User GuideIM C2000/C2500/C3000/C3500/C4500/C5500/C6000 series

Verifying Users to Operate the Machine (User Authentication)

"User authentication" is a system to authenticate users and grant them privileges to use the machine. The machine requires entering an arbitrary text, the login user name, or the login password to authenticate a user.

User Authentication Method

There are four types of user authentication methods including basic authentication that limits use of the machine and methods that use an authentication server in the network. Select a method depending on the usage condition or the number of users.

User Authentication Method

Explanation

User Code authentication

Authentication is performed using an eight-digit user code.

When specifying User Code authentication, the machine prompts you to enter the user code to use the machine.

Multiple users can use the same user code.

Basic authentication

Authentication is performed using the login user name and login password registered in the address book on the machine.

When specifying Basic authentication, the machine prompts you to enter the login information to use the machine.

Windows authentication

Authentication is performed using the account registered in the Active Directory of the Windows server.

When specifying Windows authentication, the machine prompts you to enter the login information to use the machine.

LDAP authentication

Authentication is performed using the user information registered in the LDAP server.

When specifying LDAP authentication, the machine prompts you to enter the login information to use the machine.

  • In Windows or LDAP authentication, the machine can authenticate you without registering your user information in the machine's address book manually, as the user information in the server is registered in the machine automatically.

  • In Windows or LDAP authentication, you can manage user information centrally in the server. You can also always use the address provided by the server as the sender (From) of e-mails sent from the machine. These features are useful to avoid data leakage by erroneous input of information or spoofing by an unauthorized user.

  • When switching the authentication method from User Code authentication to another method, the user code will be used as the login user name. In this case, the login password is not specified. To avoid unauthorized use, delete unnecessary user information and set up a password for the continuing users.

Note

  • If user authentication cannot be performed due to a problem with the machine or network, the machine administrator can disable user authentication temporarily in order to use the machine. Take this measure only during emergencies.

Specifying User Code Authentication (Settings Screen Type: Standard)

Specify the functions to restrict with User Code authentication.

1Log in to the machine as the machine administrator on the control panel.

Logging in to the Machine as the Administrator

2On the Home screen, press [Settings].

Operation panel screen illustration

3On the Settings screen, press [System Settings].

Operation panel screen illustration

4Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].

5Select [User Code Authentication] from the list next to User Authentication Management.

Operation panel screen illustration

6From Functions to Restrict, select the functions to restrict against use.

  • Specify whether to perform User Code authentication for each function. For Copier Function and Printer Function, you can specify to perform User Code authentication for all Copier or Printer functions, or for the color print mode only.

  • When registering the user code of the printer driver automatically, select [PC Control] for Printer Function. Specify the user code registered in the Address Book to the printer driver.

  • When [PC Control] is selected, the user code specified in the printer driver is registered in the Address Book automatically and is excluded from the print volume use limitation. To limit the print volume use, select other than [PC Control] for Printer Function.

    Specifying Maximum Print Volume Use of Each User

    For Printer Job Authentication, specify the security level for print jobs using the printer driver.

    Executing a Print Job with Authentication Information Only

7Press [OK].

8Press [Home] (Operation panel screen illustration).

9When the confirmation dialog is displayed, press [OK], and then log out of the machine.

If registration of the user information is not completed, register the user in the Address Book and specify the user code.

Registering the User Code in the Address Book

Specifying Basic Authentication (Settings Screen Type: Standard)

Register the default values of the functions available to each user with Basic authentication.

1Log in to the machine as the machine administrator on the control panel.

Logging in to the Machine as the Administrator

2On the Home screen, press [Settings].

Operation panel screen illustration

3On the Settings screen, press [System Settings].

Operation panel screen illustration

4Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].

5Select [Basic Authentication] from the list next to User Authentication Management.

Operation panel screen illustration

6From Available Functions, select the functions available to the user.

  • Specify the functions available to the user for each function. For Copier Function and Printer Function, you can specify that the user can use all Copier or Printer functions, or the black-and-white or two-color print mode only.

  • For Printer Job Authentication, specify the security level for print jobs using the printer driver.

    Executing a Print Job with Authentication Information Only

7Press [OK].

8Press [Home] (Operation panel screen illustration).

9When the confirmation dialog is displayed, press [OK], and then log out of the machine.

If registration of the user information is not completed, register the user in the Address Book and specify the login information.

Registering a User in the Address Book and Specifying the Login Information

Note

  • The login user name and login password can be used to authenticate the user in the SMTP or LDAP server, or to authenticate shared folders.

  • Use a login user name other than "other", "admin", "supervisor", or "HIDE***". (Enter an optional character string in "***".) You cannot use these user names for authentication because they are already in use in the machine.

