HomeSearch by PurposeConfiguring User Authentication and Account Track

Search by Purpose

Configuring User Authentication and Account Track

Settings Anyone can Change

To change the password of the login user ([Change Password])

To display:
  • [Utility]
    • [User Settings]
      • [Change Password]

Change the password of the user who is logged in through user authentication.

To change the E-mail address of the login user ([Change E-Mail Address])

To display:
  • [Utility]
    • [User Settings]
      • [Change E-Mail Address]

Change the E-mail address of the user who is logged in through user authentication.

  • You can specify this option when you are allowed by the administrator to change the setting. When allowing a user to change this setting, change the setting value of [Administrator Security Levels] (default: [Prohibit]). For details, refer to Here.

To register finger vein or IC card information of the login user ([Register Authentication Information])

To display:
  • [Utility]
    • [User Settings]
      • [Register Authentication Information]

Register or delete the biometric authentication information, IC Card or NFC authentication information of the user who is logged in through user authentication.

Tap [Edit], then register authentication information. To delete authentication information, tap [Delete].

This option is available when the machine is equipped with the Authentication Unit and the following setting is permitted by the administrator.

  • [Administrator Settings] - [System Settings] - [Restrict User Access] - [Restrict Access to Job Settings] - [Biometric/IC Card Info. Registration]

  • [Administrator Settings] - [User Authentication/Account Track] - [User Authentication Settings] - [User Registration] - [Edit] - [Function Permission/Authority] - [Function Permission] - [Biometric/IC Card Info. Registration]

In order that the login user changes whether to synchronize the user authentication and account track ([Synchronize User Auth. and Account Track])

To display:
  • [Utility]
    • [User Settings]
      • [Synchronize User Auth. and Account Track]

When user authentication and account track are both employed, specify whether to synchronize user authentication and account track setting for the login user.

Settings

Description

[Synchronize]/[Do Not Synchronize]

Select whether to synchronize user authentication and account track setting.

If you select [Synchronize] and login by using the user name and password that are used for user authentication, you are also allowed to login to the account to which you belong.

[Account Name]

When you have selected [Synchronize], select the account to which you belong.

  • You can specify this option when you are allowed by the administrator to select whether to synchronize user authentication and account track setting.

To change the destination access rights of the login user ([Limiting Access to Destinations])

To display:
  • [Utility]
    • [One-Touch/User Box Registration]
      • [Limiting Access to Destinations]

Limit the access to destinations for each user.

Settings

Description

[Apply Levels/Groups to Destinations]

To limit access to a destination by users, assign a reference allowed level or reference allowed group to the destination.

After selecting a destination from [Address Book], [Group] or [Program], tap [Apply Level] or [Apply Group], then assign a reference allowed level or reference allowed group to the destination.

  • You can specify [Apply Levels/Groups to Destinations] within the reference allowed level for the respective users. For details, contact your administrator.

  • To specify a reference allowed group, the administrator must register the group in advance. For details, contact your administrator.

  • How to configure the setting for limiting the access to destinations for each user is explained using Web Connection. For details, refer to Here.

Settings only the Administrators can Change

To configure the general settings for user authentication ([User Authentication])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [User Authentication]

Configure the general settings for user authentication.

Settings

Description

[Authenticate]/[OFF]

Specify whether to implement user authentication.

[OFF] is specified by default.

[Authentication Method]

Select a user authentication method.

[ON (MFP)]

The authentication function of this machine is used for user authentication. This authentication method only allows users registered on this machine to use it.

[ON (MFP)] is specified by default.

[External Server Authentication]

Interacts with the authentication server used for user authentication in the operating environment. This authentication method only allows users registered on the authentication server to use this machine.

Register the authentication server beforehand from [Administrator Settings] - [User Authentication/Account Track] - [External Server Settings].

[Main + External Server]

Select this option to enable login using the authentication function of the MFP in case a trouble occurs on the external authentication server.

[Enhanced Server Authentication]

Interacts with the enhanced server such as Authentication Manager. This authentication method only allows users registered on the enhanced server to use this machine.

[Main + Enhanced Server]

Select this option to enable login using the authentication function of the MFP in case a trouble occurs on the enhanced server such as Authentication Manager.

[Default Authentication Method]

Select your preferred authentication method if [Main + External Server] or [Main + Enhanced Server] is selected with [Authentication Method].

  • If [Authentication Method] is set to [Main + External Server], [External Server Authentication] is specified by default.

  • If [Authentication Method] is set to [Main + Enhanced Server], [Enhanced Server Authentication] is specified by default.

[Overwrite User Info]

Configure this option if [External Server Authentication] or [Main + External Server] is selected with [Authentication Method].

When the external server authentication is used, authenticated user information is also managed on this machine.

If the number of users who have executed the external server authentication reaches the maximum number of users this machine can manage, authentication of any new users will not be permitted. Select whether to allow the user to overwrite registered user information for that case.

If you select [Allow], the oldest authenticated user information is erased and the new user is registered.

If [Enhanced Server Authentication] or [Main + Enhanced Server] is selected with [Authentication Method], [Allow] is specified forcibly.

[Restrict] is specified by default.

[Temporarily Save Authentication Info.]

Select whether to temporarily save authentication information in the main unit against a case where an external authentication server shuts down. [OFF] is specified by default.

To temporarily save authentication information, specify the timing to reconnect to the authentication server and the validity period of the data to be saved temporarily.

  • [Reconnection Settings]: Specify the timing to reconnect to the authentication server. Selecting [Reconnect for every login] connects to the authentication server at the time authentication is carried out on this machine. If the authentication server is in the shutdown state at the time authentication is carried out on this machine, first confirm that the authentication server is down, and use the temporarily saved authentication information to log in to this machine. Selecting [Set Reconnect Interval] connects to the authentication server at the time specified in [Reconnection Time], and check the status of the authentication server. If the authentication server is in the shutdown state, use the authentication information temporarily saved in the main unit to log in. [Set Reconnect Interval] is specified by default.

  • [Expiration Date Settings]: Select whether to set the validity period to the temporarily saved authentication information. To set the validity period, enter the desired value. [Disable] is specified by default.

To permit use by unregistered users when installing user authentication ([Public User Access])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Public User Access]

Specify whether to permit users other than the registered in an environment where user authentication is employed. Any user who is going to use this machine without performing authentication operation is called a "public user".

When permitting public users to use this machine, select the login method. [Restrict] is specified by default.

Settings

Description

[Restrict]

Usage of this machine by public users is prohibited.

[ON (With Login)]

Permits that public users use this machine. When a public user uses this machine, tap [Public User Access] on the Login screen to log in to this machine.

[ON (Without Login)]

Permits that public users use this machine. A public user can use this machine without logging in to this machine.

Using this option eliminates the login operations, providing advantages in an environment with a large number of public users.

To display the login screen when using a function restricted for public users ([Prohibited Function Login Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Prohibited Function Login Setting]

Specify whether to request switching of the user by displaying the login screen when a public user attempts to use any restricted function.

