check how effectively toner and paper are being saved.

• [Counter Clear]: Clears the user's counter.

[Reset All Counters]

Resets counters for all users.

[Temporarily Save Authentication Information]

When saving authentication information of the user who logged in to this machine with IdP authentication, set this information option to ON (default: OFF).

[Overwrite User Info]

When saving authentication information of the user who logged in to this machine with IdP authentication, select whether to allow overwriting when the number of saved authentication information items reaches 1000 (default: [Restrict]).

• [Allow]: The authentication information saved in this machine is overwritten sequentially from the oldest authentication information in the history.

• [Restrict]: The authentication information saved in this machine is not overwritten.

[Print from PC]

Configure settings for printing from a computer using IdP authentication.

• [Give priority to IdP authentication]: Set the priority of the authentication method used when printing using the printer driver. When prioritizing the IdP authentication, set to ON (default: OFF).

• [Web token generation]: Set to issue a Web token when IdP authentication has succeeded. The Web token is authorization information that allows the printer driver to access this machine.
  Select the encryption algorithm for generating the web token in [Encryption algorithm], and specify the entry string with the [Private key generation word].
  Specify [Expiration Date] for the period during which the printer driver can hold the Web token. If you select [Specify days], you can specify in days (default: [30] days). If you select [Specify minutes], you can specify in minutes (default: [43200] min.).

[IC card validity]

Configure settings to authenticate the user who logs in to this machine using IdP authentication by IC card.

• [Expiration Date]: Specify the expiration date of the IC card authentication credentials saved in this machine (default: [90] days).

[No.]

Specify the account's registration number.

Select [Use opening number] to automatically assign the smallest available number. When you want to specify a number, select [Input directly] and then enter a number.

[Account Name]

Enter the account name (using up to 8 single-byte characters).

[Password]

Enter the password to log in to this machine (using up to 64 single-byte characters).

[Temporarily stop use]

When temporarily disabling the registered accounts, set this option to ON (default: OFF).

Select [All Accounts] to apply the same setting to all accounts.

[Function Permission]

Restrict functions available to registered accounts. Select [All Accounts] to apply the same setting to all accounts.

Specify whether to restrict the following functions, respectively:

• [Copy] (default: [Full Color/Black])

• [Scan] (default: [Full Color/Black])

• [Fax] (default: [Full Color/Black])

• [Print] (default: [Full Color/Black])

• [TX Document Print] (default: [Full Color/Black])

[Custom Function Profile by Account]

Select whether to change the display pattern of function keys to be displayed in the Copy, Scan/Fax and User Box modes of classic style (default: OFF). If ON is selected, the display pattern can be changed (default: [Full]). If OFF is selected, the display pattern is set according to [Custom Function Pattern Selection].

This setting is displayed when [Custom Function Profile User/Account] is set to ON in [Utility] - [Administrator] - [System Settings] - [Custom Function Profile User/Account].

[Max. Allowance Set]

Set the maximum number of pages that the account can print (default: OFF). Select [All Accounts] to apply the same setting to all accounts.

• [Total Allowance]: Specify the total number of pages that can be printed.

• [Individual Allowance]: Specify the number of pages that can be printed separately for [Color] and [Black].

[Detail]

Shows the counter for the selected account. You can check the number of pages used for each function.

• [Eco Info]: Displays 2-sided printing, page combination, and other information related to the account, and check how effectively toner and paper are being saved.

• [Counter Clear]: Clears the account's counter.

[Reset All Counters]

Resets counters for all accounts.

[Print without Authentication]

Select whether to permit printing of a job without authentication information (default: [Restrict]).

• [Full Color/Black]: Allows both color and black and white printing. Print jobs are counted as public user jobs.

• [Black Only]: Allows black and white printing only. Color printing jobs are also printed in black and white. Print jobs are counted as public user jobs.

• [Restrict]: Printing is restricted. Canceling [Restrict] allows everybody to perform printing. Select [Restrict] to control user access and ensure security.