Specifying Windows Authentication (Settings Screen Type: Standard)

Register the Windows server information required for authentication with the Windows server.

Important

1Log in to the machine as the machine administrator on the control panel.

Logging in to the Machine as the Administrator

2On the Home screen, press [Settings].

Operation panel screen illustration

3On the Settings screen, press [System Settings].

Operation panel screen illustration

4Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].

5Select [Windows Authentication] from the list next to User Authentication Management.

Operation panel screen illustration

6Register the server for authentication and specify the usable functions.

  • Kerberos Authentication: To enable Kerberos authentication, select [On].

  • Domain Name: To disable Kerberos authentication, enter the domain name to authenticate.

  • Realm Name: To enable Kerberos authentication, select the realm name to authenticate.

  • Use Secure Connection (SSL): To encrypt communication signals, select [On].

  • Printer Job Authentication: Specify the security level for print jobs using the printer driver.

    Executing a Print Job with Authentication Information Only

  • Group: If global groups have been registered, you can specify usable functions for each global group. Press [* Not Registered], and then enter the same name as the one registered in the server to specify the available functions.

    Users who are registered in multiple groups can use all functions available to those groups.

    A user who is not registered in any group can use the authority specified in [*Default Group]. By default, all functions are available to the Default Group members.

    For Available Functions, specify the functions available to each group. For Copier Function and Printer Function, you can specify whether the user can use all Copier or Printer functions, or the black-and-white or two-color print mode only.

7Press [OK].

8Press [Home] (Operation panel screen illustration).

9When the confirmation dialog is displayed, press [OK], and then log out of the machine.

Note

Specifying LDAP Authentication (Settings Screen Type: Standard)

Register the LDAP server information required for authentication with the LDAP server.

Important

1Log in to the machine as the machine administrator on the control panel.

Logging in to the Machine as the Administrator

2On the Home screen, press [Settings].

Operation panel screen illustration

3On the Settings screen, press [System Settings].

Operation panel screen illustration

4Press [Settings for Administrator][Authentication/Charge][Administrator Authentication/User Authentication/App Auth.][User Authentication Management].

5Select [LDAP Authentication] from the list next to User Authentication Management.

Operation panel screen illustration

6Select the server for authentication and specify the available functions.

  • LDAP Servers: Select the LDAP server to authenticate.

  • Login Name Attribute: Use this as a search criterion to obtain user information. Create a search filter based on the login name attribute, select a user, and then retrieve the user information from the LDAP server to transfer to the machine's Address Book.

    When separating multiple login attributes with a comma (,), the search will return hits by entering a login name for either or both attributes.

    Also, by entering two login names separated by an equal sign (=) (for example: cn=abcde, uid=xyz), the search will return hits only for a match of the attributes of both login names. This search function can be applied when "Cleartext authentication" is specified.

  • Unique Attribute: Specify this to match the user information in the LDAP server with that in the machine. A user whose unique attribute registered in the LDAP server matches that of a user registered in the machine is treated as the same user in the machine. Specify the attribute that is used for unique information in the server as the Unique Attribute. You can enter "cn" or "employeeNumber" to use as "serialNumber" or "uid" as long as it is unique.

  • Available Functions: Specify the functions available to the user for each function. For Copier Function and Printer Function, you can specify whether the user can use all Copier or Printer functions, or the black-and-white or two-color print mode only.

    For Printer Job Authentication, specify the security level for print jobs using the printer driver.

    Executing a Print Job with Authentication Information Only

7Press [OK].

8Press [Home] (Operation panel screen illustration).

9When the confirmation dialog is displayed, press [OK], and then log out of the machine.

Note

Specifying User Code Authentication (Settings Screen Type: Classic)

Select [User Code Auth.] on [User Authentication Management], and specify the functions to restrict.

1Log in to the machine as the machine administrator on the control panel.

2On the Home screen, press [Settings].

Operation panel screen illustration

3Press [Machine Features Settings] on the Settings screen.

Operation panel screen illustration

4Press [System Settings][Administrator Tools] tab [User Authentication Management] to display the User Authentication Management setting screen.

5Press "User Code Auth.", and then select the functions to restrict.

Operation panel screen illustration
  • Functions to Restrict: Specify whether to perform User Code authentication for each function. On "Copy" or "Printer", you can specify to perform User Code authentication for all Copy or Printer functions, or for the color print mode only.

    When registering the user code of the printer driver automatically, select [PC Control] in "Printer". Specify the user code registered in [System] to the printer driver.

    When [PC Control] is selected, the user code specified in the printer driver is registered in the address book automatically and is excluded from the print volume use limitation. To limit the print volume use, select other than [PC Control] on "Printer".

    Specifying Maximum Print Volume Use of Each User

  • Printer Job Authentication: Specify the security level for print jobs using the printer driver.