For example, if color scan is restricted for public users, the Login screen appears when a public user attempts a color scan operation. In this case, the user can log in to this machine as another user for whom color scan is allowed, and use the color scan function.

[Do Not Request] (not request) is specified by default.

To configure whether to install account track ([Account Track])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Account Track]

Specify whether account tracking should be implemented to manage users by account.

[OFF] is specified by default.

To configure the general settings for account track ([Account Track Input Method])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Account Track Input Method]

When you have selected [ON] for [Account Track], select the account tracking method. [Account Name & Password] is specified by default.

Settings

Description

[Account Name & Password]

Enter the account name and password to log in. When cusing user authentication and account track in combination, the setting cannot be changed from [Account Name & Password].

[Password Only]

Enter only the password to log in.

To synchronize user authentication and account track when installing them ([Synchronize User Authentication & Account Track])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Synchronize User Authentication & Account Track]

When using user authentication and account track in conjunction, specify whether to synchronize user authentication and account track. [Synchronize] is specified by default.

Settings

Description

[Synchronize]

Select this option when users and accounts are in a one-on-one relation. When registering a user, just specify the department of a user, and login as the user also results in login as the associated account.

[Do Not Synchronize]

Select this option for users who join more than one account. To log in to this machine, users need to specify an account after entering the user name.

[Synchronize by User]

Have users select whether or not to synchronize user authentication and account track.

To specify whether to allow other users to print data when printing stopped because the number of print sheets exceeded the maximum number specified for the user ([When # of Jobs Reach Maximum])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [When # of Jobs Reach Maximum]

Sets the maximum number of sheets that each user can print. Here, select an operation if the number of sheets exceeds the maximum number of sheets that can be printed. [Skip Job] is specified by default.

Settings

Description

[Skip Job]

Stops the running job, and then starts the next job.

[Stop Job]

Stops all jobs.

[Delete Job]

Deletes the active job.

  • To restart a suspended job, reset the counter.

To specify the maximum number of users when installing user authentication and account track ([Number of Counters Assigned])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Number of Counters Assigned]

Counter management is carried out for each user or account track to install user authentication or account track. This machine provides 1,000 counter areas to carry out counter management. In this option, specify the number of counter areas to be assigned to each user.

[500] is specified by default.

  • If [Authentication Method] is set to [Main + External Server], a counter area can be assigned to temporarily save data when the enhanced server has shut down. Up to 1,000 counter areas can be assigned for users, account tracks, and the enhanced server in total.

To change the time to hold the Kerberos authentication ticket at Active Directory authentication ([Ticket Hold Time Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Ticket Hold Time Setting]

Change the retention time for a Kerberos authentication ticket if Active Directory is used as an authentication server.

If [0] min. is specified, the Kerberos authentication ticket is discarded after authentication has been completed.

[5] min. is specified by default.

To verify the authentication ticket obtained from Active Directory on this machine when performing Active Directory authentication to log in to this machine ([Self-Verification Setting in AD Authentication])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Self-Verification Setting in AD Authentication]

Specify whether to verify authentication information (ticket) obtained from Active Directory on this machine when logging in to this machine while Active Directory is used as the authentication server.

Settings

Description

[ON]/[OFF]

Select whether to verify authentication information (ticket) obtained from Active Directory on this machine when logging in to this machine while Active Directory is used as the authentication server.

[OFF] is specified by default.

[Host Name]

Enter the host name of this machine (using up to 253 characters).

[Domain Name]

Enter the domain name of Active Directory (using up to 64 characters).

[Account Name]

Enter the administrator's account name of the Active Directory domain (using up to 64 characters).

[Password]

Enter the administrator's password of the Active Directory domain (using up to 64 characters).

[Timeout]

Change the time-out time of domain joining processing if necessary.

[30] sec. is specified by default.

  • If you change [Host Name] or [Domain Name] while Active Directory's single sign-on is enabled on this machine, [Utility] - [Administrator Settings] - [Network Settings] - [Single Sign-On Setting] - [Domain Login Setting] is changed to [OFF].

To check the connection status with the primary authentication server or secondary authentication server ([Primary/Secondary Server Connection Status])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Primary/Secondary Server Connection Status]

Displays the status of the connection with the primary and secondary authentication servers used for external server authentication, quick authentication, and LDAP-IC card authentication.

  • [Connection Allowed]: Enables you to connect to both the primary and secondary authentication servers.

  • [Connection Allow (Primary external server down)]: Enables you to connect to the secondary authentication server. You cannot connect to the primary authentication server.

  • [Connection Not Allowed]: Prevents you from connecting to both the primary and secondary authentication servers.

To specify whether NFC authentication is to be deployed ([Enable NFC])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Enable NFC]

Select whether to use NFC authentication.

Settings

Description

[ON]/[OFF]

Select whether to use NFC in order to establish a pairing with an Android terminal.

This setting is synchronized with [Utility] - [Administrator Settings] - [System Connection] - [Mobile Connection Settings] - [Simple Connection Setting] - [Enable NFC].

[OFF] is specified by default.

[NFC Authentication Setting]

Select whether to use NFC authentication.

[OFF] is specified by default.

To specify whether Bluetooth LE authentication is to be deployed ([Enable Bluetooth LE])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Enable Bluetooth LE]

Select whether to use Bluetooth LE authentication.

Settings

Description

[ON]/[OFF]

Select whether to use Bluetooth LE in order to establish a pairing with an iOS terminal.

This setting is synchronized with [Utility] - [Administrator Settings] - [System Connection] - [Mobile Connection Settings] - [Simple Connection Setting] - [Enable Bluetooth LE].

[OFF] is specified by default.

[Bluetooth LE Authentication Setting]

Select whether to use Bluetooth LE authentication.

[OFF] is specified by default.

  • The optional Local Interface Kit (voice guidance / Bluetooth LE compatible) is required to use this function. This setting must be configured in advance by your service representative. For details, contact your service representative.

To perform IC card authentication via the LDAP server ([LDAP-IC Card Authentication Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [LDAP-IC Card Authentication Setting]

Configure settings for authentication by the LDAP server using the card ID registered on authentication cards in an environment with IC card-based user authentication implemented by connecting an Authentication Unit (IC card type).

You can set this option by selecting [External Server Authentication] or [Main + External Server] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [User Authentication] - [Authentication Method].

Settings

Description

[ON]/[OFF]

Specify whether to enable authentication by the LDAP server using the card ID registered on authentication cards.

[OFF] is specified by default.

[Setting Up LDAP]

Register the LDAP server to be used for authenticating the user ID of the IC card.

For details on settings, refer to the settings of [Setting Up LDAP] shown below.

[LDAP Server Connection Settings]

Select the name of the external server to be used as authentication information saved on this machine.

The authentication information is saved on this machine when the LDAP-IC card authentication is successfully completed. This authentication information includes the user name and the external server name. As authentication information to be saved on this machine, the name of external server registered on this machine can be registered.

