Verifying Users to Operate the Machine (User Authentication)
"User authentication" is a system to authenticate users and grant them privileges to use the machine. The machine requires entering an arbitrary text, the login user name, or the login password to authenticate a user.
User authentication prevents unauthorized users from operating the machine and is useful for managing and analyzing usage of the machine regarding the user, operation time, and frequency
Settings screen type: Standard
Settings screen type: Classic
You can use the IC card or smart device instead of entering your authentication information on the control panel for user authentication.
Logging in to the Machine Using an IC Card or a Smart Device
User Authentication Method
There are four types of user authentication methods including basic authentication that limits use of the machine and methods that use an authentication server in the network. Select a method depending on the usage condition or the number of users.
User Authentication Method | Explanation |
---|---|
User Code authentication | Authentication is performed using an eight-digit user code. When specifying User Code authentication, the machine prompts you to enter the user code to use the machine. Multiple users can use the same user code. |
Basic authentication | Authentication is performed using the login user name and login password registered in the address book on the machine. When specifying Basic authentication, the machine prompts you to enter the login information to use the machine. |
Windows authentication | Authentication is performed using the account registered in the Active Directory of the Windows server. When specifying Windows authentication, the machine prompts you to enter the login information to use the machine. |
LDAP authentication | Authentication is performed using the user information registered in the LDAP server. When specifying LDAP authentication, the machine prompts you to enter the login information to use the machine. |
In Windows or LDAP authentication, the machine can authenticate you without registering your user information in the machine's address book manually, as the user information in the server is registered in the machine automatically.
In Windows or LDAP authentication, you can manage user information centrally in the server. You can also always use the address provided by the server as the sender (From) of e-mails sent from the machine. These features are useful to avoid data leakage by erroneous input of information or spoofing by an unauthorized user.
When switching the authentication method from User Code authentication to another method, the user code will be used as the login user name. In this case, the login password is not specified. To avoid unauthorized use, delete unnecessary user information and set up a password for the continuing users.
If user authentication cannot be performed due to a problem with the machine or network, the machine administrator can disable user authentication temporarily in order to use the machine. Take this measure only during emergencies.
Specifying User Code Authentication (Settings Screen Type: Standard)
Specify the functions to restrict with User Code authentication.
Log in to the machine as the machine administrator on the control panel.
On the Home screen, press [Settings].
On the Settings screen, press [System Settings].
Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].
Select [User Code Authentication] from the list next to User Authentication Management.
From Functions to Restrict, select the functions to restrict against use.
Specify whether to perform User Code authentication for each function. For Copier Function and Printer Function, you can specify to perform User Code authentication for all Copier or Printer functions, or for the color print mode only.
When registering the user code of the printer driver automatically, select [PC Control] for Printer Function. Specify the user code registered in the Address Book to the printer driver.
When [PC Control] is selected, the user code specified in the printer driver is registered in the Address Book automatically and is excluded from the print volume use limitation. To limit the print volume use, select other than [PC Control] for Printer Function.
Specifying Maximum Print Volume Use of Each User
For Printer Job Authentication, specify the security level for print jobs using the printer driver.
Press [OK].
Press [Home] ().
When the confirmation dialog is displayed, press [OK], and then log out of the machine.
If registration of the user information is not completed, register the user in the Address Book and specify the user code.
Specifying Basic Authentication (Settings Screen Type: Standard)
Register the default values of the functions available to each user with Basic authentication.
Log in to the machine as the machine administrator on the control panel.
On the Home screen, press [Settings].
On the Settings screen, press [System Settings].
Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].
Select [Basic Authentication] from the list next to User Authentication Management.
From Available Functions, select the functions available to the user.
Specify the functions available to the user for each function. For Copier Function and Printer Function, you can specify that the user can use all Copier or Printer functions, or the black-and-white or two-color print mode only.
For Printer Job Authentication, specify the security level for print jobs using the printer driver.
Press [OK].
Press [Home] ().
When the confirmation dialog is displayed, press [OK], and then log out of the machine.
If registration of the user information is not completed, register the user in the Address Book and specify the login information.
Registering a User in the Address Book and Specifying the Login Information
The login user name and login password can be used to authenticate the user in the SMTP or LDAP server, or to authenticate shared folders.
Use a login user name other than "other", "admin", "supervisor", or "HIDE***". (Enter an optional character string in "***".) You cannot use these user names for authentication because they are already in use in the machine.
Specifying Windows Authentication (Settings Screen Type: Standard)
Register the Windows server information required for authentication with the Windows server.
In advance, check the use conditions in the Windows server, and install the Web server (IIS) and the Active Directory Certificate Service in the Windows server.