[IP Filtering (Permit Access)]

To restrict printable computers using the IP address when you select [Full Color/Black] or [Black Only] in [Print without Authentication], set this option to ON (default: OFF).

• [IP Address]: Enter the range of IP address of the printable computers.
  Example to enter [Range1] to [Range5]: "192.168.1.1 - 192.168.1.10"
  To allow access from a single IP address, you can only enter the address in one side of the range.

[Simple Authentication Server Name]

Enter the name of the authentication server (using up to 32 single-byte characters).

[External Authentication Server]

Select the external authentication server used to associate the quick authentication (default: [No Selection]).

When authentication succeeds, user authentication information is registered on the machine to manage users on the machine. This authentication information includes the user name and external authentication server name. The external authentication server name selected here is registered on the machine together with the user name.

[Server Address]

Enter the LDAP server address. Use one of the following formats.

• Example to enter the host name: "host.example.com"

• Example to enter the IP address (IPv4): "192.168.1.1"

• Example to enter the IP address (IPv6): "fe80::220:6bff:fe10:2f16"

[Port No.]

If necessary, change the LDAP server port number (default: [389]).

[Enable SSL]

When using SSL communications, set this option to ON (default: OFF).

• [Port No.(SSL)]: If necessary, change the port number for SSL communication (default: [636]).

[Timeout]

If necessary, change the time-out time to limit a communication with the LDAP server (default: [60] sec.).

[Certificate Verification Level Settings]

To validate the certificate during SSL communication, select items to be verified.

• [Expiration Date]: Confirm whether the certificate is within the validity period (default: ON).

• [CN]: Confirm whether CN (Common Name) of the certificate matches the server address (default: OFF).

• [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer (default: OFF).

• [Chain]: Confirm whether there is a problem in the certificate chain (certificate path) (default: OFF). The chain is validated by referencing the external certificates managed on this machine.

• [Expiration Date Confirmation]: Confirm whether the certificate has expired (default: OFF). The expiration date confirmation is performed in the order of OCSP (Online Certificate Status Protocol) service, and CRL (Certificate Revocation List).

[Search Base 1] to [Search Base 3]

Specify the starting point and range to search for a user to be authenticated.

• [Search Base]: Specify the starting point to search for a target (using up to 255 single-byte characters).
  Example of entry: "cn=users,dc=example,dc=com"

• [Search Range]: Select a tree search range (default: [Full Tree]).
  [Full Tree]: Makes a search, including the tree structure under the entered starting point.
  [Next hierarchy only]: Searches for only one level directly beneath the entered starting point. In this case, the level at the starting point is not included as a search target.

[Authentication Method]

Select the authentication method to log in to the LDAP server depending on your environment (default: [Simple]).

• [Login Name]: Enter the login name used for LDAP authentication (using up to 64 double-byte or single-byte characters).

• [Password]: Enter the password for LDAP authentication (using up to 64 single-byte characters).

• [Domain Name]: If [GSS-SPNEGO] is selected for [Authentication Method], enter the domain name of Active Directory (using up to 64 single-byte characters).

[Use Referral]

Select whether to use the referral function (default: ON).

[Search Attribute]

When performing LDAP search, enter the search attribute to be automatically added before the user name (using up to 64 single-byte characters). The attribute value must start with a single-byte alphabetical character (default: [uid]).

[Search Directory Service]

If you select [Active Directory], you can limit a search target for authentication to users (default: [Other]). However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory.

[2nd Server Setting]

When using the secondary server, set this option to ON (default: OFF).

[Round Robin function]

When using the round-robin function, set this option to ON (default: OFF).

If you select round-robin function, you can alternately connect the primary and secondary servers to distribute the server load.

[Reconnection Settings]

Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server (default: [Set Reconnect Interval]). When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.

• [Reconnect for every login]: Connects to the primary server each time authentication is carried out on this machine. If the primary server is shutting down, this machine is connected to the secondary server.