[Secondary Auth. server setting]

Configure settings to connect to the secondary authentication server when you cannot connect to the primary authentication server while the LDAP server authentication is installed.

For details on settings, refer to the settings of [Secondary Auth. server setting] shown below.

[Card Information Registration Settings]

When authentication is performed on the machine using an IC card not registered in the LDAP server, select whether to register the IC card in the LDAP server.

If [ON] is selected, enter the attribute such as "uid" to be searched as the user name in [User Name Attribute]. In this case, [User Name Acquisition] of [Setting Up LDAP] is set to [Acquiring]. Also, the same attribute as that specified here is set to [User Name Attribute] of [Setting Up LDAP].

[OFF] is specified by default.

Settings of [Setting Up LDAP]

Settings

Description

[Setting Up LDAP]

Register the LDAP server to be used for authenticating the user ID of the IC card.

Tap [Check Connection] to try connecting to the LDAP server using the entered information and check if the iformation registered is correct.

Tap [Reset All Settings] to reset all the information entered.

[User Name Acquisition]

Select how to obtain the user name when logging in to this machine.

  • [Use Card ID]: Select this option when only IC card information is registered on the server. Uses the card ID in the IC card as the user name.

  • [Acquiring]: Select this option when user information other than IC card information is registered on the server. Uses the user name obtained from the server. Enter the attribute to be searched as the user name ("uid") at [User Name Attribute].

[Use Card ID] is specified by default.

[Timeout]

If necessary, change the time-out time to limit a communication with the LDAP server.

[60 sec.] is specified by default.

[Search Attribute]

Enter attributes for the place in which you have entered IC card information (using up to 64 characters).

The attribute must start with an alphabet character.

[uid] is specified by default.

[Server Address]

Enter the LDAP server address.

Use one of the following formats.

  • Example of host name entry: "host.example.com"

  • Example of IP address (IPv4) entry: "192.168.1.1"

  • Example of IP address (IPv6) entry: "fe80::220:6bff:fe10:2f16"

[Search Base 1] to [Search Base 3]

Specify the starting point to search for a user to be authenticated.

  • [Search Base]: Specify the starting point to search for a target (using up to 255 characters).
    Example of entry: "cn=users,dc=example,dc=com"

  • [Search Range]: Select a tree search range. [Full Tree] is specified by default.
    Selecting [Full Tree] makes a search, including the tree structure under the entered starting point. Selecting [Next hierarchy only] searches for only one level directly beneath the entered starting point. In this case, the level at the starting point is not included as a search target.

[SSL Setting]

Specify whether or not to use SSL for communication with the LDAP server.

[OFF] is specified by default.

[Port Number]

If necessary, change the LDAP server port number.

In normal circumstances, you can use the original port number.

[389] is specified by default.

[Port Number (SSL)]

If necessary, change the SSL communication port number.

In normal circumstances, you can use the original port number.

[636] is specified by default.

[Certificate Verification Level Settings]

To validate the certificate during SSL communication, select items to be verified.

  • [Expiration Date]: Confirm whether the certificate is within the validity period. [Confirm] is specified by default.

  • [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer. [Do Not Confirm] is specified by default.

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine. [Do Not Confirm] is specified by default.

  • [Expiration Date Confirmation]: Confirm whether the certificate has expired. [Do Not Confirm] is specified by default.

  • [CN]: Confirm whether CN (Common Name) of the certificate matches the server address. [Do Not Confirm] is specified by default.

[Authentication Type]

Select the authentication method to log in to the LDAP server.

Select one appropriate for the authentication method used for your LDAP server.

  • [Simple]

  • [Digest-MD5]

  • [GSS-SPNEGO]

  • [NTLM v1]

  • [NTLM v2]

[Simple] is specified by default.

[Referral Setting]

Select whether to use the referral function, if necessary.

Make an appropriate choice to fit the LDAP server environment.

[ON] is specified by default.

[Login Name]

Log in to the LDAP server, and enter the login name to search for a user (using up to 64 characters).

[Password]

Enter the password of the user name you entered into [Login Name] (using up to 64 characters).

[Domain Name]

Enter the domain name to log in to the LDAP server (using up to 64 characters).

If [GSS-SPNEGO] is selected for [Authentication Type], enter the domain name of Active Directory.

Settings of [Secondary Auth. server setting]

Settings

Description

[ON]/[OFF]

Select whether to use the secondary authentication server.

[OFF] is specified by default.

[Reconnection Settings]

Specify the timing at which to reconnect to the primary authentication server.

[Set Reconnect Interval] is specified by default.

  • [Reconnect for every login]: Connects to the primary authentication server each time authentication is carried out on this machine. If the primary authentication server is shutting down, this machine is connected to the secondary authentication server.

  • [Set Reconnect Interval]: Connects to the secondary authentication server when the primary authentication server is shutting down when machine authentication is occurring. After this, this machine is connected to the secondary authentication server when machine authentication is occurring until the time specified in [Reconnection Time] lapses. After the time specified in [Reconnection Time] has lapsed, this machine is reconnected to the primary authentication server when machine authentication is occurring.

[Secondary Authentication Server Registration]

Register the secondary authentication server.

For details on settings, refer to the settings of [Setting Up LDAP] shown above.

To specify whether to display a list of registered users on the login screen and allow a user to select a desired one ([User Name List])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [User Name List]

Select whether to display the [User Name List] icon in the login screen.

Selecting [ON] enables you to select the login user from the list of user names registered on this machine.

[OFF] is specified by default.

To specify the default function permission applied to users when external server authentication is installed ([Default Function Permission])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [Default Function Permission]

Specify the default function permission applied to users when an external authentication server is used.

Functions available to users who log in to this machine for the first time are limited according to the settings configured here.

  • The default function permission can also be specified with Web Connection. For details, refer to Here.

To specify operations for the ID & Print function ([ID & Print Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [ID & Print Settings]

Specify the operations of the ID & Print function.

Settings

Description

[ID & Print]

Select whether to handle jobs normally printed from the printer driver as ID & Print jobs.

  • [ON]: Jobs that are normally printed are handled as ID & Print jobs.

  • [OFF]: Only jobs for which ID & Print is set are handled as print jobs.

[OFF] is specified by default.

[Public User]

Select the process performed when a public user job or a job without user authentication information is received.

  • [Print Immediately]: Prints the job without saving it in the ID & Print User Box.

  • [Save]: Saves the job in the ID & Print User Box.

[Print Immediately] is specified by default.

To specify the printing method when using the ID & Print function in the authentication unit ([ID & Print Operation Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [ID & Print Operation Settings]

When using the ID & Print function on an Authentication Unit, select whether to request user authentication for printing each job or to allow the user to print all jobs once the user is authenticated. [Print All Jobs] is specified by default.

Settings

Description

[Print All Jobs]

One successful authentication session allows the user to print all jobs.