To use Kerberos authentication in the server, register the realm in advance to determine the network area.
Log in to the machine as the machine administrator on the control panel.
On the Home screen, press [Settings].
On the Settings screen, press [System Settings].
Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].
Select [Windows Authentication] from the list next to User Authentication Management.
Register the server for authentication and specify the usable functions.
Kerberos Authentication: To enable Kerberos authentication, select [On].
Domain Name: To disable Kerberos authentication, enter the domain name to authenticate.
Realm Name: To enable Kerberos authentication, select the realm name to authenticate.
Use Secure Connection (SSL): To encrypt communication signals, select [On].
Printer Job Authentication: Specify the security level for print jobs using the printer driver.
Group: If global groups have been registered, you can specify usable functions for each global group. Press [* Not Registered], and then enter the same name as the one registered in the server to specify the available functions.
Users who are registered in multiple groups can use all functions available to those groups.
A user who is not registered in any group can use the authority specified in [*Default Group]. By default, all functions are available to the Default Group members.
For Available Functions, specify the functions available to each group. For Copier Function and Printer Function, you can specify whether the user can use all Copier or Printer functions, or the black-and-white or two-color print mode only.
Press [OK].
Press [Home] ().
When the confirmation dialog is displayed, press [OK], and then log out of the machine.
For the characters that can be used for login user names and passwords, see the section below:
Specifying LDAP Authentication (Settings Screen Type: Standard)
Register the LDAP server information required for authentication with the LDAP server.
In advance, check the use conditions in the LDAP server, and register the LDAP server in the machine.
Log in to the machine as the machine administrator on the control panel.
On the Home screen, press [Settings].
On the Settings screen, press [System Settings].
Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].
Select [LDAP Authentication] from the list next to User Authentication Management.
Select the server for authentication and specify the available functions.
LDAP Servers: Select the LDAP server to authenticate.
Login Name Attribute: Use this as a search criterion to obtain user information. Create a search filter based on the login name attribute, select a user, and then retrieve the user information from the LDAP server to transfer to the machine's Address Book.
When separating multiple login attributes with a comma (,), the search will return hits by entering a login name for either or both attributes.
Also, by entering two login names separated by an equal sign (=) (for example: cn=abcde, uid=xyz), the search will return hits only for a match of the attributes of both login names. This search function can be applied when "Cleartext authentication" is specified.
Unique Attribute: Specify this to match the user information in the LDAP server with that in the machine. A user whose unique attribute registered in the LDAP server matches that of a user registered in the machine is treated as the same user in the machine. Specify the attribute that is used for unique information in the server as the Unique Attribute. You can enter "cn" or "employeeNumber" to use as "serialNumber" or "uid" as long as it is unique.
Available Functions: Specify the functions available to the user for each function. For Copier Function and Printer Function, you can specify whether the user can use all Copier or Printer functions, or the black-and-white or two-color print mode only.
For Printer Job Authentication, specify the security level for print jobs using the printer driver.
Press [OK].
Press [Home] ().
When the confirmation dialog is displayed, press [OK], and then log out of the machine.
For the characters that can be used for login user names and passwords, see the section below:
Adding Administrators or Changing the Privileges (Settings Screen Type: Standard)
Specifying User Code Authentication (Settings Screen Type: Classic)
Select [User Code Auth.] on [User Authentication Management], and specify the functions to restrict.
Log in to the machine as the machine administrator on the control panel.
On the Home screen, press [Settings].
Press [Machine Features Settings] on the Settings screen.
Press [System Settings][Administrator Tools] tab [User Authentication Management] to display the User Authentication Management setting screen.
Press "User Code Auth.", and then select the functions to restrict.
Functions to Restrict: Specify whether to perform User Code authentication for each function. On "Copy" or "Printer", you can specify to perform User Code authentication for all Copy or Printer functions, or for the color print mode only.
When registering the user code of the printer driver automatically, select [PC Control] in "Printer". Specify the user code registered in [System] to the printer driver.
When [PC Control] is selected, the user code specified in the printer driver is registered in the address book automatically and is excluded from the print volume use limitation. To limit the print volume use, select other than [PC Control] on "Printer".
Printer Job Authentication: Specify the security level for print jobs using the printer driver.
Press [OK].
Press [Exit] to display the confirmation dialog, and then press [Yes] to log out of the machine.
The Home screen is displayed.
If registration of the user information is not completed, register the user in the address book and specify the user code.
Specifying Basic Authentication (Settings Screen Type: Classic)
Select [Basic Auth.] on [User Authentication Management], and register the default values of the functions available to each user.