• [Set Reconnect Interval]: Connects to the secondary server when the primary server is shutting down at the time the machine is being authenticated. After this, this machine is connected to the secondary server when machine authentication is occurring until the time specified in [Reconnection Time] lapses. After the time specified in [Reconnection Time] has lapsed, this machine is reconnected to the primary server when machine authentication is occurring.

Secondary Server Information

Register the secondary server.

For details, refer to the registration contents of the primary server.

To extract the primary server setting and configure the secondary server setting, tap [Retrieve from 1st Server].

[LDAP-IC Card Authentication Server Name]

Enter the name of the authentication server (using up to 32 single-byte characters).

[External Authentication Server]

Select the external authentication server used to associate the LDAP-IC card authentication (default: [No Selection]).

When authentication succeeds, user authentication information is registered on the machine to manage users on the machine. This authentication information includes the user name and external authentication server name. The external authentication server name selected here is registered on the machine together with the user name.

[Card Information Registration Settings]

When authentication is performed on the machine using an IC card not registered in the LDAP server, select whether to register the card information in the LDAP server (default: [OFF]).

• [Sequential Server Card Registration]: Specify the server to register card information in. If you select [Primary Server for Card Reg.], card information is registered in the server with authentication succeeded among the primary and secondary servers.

• [User Name Attribute]: Specify the attribute to be searched as the user name.

[Card Info. Character Type During Search]

Select the search string conversion method to search for the card ID via the LDAP server (default: [Uppercase Letters/ Lowercase Letters]).

When the target card attribute information on the server is unified into upper and lower case letters, in some cases, you can convert the character type of the search string and subsequently reduce the search speed.

• [Uppercase Letters/ Lowercase Letters]: Converts the card ID into upper or lower case letters to carry out a search.

• [Uppercase Letters]: Converts the card ID to uppercase letters to carry out a search.

• [Lowercase Letters]: Converts the card ID to lowercase letters to carry out a search.

[Server Address]

Enter the LDAP server address. Use one of the following formats.

• Example to enter the host name: "host.example.com"

• Example to enter the IP address (IPv4): "192.168.1.1"

• Example to enter the IP address (IPv6): "fe80::220:6bff:fe10:2f16"

[Port No.]

If necessary, change the LDAP server port number (default: [389]).

[Enable SSL]

When using SSL communications, set this option to ON (default: OFF).

• [Port No.(SSL)]: If necessary, change the port number for SSL communication (default: [636]).

[Certificate Verification Level Settings]

To validate the certificate during SSL communication, select items to be verified.

• [Expiration Date]: Confirm whether the certificate is within the validity period (default: ON).

• [CN]: Confirm whether CN (Common Name) of the certificate matches the server address (default: OFF).

• [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer (default: OFF).

• [Chain]: Confirm whether there is a problem in the certificate chain (certificate path) (default: OFF). The chain is validated by referencing the external certificates managed on this machine.

• [Expiration Date Confirmation]: Confirm whether the certificate has expired (default: OFF). The expiration date confirmation is performed in the order of OCSP (Online Certificate Status Protocol) service, and CRL (Certificate Revocation List).

[Search Base 1] to [Search Base 3]

Specify the starting point and range to search for a user to be authenticated.

• [Search Base]: Specify the starting point to search for a target (using up to 255 single-byte characters).
  Example of entry: "cn=users,dc=example,dc=com"

• [Search Range]: Select a tree search range (default: [Full Tree]).
  [Full Tree]: Makes a search, including the tree structure under the entered starting point.
  [Next hierarchy only]: Searches for only one level directly beneath the entered starting point. In this case, the level at the starting point is not included as a search target.

[Timeout]

If necessary, change the time-out time to limit a communication with the LDAP server (default: [60] sec.).

[Authentication Method]

Select the authentication method to log in to the LDAP server depending on your environment (default: [Simple]).

• [Login Name]: Enter the login name used for LDAP authentication (using up to 64 double-byte or single-byte characters). In this step, enter the user (name) that belongs to a specific administrator group on the LDAP server.