[Print Each Job]

One successful authentication session allows the user to print a single job.

To specify the default operation to be performed after authentication on the login screen when using the ID & Print function ([Auth. Operation Setting when print Documents are Stored])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [Auth. Operation Setting when print Documents are Stored]

Specify the default operation to perform authentication on the login page when ID & Print jobs are stored.

Settings

Description

[Change to Basic Screen after ID & Print]

Select whether to simultaneously perform ID & Print and the authentication to log in to this machine.

If [ON] is selected, [Login after Print] is displayed in [ID & Print] on the login page.

[Restrict] is specified by default.

[Auth. Operation Setting when print Documents are Stored]

Select the default value for the operation that is performed after authentication in the login window.

  • [Logout after Print]: Prints ID & Print jobs. The user is not logged in to this machine.

  • [Login without Print]: The user is logged in to this machine. The ID & Print job is not executed.

  • [Login after Print]: Prints the ID & Print job, and the user is logged in to this machine. This setting is available when [ON] is selected for [Change to Basic Screen after ID & Print].

[Logout after Print] is specified by default.

To register user information ([User Registration])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [User Registration]

Register the user information. In addition, configure function permission and the upper limit of the number of printable sheets for each user.

Select a number and tap [Edit], and the user registration or editing screen is displayed.

To limit the public user functions, tap [] on the number selection screen. Then, select [Public] and tap [Edit].

Settings

Description

[User Name]

Enter the user name to log in to this machine (using up to 64 characters).

You cannot configure the same user name as an the one which has already been assigned to a registered user. Once a user name is registered, it cannot be changed.

[Password]

Enter the password to log in to this machine (using up to 64 characters).

[E-Mail Address]

Enter the user's E-mail address (using up to 320 characters) if necessary.

If the E-mail address is registered, the Scan to Me function and the Scan to URL function are available.

[Max. Allowance Set]

Set the maximum number of pages that the user can print.

  • [Total Allowance]: Specify the total number of pages that can be printed. To omit setting of the maximum, select [No Limit].

Tap [All Users] to apply the maximum setting to all users.

[No Limit] is specified by default.

[Register Auth. Info.]

If an Authentication Unit is used to adopt the user authentication, tap [Edit] to register authentication information.

To delete authentication information, tap [Delete].

[Function Permission/Authority] - [Function permission]

Restrict functions available to users.

Specify whether to restrict the following functions, respectively:

  • [Copy]: [Allow] is specified by default.

  • [Scan]: [Full Color/Black] is specified by default.

  • [Fax]: [Full Color/Black] is specified by default.

  • [Print]: [Allow] is specified by default.

  • [User Box]: [Allow] is specified by default.

  • [Print Scan/Fax TX]: [Allow] is specified by default.

  • [Save to External Memory]: [Restrict] is specified by default.

  • [External Memory Document Scan]: [Restrict] is specified by default.

  • [Manual Destination Input]: [Allow] is specified by default.

  • [Biometric/IC Card Info. Registration]: [Restrict] is specified by default.

  • [Web Browser]: [Allow] is specified by default.

Tap [All Users] to apply the Function Permission to all users.

[Function Permission/Authority] - [Permission Setting]

Assigns administrator privileges to the user.

  • [Administrative Rights]: [Not Allowed] is specified by default.

  • [User Box Administrator Rights]: [Not Allowed] is specified by default.

Tap [All Users] to apply the assignment of privileges to all users.

This option is available when [Allow] is selected in [Administrator Settings] - [User Authentication/Account Track] - [User Authentication Settings] - [Administrative Settings] - [Login Allowed with Administrative Rights].

[Pause]

Disable registered users temporarily if necessary. If [Stop Job] is set, the users cannot log in to the MFP any longer.

Tap [All Users] to temporarily suspend the use of this machine by any user.

[Continue Job] is specified by default.

[Custom Pattern Function]

Specify the display pattern of function keys in the Copy, Scan/Fax and User Box modes for each user.

  • [Full Functions]: Displays all function keys.

  • [Standard Functions]: Displays commonly used function keys.

  • [Basic Functions]: Displays the more basic function keys than [Standard Functions].

  • [Disable]: User-specific pattern is not configured. The settings of this machines are applied.

You can set this option by selecting [Allow] in [Administrator Settings] - [System Settings] - [Custom Display Settings] - [User/Admin Function Permissions].

[Disable] is specified by default.

[Synchronize Account Track]

Specify whether to synchronize user authentication and account track when both user authentication and account track are implemented.

Tap [All Users] to apply the setting for synchronizing user authentication and account track to all users.

You can set this option by selecting [Synchronize by User] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [Synchronize User Authentication & Account Track].

[Account Name]

If user authentication and account track are implemented and if they are synchronized with each other, select the account to which the user belongs.

Account names must be registered in advance.

  • To change the registered user information, select the registration number and tap [Edit].

  • To delete a registered user, select the registration number and tap [Delete].

  • When using user authentication and account track in combination, register account information beforehand in [Administrator Settings] - [User Authentication/Account Track] - [Account Track Settings] - [Account Track Registration].

  • Information on users authenticated by the external authentication server is also registered. You can change the settings of [Max. Allowance Set], [Function Permission], [Custom Pattern Function], [Synchronize Account Track], and [Account Name] for users authenticated by the external authentication server if necessary.

To specify the function permission and the upper limit of sheets for each user ([User Registration])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [User Registration]

Register the user information. In addition, configure function permission and the upper limit of the number of printable sheets for each user.

Select a number and tap [Edit], and the user registration or editing screen is displayed.

To limit the public user functions, tap [] on the number selection screen. Then, select [Public] and tap [Edit].

Settings

Description

[User Name]

Enter the user name to log in to this machine (using up to 64 characters).

You cannot configure the same user name as an the one which has already been assigned to a registered user. Once a user name is registered, it cannot be changed.

[Password]

Enter the password to log in to this machine (using up to 64 characters).

[E-Mail Address]

Enter the user's E-mail address (using up to 320 characters) if necessary.

If the E-mail address is registered, the Scan to Me function and the Scan to URL function are available.

[Max. Allowance Set]

Set the maximum number of pages that the user can print.

  • [Total Allowance]: Specify the total number of pages that can be printed. To omit setting of the maximum, select [No Limit].

Tap [All Users] to apply the maximum setting to all users.

[No Limit] is specified by default.

[Register Auth. Info.]

If an Authentication Unit is used to adopt the user authentication, tap [Edit] to register authentication information.

To delete authentication information, tap [Delete].

[Function Permission/Authority] - [Function permission]

Restrict functions available to users.

Specify whether to restrict the following functions, respectively:

  • [Copy]: [Allow] is specified by default.

  • [Scan]: [Full Color/Black] is specified by default.

  • [Fax]: [Full Color/Black] is specified by default.

  • [Print]: [Allow] is specified by default.

  • [User Box]: [Allow] is specified by default.

  • [Print Scan/Fax TX]: [Allow] is specified by default.

