To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Authentication Method]
Configure the methods of user authentication and account track authentication and other settings for the authentication function of this machine.
Setting | Description |
---|---|
[User Authentication] | When enabling user authentication, select the user authentication method (default: [OFF]).
|
[Update Billing Information] | Select whether to overwrite existing billing information if the billing information that can be managed on this machine reached the upper limit when the enhanced server shut down (default: [Restrict]). |
[Default Authentication Method] | Select your preferred authentication method when [ON (MFP + External Server)] or [MFP Device + Enhanced Server Authentication] is selected in [User Authentication].
|
[Public User Access] | Select whether to allow use of an unregistered user (public user) (default: [Restrict]).
|
[Ticket Hold Time Setting (Active Directory)] | Change the retention time for a Kerberos authentication ticket if Active Directory is used as an authentication server (default: [5] min.). If [0] min. is specified, the Kerberos authentication ticket is discarded after authentication has been completed. |
[Account Track] | When enabling account track, set this option to ON (default: OFF). |
[Account Track Input Method] | When enabling account track, select the account track method (default: [Account Name & Password]).
|
[Synchronize User Authentication / Account Track] | When using user authentication and account track in conjunction, select whether to synchronize user authentication and account track (default: [Synchronize]).
|
[Number of Counters Assigned] | Counter management is carried out for each user or account track to install user authentication or account track. This machine provides 1000 counter areas to carry out counter management. In this option, specify the number of counter areas to be assigned to each user (default: [500]). If [User Authentication] is set to [MFP Device + Enhanced Server Authentication], a counter area can be assigned to temporarily save data when the enhanced server has shut down. Up to 1000 counter areas can be assigned for users, account tracks, and the enhanced server in total. |
[When Number of Jobs Reach Maximum] | Sets the maximum number of sheets that each user can print. Here, select an operation if the number of sheets exceeds the maximum number of sheets that can be printed (default: [Skip Job]).
To restart a suspended job, reset the counter. |
[Enable NFC] | Select whether to use NFC authentication.
|
[Enable Bluetooth LE] | Select whether to use Bluetooth LE authentication.
|
[External Server DN Cache] | Select whether to save DN (Distinguished Name) information on the machine to speed up the LDAP server authentication (default: [OFF]). If [ON] is selected, information related to the user’s DN is saved on the machine when authentication succeeds in the LDAP server. At the next authentication, a user search is performed using the saved information. This option is available when [ON (External Server)] or [ON (MFP + External Server)] is selected in [User Authentication]. |
[Extended User DB] | Select whether to extend the number of users to be authenticated on the machine using the advanced user database (default: [OFF]). Using the advanced user database, the number of users to be authenticated is increased to a maximum of 50000. This option is available when [ON (External Server)] or [ON (MFP + External Server)] is selected in [User Authentication]. |
[IdP Authentication] | When using the cloud authentication service (IdP) to perform user authentication, set this option to ON (default: OFF).
To use IdP authentication, you need to use MarketPlace and install the IWS application. For details, contact your service representative. |
[IC card usage] | Select the authentication method when authenticating with the IC card (default: [Other authentication than IdP]). To use IdP authentication, select [IdP authentication only]. If you select [Other authentication than IdP], the IC card is authenticated using this machine or the authentication server without using IdP authentication. If [IdP authentication only] is selected, [Temporarily Save Authentication Information] is set to ON in [User Auth/Account Track] - [User Authentication Setting] - [IdP user authentication settings], and [Overwrite User Info] to [Restrict]. |
[External Authentication server setting] | Set server authentication operations.
|
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [User Authentication Setting]
When employing user authentication, enter the user information. In addition, configure function permission for each user and confirm the usage status.
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [User Authentication Setting] - [User Registration]
Register the user information. In addition, configure function permission and the upper limit of the number of printable sheets for each user.
To register a new user, configure the following setting in [New Registration].