• [Password]: Enter the password for LDAP authentication (using up to 64 single-byte characters).

• [Domain Name]: If [GSS-SPNEGO] is selected for [Authentication Method], enter the domain name of Active Directory (using up to 64 single-byte characters).

[Use Referral]

Select whether to use the referral function (default: ON).

[Search Attribute]

Enter the name of the attribute of the IC card information registered in the LDAP server (using up to 64 single-byte characters). The attribute value must start with a single-byte alphabetical character (default: [uid]).

[User Name]

Select how to obtain the user name when logging in to this machine (default: [Use Card ID]). If [ON] is selected in [Card Information Registration Settings], [Acquiring] is selected, and any change cannot be made.

• [Use Card ID]: Select this option when only IC card information is registered on the server. Uses the card ID in the IC card as the user name.

• [Acquiring]: Select this option when user information other than IC card information is registered on the server. Uses the user name obtained from the server. Enter the attribute to be searched as the user name ("uid" etc.) in [User Name Attribute].

[Search Directory Service]

If you select [Active Directory], you can limit a search target for authentication to users (default: [Other]). However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory.

[2nd Server Setting]

When using the secondary server, set this option to ON (default: OFF).

[Round Robin function]

When using the round-robin function, set this option to ON (default: OFF).

If you select round-robin function, you can alternately connect the primary and secondary servers to distribute the server load.

[Reconnection Settings]

Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server (default: [Set Reconnect Interval]). When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.

• [Reconnect for every login]: Connects to the primary server each time authentication is carried out on this machine. If the primary server is shutting down, this machine is connected to the secondary server.

• [Set Reconnect Interval]: Connects to the secondary server when the primary server is shutting down at the time the machine is being authenticated. After this, this machine is connected to the secondary server when machine authentication is occurring until the time specified in [Reconnection Time] lapses. After the time specified in [Reconnection Time] has lapsed, this machine is reconnected to the primary server when machine authentication is occurring.

[Card Information Registration Settings]

When authentication is performed on the machine using an IC card not registered in the LDAP server, select whether to register the card information in the LDAP server.

• [Same as 1st Server]: Select [Enable] when using the same setting as for the primary server. When using a setting different from that of the primary server, select [Disable], then specify the attribute that is to be searched as the user name in [User Name Attribute].

Secondary Server Information

Register the secondary server.

For details, refer to the registration contents of the primary server.

To extract the primary server setting and configure the secondary server setting, tap [Retrieve from 1st Server].

[External Server Name]

Enter the name of the authentication server (using up to 32 single-byte characters).

[External Server Type]

Select the authentication server type.

[Active Directory]

Register server information when Active Directory is used as the authentication server.

• [Default Domain Name]: Enter the default domain name of your authentication server (using up to 64 single-byte characters).

• [Timeout]: Change the timeout interval for communication with Active Directory, if required (default: [60] sec.).

• [Azure AD URL]: If you want to allow the user authenticated by Active Directory to access Azure AD with single sign-on, set the Azure AD URL (default: [autologon.microsoftazuread-sso.com]). Normally, you can use the setting by default. To change the default, select the [Change URL] check box, and enter the URL.

[NTLM]

Register server information when NTLM is used as the authentication server.

• [Default Domain Name]: Enter the default domain name of your authentication server (using up to 64 single-byte characters).

[LDAP]

Register server information when LDAP is used as the authentication server.

• [Server Address]: Enter your LDAP server address.

• [Port No.]: If necessary, change the LDAP server port number (default: [389]).

• [Enable SSL]: When using SSL communications, set this option to ON (default: OFF).
  [Port No.(SSL)]: If necessary, change the port number for SSL communication (default: [636]).

• [Search Base 1] to [Search Base 3]: Specify the starting point and range to search a user to be authenticated.
  [Search Base]: Specify the starting point to search for a target (using up to 255 single-byte characters).
  Example of entry: "cn=users,dc=example,dc=com"
  [Search Range]: Select a tree search range (default: [Full Tree]).
  [Full Tree]: Makes a search, including the tree structure under the entered starting point.
  [Next hierarchy only]: Searches for only one level directly beneath the entered starting point. In this case, the level at the starting point is not included as a search target.