  • [Save to External Memory]: [Restrict] is specified by default.

  • [External Memory Document Scan]: [Restrict] is specified by default.

  • [Manual Destination Input]: [Allow] is specified by default.

  • [Biometric/IC Card Info. Registration]: [Restrict] is specified by default.

  • [Web Browser]: [Allow] is specified by default.

Tap [All Users] to apply the Function Permission to all users.

[Function Permission/Authority] - [Permission Setting]

Assigns administrator privileges to the user.

  • [Administrative Rights]: [Not Allowed] is specified by default.

  • [User Box Administrator Rights]: [Not Allowed] is specified by default.

Tap [All Users] to apply the assignment of privileges to all users.

This option is available when [Allow] is selected in [Administrator Settings] - [User Authentication/Account Track] - [User Authentication Settings] - [Administrative Settings] - [Login Allowed with Administrative Rights].

[Pause]

Disable registered users temporarily if necessary. If [Stop Job] is set, the users cannot log in to the MFP any longer.

Tap [All Users] to temporarily suspend the use of this machine by any user.

[Continue Job] is specified by default.

[Custom Pattern Function]

Specify the display pattern of function keys in the Copy, Scan/Fax and User Box modes for each user.

  • [Full Functions]: Displays all function keys.

  • [Standard Functions]: Displays commonly used function keys.

  • [Basic Functions]: Displays the more basic function keys than [Standard Functions].

  • [Disable]: User-specific pattern is not configured. The settings of this machines are applied.

You can set this option by selecting [Allow] in [Administrator Settings] - [System Settings] - [Custom Display Settings] - [User/Admin Function Permissions].

[Disable] is specified by default.

[Synchronize Account Track]

Specify whether to synchronize user authentication and account track when both user authentication and account track are implemented.

Tap [All Users] to apply the setting for synchronizing user authentication and account track to all users.

You can set this option by selecting [Synchronize by User] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [Synchronize User Authentication & Account Track].

[Account Name]

If user authentication and account track are implemented and if they are synchronized with each other, select the account to which the user belongs.

Account names must be registered in advance.

  • To change the registered user information, select the registration number and tap [Edit].

  • To delete a registered user, select the registration number and tap [Delete].

  • When using user authentication and account track in combination, register account information beforehand in [Administrator Settings] - [User Authentication/Account Track] - [Account Track Settings] - [Account Track Registration].

  • Information on users authenticated by the external authentication server is also registered. You can change the settings of [Max. Allowance Set], [Function Permission], [Custom Pattern Function], [Synchronize Account Track], and [Account Name] for users authenticated by the external authentication server if necessary.

To check the operation conditions of this machine for each user or eco information (economy level) ([User Counter])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [User Counter]

Use this option to check the number of pages for each user and to reset the counter.

Select the registration number of a user subject to counter checking and tap [Counter Details].

Settings

Description

[Counter Details]

Shows the counter for the selected user. You can check the number of pages used for each function.

Tap [Eco Info] to display 2-sided printing, page combination, and other information related to the user, and check how effectively toner and paper are being saved.

Tap [Clear Counter] to clear the user's counter.

[Reset All Counters]

Resets counters for all users.

To register account track information ([Account Track Registration])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Account Track Settings]
          • [Account Track Registration]

Register account information. In addition, configure function permission and the maximum allowance on the number of pages printed for each account.

Select a number and tap [Edit], and the account track registration or editing screen is displayed.

Settings

Description

[Account Name]

Enter the account name used for logging in to this machine (using up to eight characters).

[Password]

Enter the password to log in to this machine (using up to 64 characters).

[Max. Allowance Set]

Restricts the number of pages each account can print.

  • [Total Allowance]: Specify the total number of pages that can be printed. To omit setting of the maximum, select [No Limit].

Tap [All Accounts] to apply the maximum setting to all accounts.

[No Limit] is specified by default.

[Function Permission]

Restrict functions available to users.

Specify whether to restrict the following functions, respectively:

  • [Copy]: [Allow] is specified by default.

  • [Scan]: [Full Color/Black] is specified by default.

  • [Fax]: [Full Color/Black] is specified by default.

  • [Print]: [Allow] is specified by default.

  • [Print Scan/Fax TX]: [Allow] is specified by default.

Tap [All Accounts] to apply function permission setting to all accounts.

[Pause]

Disable registered accounts temporarily if necessary. If [Stop Job] is set, the users cannot log in to the MFP any longer.

Tap [All Accounts] to temporarily suspend the use of this machine by any account.

[Continue Job] is specified by default.

[Custom Pattern Function]

Specify the display pattern of function keys in the Copy, Scan/Fax and User Box modes for each account.

  • [Full Functions]: Displays all function keys.

  • [Standard Functions]: Displays commonly used function keys.

  • [Basic Functions]: Displays the more basic function keys than [Standard Functions].

  • [Disable]: Account-specific pattern is not configured. The settings of this machines are applied.

You can set this option by selecting [Allow] in [Administrator Settings] - [System Settings] - [Custom Display Settings] - [User/Admin Function Permissions].

[Disable] is specified by default.

  • To change the registered account information, select the registration number and tap [Edit].

  • To delete a registered account, select the registration number and tap [Delete].

To specify the function permission and the upper limit of sheets for each account track ([Account Track Registration])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Account Track Settings]
          • [Account Track Registration]

Register account information. In addition, configure function permission and the maximum allowance on the number of pages printed for each account.

Select a number and tap [Edit], and the account track registration or editing screen is displayed.

Settings

Description

[Account Name]

Enter the account name used for logging in to this machine (using up to eight characters).

[Password]

Enter the password to log in to this machine (using up to 64 characters).

[Max. Allowance Set]

Restricts the number of pages each account can print.

  • [Total Allowance]: Specify the total number of pages that can be printed. To omit setting of the maximum, select [No Limit].

Tap [All Accounts] to apply the maximum setting to all accounts.

[No Limit] is specified by default.

[Function Permission]

Restrict functions available to users.

Specify whether to restrict the following functions, respectively:

  • [Copy]: [Allow] is specified by default.

  • [Scan]: [Full Color/Black] is specified by default.

  • [Fax]: [Full Color/Black] is specified by default.

  • [Print]: [Allow] is specified by default.

  • [Print Scan/Fax TX]: [Allow] is specified by default.

Tap [All Accounts] to apply function permission setting to all accounts.

[Pause]

Disable registered accounts temporarily if necessary. If [Stop Job] is set, the users cannot log in to the MFP any longer.

Tap [All Accounts] to temporarily suspend the use of this machine by any account.

[Continue Job] is specified by default.

[Custom Pattern Function]

Specify the display pattern of function keys in the Copy, Scan/Fax and User Box modes for each account.

  • [Full Functions]: Displays all function keys.

  • [Standard Functions]: Displays commonly used function keys.

  • [Basic Functions]: Displays the more basic function keys than [Standard Functions].