Setting | Description |
---|---|
[No.] | Specify the user's registration number. Select [Use opening number] to automatically assign the smallest available number. When you want to specify a number, select [Input directly] and then enter a number. |
[User Name] | Enter the user name (using up to 64 double-byte or single-byte characters). You cannot configure the same user name as an the one that has already been assigned to a registered user. Once a user name is registered, it cannot be changed. |
[E-mail Address] | Enter the user's E-mail address (using up to 320 single-byte characters, excluding spaces). |
[User Password] | Enter the password to log in to this machine (using up to 64 single-byte characters). |
[Synchronize Account Track] | Specify whether to synchronize user authentication and account track when both user authentication and account track are implemented. Select [All Users] to apply the same setting to all users. This setting is displayed when [Synchronize User Authentication / Account Track] is set to [Synchronize by User] in [Utility] - [Administrator] - [User Auth/Account Track] - [Authentication Method]. |
[Account Name] | When synchronizing user authentication and account track, select the account to which the user belongs. |
[Temporarily stop use] | When temporarily disabling the registered users, set this option to ON (default: OFF). Select [All Users] to apply the same setting to all users. |
[Function Permission] | Restrict functions available to users. Select [All Users] to apply the same setting to all users. Specify whether to restrict the following functions, respectively:
|
[Max. Allowance Set] | Set the maximum number of pages that the user can print.
|
[Register Auth. Info.] | When Authentication Unit is installed, register authentication information to suit your Authentication Unit. |
[Permission Setting] | Assigns administrator privileges to the user. Select [All Users] to apply the same setting to all users. Specify whether to assign each of the following privileges to the user.
|
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [User Authentication Setting] - [Default Function Permission]
Specify the default function permission applied to users when an external authentication server is used.
Functions available to users who log in to this machine for the first time are limited according to the settings configured here.
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [User Authentication Setting] - [Public User]
Restrict the functions public users can use.
Setting | Description |
---|---|
[Function Permission] | Restrict the functions public users can use. Specify whether to restrict the following functions, respectively:
|
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [User Authentication Setting] - [Administrative Setting]
Configure settings to log in with administrator privileges and display the user name list.
Setting | Description |
---|---|
[Login Allowed with Administrative Rights] | When allowing the user to log in with administrator privileges, set this option to ON (default: OFF). |
[User Name List] | Select whether to display the restoration icon of [User Name List] in the login screen (default: [OFF]). Selecting [ON] enables you to select the login user from the list of user names registered on this machine. |
[Default Browser Settings] | Configure settings related to the operation the next time you start the Web browser on this machine.
|
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [User Authentication Setting] - [User Counter]
Use this option to check the number of pages for each user and to reset the counter.
Setting | Description |
---|---|
[Detail] | Shows the counter for the selected user. You can check the number of pages used for each function.
|
[Reset All Counters] | Resets counters for all users. |
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [User Authentication Setting] - [IdP user authentication settings]
Set the authentication information when performing user authentication using the cloud authentication service (IdP).
Setting | Description |
---|---|
[Temporarily Save Authentication Information] | When saving authentication information of the user who logged in to this machine with IdP authentication, set this information option to ON (default: OFF). |
[Overwrite User Info] | When saving authentication information of the user who logged in to this machine with IdP authentication, select whether to allow overwriting when the number of saved authentication information items reaches 1000 (default: [Restrict]).
|
[Print from PC] | Configure settings for printing from a computer using IdP authentication.
|
[IC card validity] | Configure settings to authenticate the user who logs in to this machine using IdP authentication by IC card.
|
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [User Authentication Setting] - [IdP user authentication information]
Manage authentication information of the user who logged in to this machine with IdP authentication.
[Edit]: Deletes IC card information that is registered in the authentication information selected in the list.
[Delete all users]: Deletes all the authentication information of the IdP authentication users saved on this machine.
[Delete]: Deletes the authentication information selected in the list.
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Account Track Settings]
When employing account track, register the account information. In addition, configure function permission for each account and confirm the usage status.
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Account Track Settings] - [Account Track Registration]
Register account information. In addition, configure function permission and the maximum allowance on the number of pages printed for each account.
To register a new one, configure the following setting in [New Registration].