Log in to the machine as the machine administrator on the control panel.
On the Home screen, press [Settings].
Press [Machine Features Settings] on the Settings screen.
Press [System Settings][Administrator Tools] tab [User Authentication Management] to display the User Authentication Management setting screen.
Press [Basic Auth.], and select the functions available to the user.
Available Functions: Specify the functions available to the user for each function. On "Copy" or "Printer", you can specify that the user can use all of the Copy or Printer functions, or the black-and-white or two-color print mode only.
Printer Job Authentication: Specify the security level for print jobs using the printer driver.
Press [OK].
Press [Exit] to display the confirmation dialog, and then press [Yes] to log out of the machine.
The Home screen is displayed.
If registration of the user information is not completed, register the user in the address book and specify the login information.
Registering a User in the Address Book and Specifying the Login Information
The login user name and login password can be used to authenticate the user in the SMTP or LDAP server, or to authenticate shared folders.
Use a login user name other than "other", "admin", "supervisor", or "HIDE***". (Enter an optional character string in "***".) You cannot use these user names for authentication because they are already in use in the machine.
Specifying Windows Authentication (Settings Screen Type: Classic)
On [User Authentication Management], select [Windows Auth.] to register the information required for authentication in the Windows server.
In advance, check the use conditions in the Windows server, and install the Web server (IIS) and the Active Directory Certificate Service in the Windows server.
To use Kerberos Authentication in the server, register the realm in advance to determine the network area.
Log in to the machine as the machine administrator on the control panel.
On the Home screen, press [Settings].
Press [Machine Features Settings] on the Settings screen.
Press [System Settings][Administrator Tools] tab [User Authentication Management] to display the User Authentication Management setting screen.
Select [Windows Auth.] to register the server for authentication and to specify the usable functions.
Kerberos Authentication: To enable Kerberos Authentication, press [On].
Realm Name: To enable Kerberos authentication, select the realm name to authenticate.
Domain Name: To disable Kerberos authentication, press [Change] and enter the domain name to authenticate.
Printer Job Authentication: Specify the security level for print jobs using the printer driver.
Use Secure Connection (SSL): To encrypt communication signals, press [On].
Group: If global groups have been registered, you can specify usable functions for each global group*. Press [Not Programmed], and then enter the same name as the one registered in the server to specify the available functions.
Users who are registered in multiple groups can use all functions available to those groups.
A user who is not registered in any group can use the authority specified in [*Default Group]. By default, all functions are available to the Default Group members.
Available Functions: Specify the functions available to each group. On "Copy" or "Printer", you can specify whether the user can use all Copy or Printer functions, or the black-and-white or two-color print mode only.
Press [OK].
Press [Exit] to display the confirmation dialog, and then press [Yes] to log out of the machine.
The Home screen is displayed.
Specifying LDAP Authentication (Settings Screen Type: Classic)
On [User Authentication Management], select [LDAP Auth.] to register the information required for authentication in the LDAP server.
In advance, check the use conditions in the LDAP server, and register the LDAP server in the machine.
Log in to the machine as the machine administrator on the control panel.
On the Home screen, press [Settings].
Press [Machine Features Settings] on the Settings screen.
Press [System Settings][Administrator Tools] tab [User Authentication Management] to display the User Authentication Management setting screen.
Select [LDAP Auth.] and select the server for authentication, and then specify the available functions.
LDAP Servers: Select the LDAP server to authenticate.
Printer Job Authentication: Specify the security level for print jobs using the printer driver.
Available Functions: Specify the functions available to the user for each function. On "Copy" or "Printer", you can specify whether the user can use all Copy or Printer functions, or the black-and-white or two-color print mode only.
Login Name Attribute: Use this as a search criterion to obtain user information. Create a search filter based on the login name attribute, select a user, and then retrieve the user information from the LDAP server to transfer to the machine's address book.
When separating multiple login attributes with a comma (,), the search will return hits by entering a login name for either or both attributes.
Also, by entering two login names separated by an equal sign (=) (for example: cn=abcde, uid=xyz), the search will return hits only for a match of the attributes of both login names. This search function can be applied when "Cleartext Authentication" is specified.
Unique Attribute: Specify this to match the user information in the LDAP server with that in the machine. A user whose unique attribute registered in the LDAP server matches that of a user registered in the machine is treated as the same user in the machine. Specify the attribute that is used for unique information in the server as the Unique Attribute. You can enter "cn" or "employeeNumber" to use as "serialNumber" or "uid" as long as it is unique.
Press [OK].
Press [Exit] to display the confirmation dialog, and then press [Yes] to log out of the machine.
The Home screen is displayed.