• [Timeout]: Change the timeout interval for communication with the LDAP server, if required (default: [60] sec.).

• [Authentication Method]: Select the authentication method to log in to the LDAP server depending on your environment (default: [Simple]).

• [Search Attribute]: Enter the search attribute used in user account search (using up to 64 single-byte characters). The attribute value must start with a single-byte alphabetical character (default: [uid]).

• [Search Attributes Authentication]: To automatically generate DN (Distinguished Name) required for authentication by the LDAP server on this machine when [Simple] is selected for [Authentication Method], set this option to ON (default: OFF). Also, enter authentication information used for logging in to the LDAP server in order to search for the user ID.

[Search Directory Service]

If you select [Active Directory], you can limit a search target for authentication to users (default: [Other]). However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory.

[2nd Server Setting]

When using the secondary server, set this option to ON (default: OFF).

[Round Robin function]

When using the round-robin function, set this option to ON (default: OFF).

If you select round-robin function, you can alternately connect the primary and secondary servers to distribute the server load.

[Reconnection Settings]

Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server (default: [Set Reconnect Interval]). When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.

• [Reconnect for every login]: Connects to the primary server each time authentication is carried out on this machine. If the primary server is shutting down, this machine is connected to the secondary server.

• [Set Reconnect Interval]: Connects to the secondary server when the primary server is shutting down at the time the machine is being authenticated. After this, this machine is connected to the secondary server when machine authentication is occurring until the time specified in [Reconnection Time] lapses. After the time specified in [Reconnection Time] has lapsed, this machine is reconnected to the primary server when machine authentication is occurring.

[External Server Type]

Select the type of the authentication server and set required information.

For details, refer to the registration contents of the primary server.

[Authentication Device Settings]

Set biometric authentication operations.

• [Beep Sound]: To output a "beep" when the finger vein pattern is scanned successfully, set this option to [ON] (default: [ON]).

• [Operation Settings]: Select how to log in to this machine (default: [1-to-many authentication]).
  [1-to-many authentication]: Simply place his or her finger to log in.
  [1-to-1 authentication]: Enter the user name and position his or her finger to log in.
  [1 to many authentication PIN code authentication]: Enter the PIN Code and place the user's finger to log in. This setting is displayed when VLAN is set.

[Logoff Settings]

When automatically logging out after scanning the original, set this option to ON (default: OFF).

[Set the maximum number of User Boxes]

When specifying the maximum number of User Boxes, set this option to ON (default: OFF).

• [Maximum Number of User Boxes]: Enter the maximum number of Public User Boxes that can be registered in this machine by the user (unit: User Box).

[Single Color / 2 Color Output Management]

Switch settings for single color or 2-color printing between options to handle it as either color or black-and-white printing (default: [Color]).

• [Color]: Manages single color and 2-color printing as color print.

• [Black]: Manages single color and 2-color printing as black print. Select this option to manage full-color printing alone as color print.

[Logout Confirmation Display Setting]

Specify whether to display the logout confirmation screen when you log out from the login mode (registered user or public user) (default: [ON]).

[Counter Remote Control]

When allowing the user to acquire counter information managed on this machine while the remote diagnosis system is used, set this option to ON (default: OFF).

[Self-Verification Setting in AD Authentication]

When verifying authentication information (ticket) obtained from Active Directory on this machine, set this option to ON (default: OFF).

[Host Name]

Enter the host name of this machine (using up to 253 single-byte characters).

[Domain Name]

Enter the domain name of Active Directory (using up to 64 single-byte characters).

[Account Name]

Enter the administrator's account name of the Active Directory domain (using up to 64 single-byte characters).

[Password]

Enter the administrator's password of the Active Directory domain (using up to 64 single-byte characters).

[Timeout]

Change the time-out time of domain joining processing if necessary (default: [30] sec.).