Setting | Description |
---|---|
[No.] | Specify the account's registration number. Select [Use opening number] to automatically assign the smallest available number. When you want to specify a number, select [Input directly] and then enter a number. |
[Account Name] | Enter the account name (using up to 8 single-byte characters). |
[Password] | Enter the password to log in to this machine (using up to 64 single-byte characters). |
[Temporarily stop use] | When temporarily disabling the registered accounts, set this option to ON (default: OFF). Select [All Accounts] to apply the same setting to all accounts. |
[Function Permission] | Restrict functions available to registered accounts. Select [All Accounts] to apply the same setting to all accounts. Specify whether to restrict the following functions, respectively:
|
[Max. Allowance Set] | Set the maximum number of pages that the account can print (default: OFF). Select [All Accounts] to apply the same setting to all accounts.
|
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Account Track Settings] - [Account Track Counter]
Check the number of pages used for each account and reset the counter.
Setting | Description |
---|---|
[Detail] | Shows the counter for the selected account. You can check the number of pages used for each function.
|
[Reset All Counters] | Resets counters for all accounts. |
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Prohibited Function Login Setting]
When displaying the login screen when selecting a function restricted for public users, set this option to ON (default: OFF).
For example, if a public user attempts to perform operations for using a Web browser when a use of the Web browser is restricted, the login screen is displayed. In this case, the user can log in to this machine as another user for whom Web browser operations are allowed, and use the Web browser.
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Print without Authentication]
Select whether to permit printing of a job without authentication information when User Auth/Account Track is enabled.
To print data without adding authentication information using the printer driver, for example, when you want to directly send jobs from the mission-critical system such as ERP (Enterprise Resource Planning) to the machine and make prints, permit printing of a job without authentication information.
Setting | Description |
---|---|
[Print without Authentication] | Select whether to permit printing of a job without authentication information (default: [Restrict]).
|
[IP Filtering (Permit Access)] | To restrict printable computers using the IP address when you select [Full Color/Black] or [Black Only] in [Print without Authentication], set this option to ON (default: OFF).
|
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Simple Authentication setting]
When user authentication is enabled, configure settings to use the quick authentication function.
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Simple Authentication setting] - [Simple Authentication setting]
When allowing the quick authentication, set this option to ON (default: OFF).
If quick authentication is allowed, printing can be performed with authentication of only the user name (without a password) when the printer driver is used for printing.
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Simple Authentication setting] - [Register Simple Authentication Server]
When employing external server authentication, register the authentication server for quick authentication.
If you group two servers, you can switch to another server to perform authentication when a server shuts down.
Configure the following settings on the primary server registration screen.
Setting | Description |
---|---|
[Simple Authentication Server Name] | Enter the name of the authentication server (using up to 32 single-byte characters). |
[External Authentication Server] | Select the external authentication server used to associate the quick authentication (default: [No Selection]). When authentication succeeds, user authentication information is registered on the machine to manage users on the machine. This authentication information includes the user name and external authentication server name. The external authentication server name selected here is registered on the machine together with the user name. |
[Server Address] | Enter the LDAP server address. Use one of the following formats.
|
[Port No.] | If necessary, change the LDAP server port number (default: [389]). |
[Enable SSL] | When using SSL communications, set this option to ON (default: OFF).
|
[Timeout] | If necessary, change the time-out time to limit a communication with the LDAP server (default: [60] sec.). |
[Certificate Verification Level Settings] | To validate the certificate during SSL communication, select items to be verified.
|
[Search Base 1] to [Search Base 3] | Specify the starting point and range to search for a user to be authenticated.
|
[Authentication Method] | Select the authentication method to log in to the LDAP server depending on your environment (default: [Simple]).
|
[Use Referral] | Select whether to use the referral function (default: ON). |
[Search Attribute] | When performing LDAP search, enter the search attribute to be automatically added before the user name (using up to 64 single-byte characters). The attribute value must start with a single-byte alphabetical character (default: [uid]). |
[Search Directory Service] | If you select [Active Directory], you can limit a search target for authentication to users (default: [Other]). However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory. |
Configure the following settings on the secondary server registration screen.