  • [Disable]: Account-specific pattern is not configured. The settings of this machines are applied.

You can set this option by selecting [Allow] in [Administrator Settings] - [System Settings] - [Custom Display Settings] - [User/Admin Function Permissions].

[Disable] is specified by default.

  • To change the registered account information, select the registration number and tap [Edit].

  • To delete a registered account, select the registration number and tap [Delete].

To check the operation conditions of this machine for each account track or eco information (economy level) ([Account Track Counter])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Account Track Settings]
          • [Account Track Counter]

You can check the number of pages used for each account and reset the counter.

Select the registration number of an account subject to counter checking and tap [Counter Details].

Settings

Description

[Counter Details]

Shows the counter for the selected account. You can check the number of pages used for each function.

Tap [Eco Info] to display 2-sided printing, page combination, and other information to the user, and check how effectively toner and paper are being saved.

Tap [Clear Counter] to clear the account's counter.

[Reset All Counters]

Resets counters for all accounts.

To specify an action to be taken when this machine receives a print job without authentication information ([Print without Authentication])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Print without Authentication]

Select whether to allow users to start print jobs without authentication information (jobs for which the print command is executed even though user authentication or account track is not correctly configured in the printer driver).

Settings

Description

[TRAP Setting]

  • [Allow]: Only black-and-white printing is allowed. Color printing jobs are also printed in black and white. Print jobs are counted as public user jobs.

  • [Restrict]: Printing is restricted. Canceling [Restrict] allows everybody to perform printing. Select [Restrict] to control user access and ensure security.

[Restrict] is specified by default.

[IP Filtering (Permit Access)]

If [Allow] is selected in [TRAP Setting], specify a computer that allows an access to this machine using the IP address.

[Enable]/[Disable]

Select whether to specify an IP address that allows access to this machine.

[Disable] is specified by default.

[Set 1] to [Set 5]

Enter the range of IP addresses that allow access using the following format.

  • Entry example: "192.168.1.1 - 192.168.1.10"

  • To allow access from a single IP address, you can only enter the address in one side of the range.

To print a list in which the operation conditions of this machine are calculated for each user or account track ([Print Counter List])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Print Counter List]

A print counter list is printed. You can print a list if user authentication or account track has been adopted.

In [Print Item], specify whether to print all information or only to print typed information. In [Detailed Counter], select whether to print detailed counter information.

Change print settings as required, then tap [Start] to start printing.

To register an external server for user authentication ([External Server Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [External Server Settings]

When employing external server authentication, register the authentication server. When registering multiple authentication servers, register the one you want to normally use as the default value.

Select a number for registering the server and tap [New].

Settings

Description

[Server Name]

Enter the name of your authentication server (using up to 32 characters).

Assign an easy-to-understand name to the authentication server to be registered.

[Server Type]

Select the type of the authentication server and set required information. The items you are able to configure will vary depending on the selected server type.

[Active Directory]

Register server information when Active Directory is used as the authentication server.

  • [Default Domain Name]: Enter the default domain name of your Active Directory (using up to 64 characters).

  • [Timeout]: Change the timeout interval for communication with Active Directory, if required.
    [60 sec.] is specified by default.

[NTLM v1]

Register server information when NTLM v1 is used as the authentication server.

  • [Default Domain Name]: Enter the default domain name of your authentication server (using up to 64 characters). The default domain name must be uppercase letters.

[NTLM v2]

Register server information when NTLM v2 is used as the authentication server.

  • [Default Domain Name]: Enter the default domain name of your authentication server (using up to 64 characters). The default domain name must be uppercase letters.

[LDAP]

Register server information when LDAP is used as the authentication server.

  • [Server Address]: Enter your LDAP server address.

  • [Search Base 1] to [Search Base 3]: Specify the starting point and range to search a user to be authenticated.
    [Search Base]: Specify the starting point to search for a target (using up to 255 characters).
    Example of entry: "cn=users,dc=example,dc=com"
    [Search Range]: Select a tree search range. [Full Tree] is specified by default. Selecting [Full Tree] makes a search, including the tree structure under the entered starting point. Selecting [Next hierarchy only] searches for only one level directly beneath the entered starting point. In this case, the level at the starting point is not included as a search target.

  • [SSL Setting]: Specify whether to use SSL for communications. [OFF] is specified by default.

  • [Port No.]: If necessary, change the port number. [389] is specified by default.

  • [Timeout]: Change the timeout interval for communication with the LDAP server, if required. [60] sec. is specified by default.

  • [Authentication Type]: Select the authentication method to log in to the LDAP server. Select one appropriate for the authentication method used for your LDAP server. [Simple] is specified by default.

  • [Search Attribute(s)]: Enter the search attribute used in user account search (using up to 64 characters). [uid] is specified by default.

  • [Search Attributes Authentication]: Specify whether to have DN (Distinguished Name) generated automatically that is required for authentication by the LDAP server when [Simple] is selected for [Authentication Type]. Also, enter authentication information used for logging in to the LDAP server in order to search for the user ID. [No Limit] is specified by default.

  • To change the registered authentication server information, select the registration number and tap [Edit].

  • To delete the registered authentication server, select the registration number and tap [Delete].

  • When registering multiple authentication servers, select the authentication server that is normally used and then tap [Set as Default] to register it as the default.

  • When registering multiple authentication servers, you can set secondary authentication servers. To use the secondary authentication server, tap [Secondary Auth. server setting], select [ON], then specify the timing at which to reconnect to the primary authentication server.

  • When setting the authentication server to the primary or secondary authentication server, select the authentication server, then tap [Primary] or [Secondary].

To restrict the registered destinations that can be accessed by users ([Limiting Access to Destinations])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Limiting Access to Destinations]

Limit the access to destinations for each user.

Restrict destinations that can be browsed by users by combining [Apply Levels/Groups to Destinations] and [Apply Levels/Groups to Users].

  • For details on the restriction of browsing destinations, refer to Here.

Settings

Description

[Create Group]

Register a reference allowed group.

In a reference allowed group, destinations and users can be registered, and such users can reference destinations registered in the same group.

  • To register a group, select the registration number and tap [Edit].

  • To check destinations or users registered in a group, tap [Details].

[Group Name]

Enter the name of the group (using up to 24 characters).

[Access Allowed Level]

To manage the address book by combining the reference allowed level and reference allowed group, select a reference allowed level of the reference allowed group.

[Level 0] is specified by default.

[Apply Levels/Groups to Destinations]

Select a registered destination from [Address Book], [Group], or [Program], and then configure either the reference allowed group or reference allowed level.

[Apply Group]

Assign a reference allowed group to the registered destination you have selected.

Before you can assign a reference allowed group, you need to register the reference allowed group in [Create Group].

[Apply Level]

Assign a reference allowed level to the registered destination you have selected.

[Level 0] is specified by default.

[Apply Levels/Groups to Users]

Select a registered user or public user and specify a reference allowed group or reference allowed level. You can combine reference allowed group and reference allowed level settings.

