Active Directory Authentication Setting
Setting flow
When you use Active Directory of Windows Server for user management, you can restrict users of this machine by authentication using Active Directory.
Employing the user authentication enables security- and cost-conscious advanced operations such as restricting users from accessing this machine, restricting users from using the functions by user, and managing the usage status of this machine.
When employing the Active Directory authentication, follow the below procedure to configure the settings.
4
Configuring settings to suit your environment
Configure basic settings for the Active Directory authentication
Register your authentication server on this machine. In addition, change the authentication method of this machine so that authentication is performed using the registered authentication server.
1
Select [User Auth/Account Track] - [External Server Settings] - [External Server Settings] - [Edit] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine).
2
Click [Edit] of [1st Server], and register the primary server.
For details on settings, refer to the [External Server Registration (1st Server)] settings (described after this procedure).
3
Click [Edit] of [2nd Server] as needed, and register the secondary server.
For details on settings, refer to the [External Server Registration (2nd Server)] settings (described after this procedure).
4
Select [User Auth/Account Track] - [Authentication Method] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and set the authentication method.
For details on settings, refer to the [Authentication Method] settings (described after this procedure).
Settings of [External Server Registration (1st Server)]
Setting | Description |
|---|---|
[External Server Name] | Enter the name of the authentication server (using up to 32 single-byte characters). |
[External Server Type] | Select [Active Directory]. |
[Active Directory] | Register server information when Active Directory is used as the authentication server.
|
Settings of [External Server Registration (2nd Server)]
Setting | Description |
|---|---|
[2nd Server Setting] | When using the secondary server, set this option to ON (default: OFF). |
[Round Robin function] | When using the round-robin function, set this option to ON (default: OFF). If you select round-robin function, you can alternately connect the primary and secondary servers to distribute the server load. |
[Reconnection Settings] | Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server (default: [Reconnect for every login]). When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.
|
[External Server Type] | Select the type of the authentication server and set required information. For details, refer to the registration contents of the primary server. |
Settings of [Authentication Method]
Setting | Description |
|---|---|
[User Authentication] | When performing authentication using an external authentication server, select [ON (External Server)] or [ON (MFP + External Server)]. If you want to configure setting so that you can log in to this machine using its authentication function in consideration of an occurrence of some sort of problem on the external authentication server, select [ON (MFP + External Server)]. |
[Default Authentication Method] | If [User Authentication] is set to [ON (MFP + External Server)], select the preferential authentication method (default: [ON (External Server)]). |
[Ticket Hold Time Setting (Active Directory)] | Change the retention time for a Kerberos authentication ticket if Active Directory is used as an authentication server (default: [5] min.). |
[When Number of Jobs Reach Maximum] | Sets the maximum number of sheets that each user can print. Here, select an operation if the number of sheets exceeds the maximum number of sheets that can be printed (default: [Skip Job]).
|
[External Authentication server setting] | Set server authentication operations.
|
Tips
- To check the status of the connection of the primary authentication server and the secondary authentication server, select [User Auth/Account Track] - [Authentication Server Connection status] - [External Server Authentication]. If [Connection Allowed] is displayed, you can connect to both the primary and secondary authentication servers.
Using the single sign-on
When user authentication by Active Directory is enabled, single sign-on can be set on this machine.
1
Select [Network] - [Single Sign-On Setting] - [Domain Login Setting] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and set the domain.
For details, refer to [Domain Login Setting].
2
After entering required information in step 1, click [OK].
The domain joining processing is executed.
3
Select [Network] - [Single Sign-On Setting] - [Auto Log Out Time] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and configure the settings to hold authentication information.
For details, refer to [Auto Log Out Time].
Tips
- You can select [Network] - [Single Sign-On Setting] - [Applications and Settings] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine) to view the list of services of this machine that joins the Active Directory domain.
Reinforcing authentication processing when using Active Directory
Specify whether to verify authentication information (ticket) obtained from Active Directory on this machine when logging in to this machine while Active Directory is used as the authentication server.
1
Select [User Auth/Account Track] - [Self-Verification Setting in AD Authentication] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and configure the settings to verify authentication information.
For details on settings, refer to the [Self-Verification Setting in AD Authentication] settings (described after this procedure).
2
Click [OK].
The domain joining processing is executed.
Settings of [Self-Verification Setting in AD Authentication]
Setting | Description |
|---|---|
[Self-Verification Setting in AD Authentication] | When verifying authentication information (ticket) obtained from Active Directory on this machine, set this option to ON (default: OFF). |
[Host Name] | Enter the host name of this machine (using up to 253 single-byte characters). |
[Domain Name] | Enter the domain name of Active Directory (using up to 64 single-byte characters). |
[Account Name] | Enter the administrator's account name of the Active Directory domain (using up to 64 single-byte characters). |
[Password] | Enter the administrator's password of the Active Directory domain (using up to 64 single-byte characters). |
[Timeout] | Change the time-out time of domain joining processing if necessary (default: [30] sec.). |
Tips
- If you change [Host Name] or [Domain Name] and click [OK] while Active Directory's single sign-on is enabled on this machine, [Network] - [Single Sign-On Setting] - [Domain Login Setting] - [Permission Setting] is changed to OFF.
Changing the Azure AD URL used for seamless single sign-on
Set the Azure AD URL so that users authenticated by Active Directory can access Azure AD with single sign-on in an environment where Active Directory and Azure AD are combined.
Normally, you can use the setting by default (default: [autologon.microsoftazuread-sso.com]). If you want to change the Azure AD URL, follow the steps below.
1
Select [User Auth/Account Track] - [External Server Settings] - [External Server Settings] - [Edit] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine).
2
Click [Edit] of [1st Server] to display the primary server's registration information.
3
Select the [Change URL] check box of [Azure AD URL], and enter the Azure AD URL.
in the upper-right of a page, it turns into 
and is registered as a bookmark.