Setting | Description |
---|---|
[2nd Server Setting] | When using the secondary server, set this option to ON (default: OFF). |
[Round Robin function] | When using the round-robin function, set this option to ON (default: OFF). If you select round-robin function, you can alternately connect the primary and secondary servers to distribute the server load. |
[Reconnection Settings] | Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server (default: [Set Reconnect Interval]). When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.
|
Secondary Server Information | Register the secondary server. For details, refer to the registration contents of the primary server. To extract the primary server setting and configure the secondary server setting, tap [Retrieve from 1st Server]. |
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [LDAP-IC Card Authentication Setting]
Configure settings for authentication by the LDAP server using the card ID registered on authentication cards in an environment with IC card-based user authentication implemented.
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [LDAP-IC Card Authentication Setting] - [LDAP-IC Card Authentication Setting]
When performing authentication via the LDAP server using the card ID registered on authentication card, set this option to ON (default: OFF).
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [LDAP-IC Card Authentication Setting] - [Server Registration]
Register the authentication server to be used for card authentication.
Configure the following settings on the primary server registration screen.
Setting | Description |
---|---|
[LDAP-IC Card Authentication Server Name] | Enter the name of the authentication server (using up to 32 single-byte characters). |
[External Authentication Server] | Select the external authentication server used to associate the LDAP-IC card authentication (default: [No Selection]). When authentication succeeds, user authentication information is registered on the machine to manage users on the machine. This authentication information includes the user name and external authentication server name. The external authentication server name selected here is registered on the machine together with the user name. |
[Card Information Registration Settings] | When authentication is performed on the machine using an IC card not registered in the LDAP server, select whether to register the card information in the LDAP server (default: [OFF]).
|
[Card Info. Character Type During Search] | Select the search string conversion method to search for the card ID via the LDAP server (default: [Uppercase Letters/ Lowercase Letters]). When the target card attribute information on the server is unified into upper and lower case letters, in some cases, you can convert the character type of the search string and subsequently reduce the search speed.
|
[Server Address] | Enter the LDAP server address. Use one of the following formats.
|
[Port No.] | If necessary, change the LDAP server port number (default: [389]). |
[Enable SSL] | When using SSL communications, set this option to ON (default: OFF).
|
[Certificate Verification Level Settings] | To validate the certificate during SSL communication, select items to be verified.
|
[Search Base 1] to [Search Base 3] | Specify the starting point and range to search for a user to be authenticated.
|
[Timeout] | If necessary, change the time-out time to limit a communication with the LDAP server (default: [60] sec.). |
[Authentication Method] | Select the authentication method to log in to the LDAP server depending on your environment (default: [Simple]).
|
[Use Referral] | Select whether to use the referral function (default: ON). |
[Search Attribute] | Enter the name of the attribute of the IC card information registered in the LDAP server (using up to 64 single-byte characters). The attribute value must start with a single-byte alphabetical character (default: [uid]). |
[User Name] | Select how to obtain the user name when logging in to this machine (default: [Use Card ID]). If [ON] is selected in [Card Information Registration Settings], [Acquiring] is selected, and any change cannot be made.
|
[Search Directory Service] | If you select [Active Directory], you can limit a search target for authentication to users (default: [Other]). However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory. |
Configure the following settings on the secondary server registration screen.
Setting | Description |
---|---|
[2nd Server Setting] | When using the secondary server, set this option to ON (default: OFF). |
[Round Robin function] | When using the round-robin function, set this option to ON (default: OFF). If you select round-robin function, you can alternately connect the primary and secondary servers to distribute the server load. |
[Reconnection Settings] | Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server (default: [Set Reconnect Interval]). When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.
|
[Card Information Registration Settings] | When authentication is performed on the machine using an IC card not registered in the LDAP server, select whether to register the card information in the LDAP server.
|
Secondary Server Information | Register the secondary server. For details, refer to the registration contents of the primary server. To extract the primary server setting and configure the secondary server setting, tap [Retrieve from 1st Server]. |
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Print Counter List]
A print counter list is printed. You can print a list if user authentication or account track has been adopted.
In [Print Item], specify whether to print all information or only to print typed information. In [Counter Details], select whether to print detailed counter information.
Change print settings as necessary, and select [Start] to start printing.