[Apply Group]

Assign a reference allowed group to the registered user you have selected.

Before you can assign a reference allowed group, you need to register the reference allowed group in [Create Group].

[Apply Level]

Assign a reference allowed level to the registered user you have selected.

[Level 0] is specified by default.

To specify how to log in to the IC card authentication or which operation is to be performed at authentication ([General Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Authentication Device Settings]
          • [General Settings]

Configure how to log in with IC card, NFC, or biometric authentication as well as operations to take place upon authentication.

Settings

Description

[Card Authentication]

To use this function, the optional Authentication Unit (IC card type) is required.

[IC Card type setting]

Select the type of the required IC card.

  • To use the FeliCa card, select [FeliCa], [SSFC], [FCF], [FCF (Campus)], or [FeliCa (Proprietary Card)]. When [SSFC] is selected, detailed information such as the company code or company identification code is registered.

  • To use the Type A card, select [Type A].

  • To use the FeliCa card with the Type A card, select [FeliCa+TypeA], [SSFC+Type A], [FCF+Type A], [FCF(Campus)+Type A], or [FeliCa(Proprietary Card)+Type A]. When [SSFC+Type A] is selected, detailed information such as the company code or company identification code is registered.

  • To use NFC, select [NFC(HCE)].

  • To use the Type A card with NFC, select [TypeA+NFC(HCE)].

  • To use the FeliCa card with NFC, select [FeliCa+NFC(HCE)], [SSFC+NFC(HCE)], [FCF+NFC(HCE)], [FCF(Campus)+NFC(HCE)], or [FeliCa(Proprietary Card)+NFC(HCE)]. When [SSFC+NFC(HCE)] is selected, detailed information such as the company code or company identification code is registered.

[IC Card Type]

The specified IC card type is displayed depending on the type of your loadable driver.

[Operation Settings]

Select how to log in to this machine.

  • [Card Authentication]: Logs in simply by placing your IC card or NFC-compatible Android terminal on the authentication unit.

  • [Card Authentication + Password]: Logs in by placing the IC card or NFC-compatible Android terminal on the authentication unit and entering the password.

[Card Authentication] is specified by default.

[Authentication Card ID Number]

Select whether to notify the counter, which collects the use status of this machine, of the authentication card ID.

[Ignore] is specified by default.

[Bio Authentication]

To use this function, the optional Authentication Unit (biometric type) is required.

[Beep Sound]

Select whether to give a "blip" sound when the finger vein pattern is scanned successfully.

[ON] is specified by default.

[Operation Settings]

Select how to log in to this machine.

  • [1-to-many authentication]: A user simply needs to place his or her finger to log in.

  • [1-to-1 authentication]: Enter the user name and position his or her finger to log in.

[1-to-many authentication] is specified by default.

To specify how to log in to the biometric authentication or which operation is to be performed at authentication ([General Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Authentication Device Settings]
          • [General Settings]

Configure how to log in with IC card, NFC, or biometric authentication as well as operations to take place upon authentication.

Settings

Description

[Card Authentication]

To use this function, the optional Authentication Unit (IC card type) is required.

[IC Card type setting]

Select the type of the required IC card.

  • To use the FeliCa card, select [FeliCa], [SSFC], [FCF], [FCF (Campus)], or [FeliCa (Proprietary Card)]. When [SSFC] is selected, detailed information such as the company code or company identification code is registered.

  • To use the Type A card, select [Type A].

  • To use the FeliCa card with the Type A card, select [FeliCa+TypeA], [SSFC+Type A], [FCF+Type A], [FCF(Campus)+Type A], or [FeliCa(Proprietary Card)+Type A]. When [SSFC+Type A] is selected, detailed information such as the company code or company identification code is registered.

  • To use NFC, select [NFC(HCE)].

  • To use the Type A card with NFC, select [TypeA+NFC(HCE)].

  • To use the FeliCa card with NFC, select [FeliCa+NFC(HCE)], [SSFC+NFC(HCE)], [FCF+NFC(HCE)], [FCF(Campus)+NFC(HCE)], or [FeliCa(Proprietary Card)+NFC(HCE)]. When [SSFC+NFC(HCE)] is selected, detailed information such as the company code or company identification code is registered.

[IC Card Type]

The specified IC card type is displayed depending on the type of your loadable driver.

[Operation Settings]

Select how to log in to this machine.

  • [Card Authentication]: Logs in simply by placing your IC card or NFC-compatible Android terminal on the authentication unit.

  • [Card Authentication + Password]: Logs in by placing the IC card or NFC-compatible Android terminal on the authentication unit and entering the password.

[Card Authentication] is specified by default.

[Authentication Card ID Number]

Select whether to notify the counter, which collects the use status of this machine, of the authentication card ID.

[Ignore] is specified by default.

[Bio Authentication]

To use this function, the optional Authentication Unit (biometric type) is required.

[Beep Sound]

Select whether to give a "blip" sound when the finger vein pattern is scanned successfully.

[ON] is specified by default.

[Operation Settings]

Select how to log in to this machine.

  • [1-to-many authentication]: A user simply needs to place his or her finger to log in.

  • [1-to-1 authentication]: Enter the user name and position his or her finger to log in.

[1-to-many authentication] is specified by default.

To specify an operation to be carried out after original scanning was completed when user authentication is performed using an authentication unit ([Logoff Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Authentication Device Settings]
          • [Logoff Settings]

Specify whether to log out automatically when scanning of the original finishes.

[Do not log off] is specified by default.

To specify whether to display the logout confirmation screen at logout ([Logout Confirmation Screen Display Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User/Account Common Setting]
          • [Logout Confirmation Screen Display Setting]

Specify whether to display the logout confirmation screen on the Touch Panel when you log out of the login mode (Recipient User or Public User) entered by pressing the Access key.

[ON] is specified by default.

To specify whether to allow a user to obtain counter information of this machine from the remote diagnosis system ([Counter Remote Control])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User/Account Common Setting]
          • [Counter Remote Control]

Specify whether to allow acquisition of counter information managed on this machine when a remote diagnosis system is used.

[Restrict] is specified by default.

To specify whether to enable the Scan to Home function ([Scan to Home Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Scan to Home Settings]

Select whether to enable the Scan to Home function.

This item can be configured when Active Directory is used as an authentication server.

[Disable] is specified by default.

To quote user's authentication information for access to a shared folder ([Scan to Authorized Folder Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Scan to Authorized Folder Settings]

Specify whether to limit the transmission destinations. The authentication information of the users who have logged in to this machine is used for accessing a shared folder on the network.

If [Scan to Authorized Folder Settings] is set to [Limit], the following restrictions will be applied:

  • Addresses cannot be specified by direct input for scan transmission.

  • Users cannot save files to User Boxes.

  • Users cannot send files from User Boxes.

  • Users cannot use annotation User Boxes.

  • Users cannot select addresses from transmission log.

  • Users cannot use the URL notification function.