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [External Server Settings]
When employing external server authentication, register the authentication server.
If you group two servers, you can switch to another server to perform authentication when a server shuts down.
Configure the following settings on the primary server registration screen.
Setting | Description |
---|---|
[External Server Name] | Enter the name of the authentication server (using up to 32 single-byte characters). |
[External Server Type] | Select the authentication server type. |
[Active Directory] | Register server information when Active Directory is used as the authentication server.
|
[NTLM] | Register server information when NTLM is used as the authentication server.
|
[LDAP] | Register server information when LDAP is used as the authentication server.
|
[Search Directory Service] | If you select [Active Directory], you can limit a search target for authentication to users (default: [Other]). However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory. |
Configure the following settings on the secondary server registration screen.
Setting | Description |
---|---|
[2nd Server Setting] | When using the secondary server, set this option to ON (default: OFF). |
[Round Robin function] | When using the round-robin function, set this option to ON (default: OFF). If you select round-robin function, you can alternately connect the primary and secondary servers to distribute the server load. |
[Reconnection Settings] | Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server (default: [Set Reconnect Interval]). When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.
|
[External Server Type] | Select the type of the authentication server and set required information. For details, refer to the registration contents of the primary server. |
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Authentication Device Settings]
When enabling user authentication using the optional Authentication Unit, configure authentication operation settings.
Setting | Description |
---|---|
[Authentication Device Settings] | Set biometric authentication operations.
|
[Logoff Settings] | When automatically logging out after scanning the original, set this option to ON (default: OFF). |
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [User/Account Common Setting]
Configure common settings in user authentication/account track to display the confirmation screen when logging out.
Setting | Description |
---|---|
[Single Color / 2 Color Output Management] | Switch settings for single color or 2-color printing between options to handle it as either color or black-and-white printing (default: [Color]).
|
[Logout Confirmation Display Setting] | Specify whether to display the logout confirmation screen when you log out from the login mode (registered user or public user) (default: [ON]). |
[Counter Remote Control] | When allowing the user to acquire counter information managed on this machine while the remote diagnosis system is used, set this option to ON (default: OFF). |
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Authentication Card ID Number]
When notifying the card ID to collect counter information, set this option to ON (default: OFF).
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Max. Allowance Setting when Enhanced Server down]
When managing the maximum allowance for the number of printed sheets on this machine when the enhanced server has shut down, set this option to ON (default: ON).
To manage the maximum allowance, specify the maximum value for [Print(Total)], [Print(Color)], [Print(Black)], and [Billing Allowance].
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Authentication Server Connection status]
Display the status of the connection with the server used for external server authentication, quick authentication, and LDAP-IC card authentication.
[Connection Allowed]: Enables a connection of both the primary server and the secondary server. When the secondary server is not registered, it means that the machine can be connected to the primary server.
[Connection Allowed (1st Server)]: Means that the machine can be connected to the primary server.
[Connection Allowed (2nd Server)]: Means that the machine can be connected to the secondary server.
[Connection Not Allowed]: Disables a connection of both the primary server and the secondary server. When the secondary server is not registered, it means that the machine cannot be connected to the primary server.
If the primary server is not registered, this option is blank.
To display: [Utility] - [Administrator] - [User Auth/Account Track] - [Self-Verification Setting in AD Auth.]
Specify whether to verify authentication information (ticket) obtained from Active Directory on this machine when logging in to this machine while Active Directory is used as the authentication server.
Setting | Description |
---|---|
[Self-Verification Setting in AD Authentication] | When verifying authentication information (ticket) obtained from Active Directory on this machine, set this option to ON (default: OFF). |
[Host Name] | Enter the host name of this machine (using up to 253 single-byte characters). |
[Domain Name] | Enter the domain name of Active Directory (using up to 64 single-byte characters). |
[Account Name] | Enter the administrator's account name of the Active Directory domain (using up to 64 single-byte characters). |
[Password] | Enter the administrator's password of the Active Directory domain (using up to 64 single-byte characters). |
[Timeout] | Change the time-out time of domain joining processing if necessary (default: [30] sec.). |