[Do Not Limit] is specified by default.

To print data from the printer driver without entering a password when user authentication is installed ([Simple Auth. setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Simple Auth. setting]

Select whether to allow authentication that is based only on the user name (without a password) when the printer driver is used for printing in an environment where user authentication is employed. When employing external server authentication, register the authentication server for quick authentication.

Settings

Description

[Authentication Setting]

Select whether to allow authentication that is based only on the user name (without a password) when the printer driver is used for printing in an environment where user authentication is employed.

To permit the quick authentication, the login user name for this machine for MFP authentication, external server authentication, and enhanced server authentication must match the Windows login ID.

[Restrict] is specified by default.

[Register Authentication Server]

When external server authentication is implemented, register the LDAP server to check user names.

For details on settings, refer to the settings of [Register Authentication Server] shown below.

[Secondary Auth. server setting]

Configure settings to connect to the secondary authentication server when you cannot connect to the primary authentication server while the external server authentication is installed.

For details on settings, refer to the settings of [Secondary Auth. server setting] shown below.

Settings of [Register Authentication Server]

Settings

Description

[External Server Authentication]

Select the external server name to be used as a part of user information when authentication using the LDAP server is successfully completed from the external servers registered on this machine.

The external server selected here is used for the following purpose.

  • Using as a part of authentication information saved on this machine

  • Using for restricting the functions of this machine or managing the maximum allowance

[Timeout]

If necessary, change the time-out time to limit a communication with the LDAP server.

[60 sec.] is specified by default.

[Search Attribute]

Enter the search attribute to be used for search of a user using the LDAP server (using up to 64 characters).

The attribute must start with an alphabet character.

[uid] is specified by default.

[Server Address]

Enter the LDAP server address.

Use one of the following formats.

  • Example of host name entry: "host.example.com"

  • Example of IP address (IPv4) entry: "192.168.1.1"

  • Example of IP address (IPv6) entry: "fe80::220:6bff:fe10:2f16"

[Search Base 1] to [Search Base 3]

Specify the starting point to search for a user to be authenticated.

  • [Search Base]: Specify the starting point to search for a target (using up to 255 characters).
    Example of entry: "cn=users,dc=example,dc=com"

  • [Search Range]: Select a tree search range. [Full Tree] is specified by default.
    Selecting [Full Tree] makes a search, including the tree structure under the entered starting point. Selecting [Next hierarchy only] searches for only one level directly beneath the entered starting point. In this case, the level at the starting point is not included as a search target.

[SSL Setting]

Specify whether or not to use SSL for communication with the LDAP server.

[OFF] is specified by default.

[Port Number]

If necessary, change the LDAP server port number.

In normal circumstances, you can use the original port number.

[389] is specified by default.

[Port Number (SSL)]

If necessary, change the SSL communication port number.

In normal circumstances, you can use the original port number.

[636] is specified by default.

[Certificate Verification Level Settings]

To validate the certificate during SSL communication, select items to be verified.

  • [Expiration Date]: Confirm whether the certificate is within the validity period. [Confirm] is specified by default.

  • [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer. [Do Not Confirm] is specified by default.

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine. [Do Not Confirm] is specified by default.

  • [Expiration Date Confirmation]: Confirm whether the certificate has expired. [Do Not Confirm] is specified by default.

  • [CN]: Confirm whether CN (Common Name) of the certificate matches the server address. [Do Not Confirm] is specified by default.

[Authentication Type]

Select the authentication method to log in to the LDAP server.

Select one appropriate for the authentication method used for your LDAP server.

  • [Simple]

  • [Digest-MD5]

  • [GSS-SPNEGO]

  • [NTLM v1]

  • [NTLM v2]

[Simple] is specified by default.

[Referral Setting]

Select whether to use the referral function, if necessary.

Make an appropriate choice to fit the LDAP server environment.

[ON] is specified by default.

[Login Name]

Log in to the LDAP server, and enter the login name to search for a user (using up to 64 characters).

[Password]

Enter the password of the user name you entered into [Login Name] (using up to 64 characters).

[Domain Name]

Enter the domain name to log in to the LDAP server (using up to 64 characters).

If [GSS-SPNEGO] is selected for [Authentication Type], enter the domain name of Active Directory.

[Check Connection]

Select this option to try connecting to the LDAP server using the entered information and check if the information registered is correct.

[Reset All Settings]

Tap this button to reset all the contents you entered.

Settings of [Secondary Auth. server setting]

Settings

Description

[ON]/[OFF]

Select whether to use the secondary authentication server.

[OFF] is specified by default.

[Reconnection Settings]

Specify the timing at which to reconnect to the primary authentication server.

[Set Reconnect Interval] is specified by default.

  • [Reconnect for every login]: Connects to the primary authentication server each time authentication is carried out on this machine. If the primary authentication server is shutting down, this machine is connected to the secondary authentication server.

  • [Set Reconnect Interval]: Connects to the secondary authentication server when the primary authentication server is shutting down when machine authentication is occurring. After this, this machine is connected to the secondary authentication server when machine authentication is occurring until the time specified in [Reconnection Time] lapses. After the time specified in [Reconnection Time] has lapsed, this machine is reconnected to the primary authentication server when machine authentication is occurring.

[Secondary Authentication Server Registration]

Register the secondary authentication server.

For details on settings, refer to the settings of [Register Authentication Server] shown above.

To use this machine in the single sign-on environment of Active Directory ([Single Sign-On Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Network Settings]
        • [Single Sign-On Setting]

Join the machine to the Active Directory domain and establish the single sign-on environment.

You can set this option by selecting [External Server Authentication] or [Main + External Server] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [User Authentication] - [Authentication Method].

Settings

Description

[Domain Login Setting]

Configure settings to join services of this machine in a domain.

Joining services of this machine in the domain allows the user to use them if authenticated once by Active Directory.

[ON]/[OFF]

Select whether to use singe-sign on.

Enter the host name, domain name, account name, and password, then tap [OK] to execute domain joining processing.

[OFF] is specified by default.

[Host Name]

Enter the host name of this machine (using up to 253 characters).

Enter the host name you specified in [Administrator Settings] - [Network Settings] - [TCP/IP Settings] - [DNS Host].

[Domain Name]

Enter the domain name of Active Directory (using up to 64 characters).

[Account Name]

Enter the administrator's account name of the Active Directory domain (using up to 64 characters).

[Password]

Enter the administrator's password of the Active Directory domain (using up to 64 characters).

[TX Timeout]

Change the time-out time of domain joining processing if necessary.

[30] is specified by default.

[Applications and Settings]

Displays a list of services of this machine that join the Active Directory domain.

When this machine joins the Active Directory domain, [PRINTER] appears.

[Auto Log Out Time]

When the user uses services of this machine in the Active Directory domain, change the time to hold the user's authentication information on this machine.

Since the user can reuse authentication information while it is held on this machine, they can use the services of this machine without performing authentication again.

[1 Hour] is specified by default.