    Executing a Print Job with Authentication Information Only

6Press [OK].

7Press [Exit] to display the confirmation dialog, and then press [Yes] to log out of the machine.

The Home screen is displayed.

If registration of the user information is not completed, register the user in the address book and specify the user code.

Registering the User Code in the Address Book

Specifying Basic Authentication (Settings Screen Type: Classic)

Select [Basic Auth.] on [User Authentication Management], and register the default values of the functions available to each user.

1Log in to the machine as the machine administrator on the control panel.

2On the Home screen, press [Settings].

Operation panel screen illustration

3Press [Machine Features Settings] on the Settings screen.

Operation panel screen illustration

4Press [System Settings][Administrator Tools] tab [User Authentication Management] to display the User Authentication Management setting screen.

5Press [Basic Auth.], and select the functions available to the user.

Operation panel screen illustration
  • Available Functions: Specify the functions available to the user for each function. On "Copy" or "Printer", you can specify that the user can use all of the Copy or Printer functions, or the black-and-white or two-color print mode only.

  • Printer Job Authentication: Specify the security level for print jobs using the printer driver.

    Executing a Print Job with Authentication Information Only

6Press [OK].

7Press [Exit] to display the confirmation dialog, and then press [Yes] to log out of the machine.

The Home screen is displayed.

If registration of the user information is not completed, register the user in the address book and specify the login information.

Registering a User in the Address Book and Specifying the Login Information

Note

  • The login user name and login password can be used to authenticate the user in the SMTP or LDAP server, or to authenticate shared folders.

  • Use a login user name other than "other", "admin", "supervisor", or "HIDE***". (Enter an optional character string in "***".) You cannot use these user names for authentication because they are already in use in the machine.

Specifying Windows Authentication (Settings Screen Type: Classic)

On [User Authentication Management], select [Windows Auth.] to register the information required for authentication in the Windows server.

Important

1Log in to the machine as the machine administrator on the control panel.

2On the Home screen, press [Settings].

Operation panel screen illustration

3Press [Machine Features Settings] on the Settings screen.

Operation panel screen illustration

4Press [System Settings][Administrator Tools] tab [User Authentication Management] to display the User Authentication Management setting screen.

5Select [Windows Auth.] to register the server for authentication and to specify the usable functions.

Operation panel screen illustration
  • Kerberos Authentication: To enable Kerberos Authentication, press [On].

  • Realm Name: To enable Kerberos authentication, select the realm name to authenticate.

  • Domain Name: To disable Kerberos authentication, press [Change] and enter the domain name to authenticate.

  • Printer Job Authentication: Specify the security level for print jobs using the printer driver.

    Executing a Print Job with Authentication Information Only

  • Use Secure Connection (SSL): To encrypt communication signals, press [On].

  • Group: If global groups have been registered, you can specify usable functions for each global group*. Press [Not Programmed], and then enter the same name as the one registered in the server to specify the available functions.

    Users who are registered in multiple groups can use all functions available to those groups.

    A user who is not registered in any group can use the authority specified in [*Default Group]. By default, all functions are available to the Default Group members.

  • Available Functions: Specify the functions available to each group. On "Copy" or "Printer", you can specify whether the user can use all Copy or Printer functions, or the black-and-white or two-color print mode only.

6Press [OK].

7Press [Exit] to display the confirmation dialog, and then press [Yes] to log out of the machine.

The Home screen is displayed.

Specifying LDAP Authentication (Settings Screen Type: Classic)

On [User Authentication Management], select [LDAP Auth.] to register the information required for authentication in the LDAP server.

Important

1Log in to the machine as the machine administrator on the control panel.

2On the Home screen, press [Settings].

Operation panel screen illustration

3Press [Machine Features Settings] on the Settings screen.

Operation panel screen illustration

4Press [System Settings][Administrator Tools] tab [User Authentication Management] to display the User Authentication Management setting screen.

5Select [LDAP Auth.] and select the server for authentication, and then specify the available functions.

Operation panel screen illustration
  • LDAP Servers: Select the LDAP server to authenticate.

  • Printer Job Authentication: Specify the security level for print jobs using the printer driver.

    Executing a Print Job with Authentication Information Only

  • Available Functions: Specify the functions available to the user for each function. On "Copy" or "Printer", you can specify whether the user can use all Copy or Printer functions, or the black-and-white or two-color print mode only.

  • Login Name Attribute: Use this as a search criterion to obtain user information. Create a search filter based on the login name attribute, select a user, and then retrieve the user information from the LDAP server to transfer to the machine's address book.

    When separating multiple login attributes with a comma (,), the search will return hits by entering a login name for either or both attributes.

    Also, by entering two login names separated by an equal sign (=) (for example: cn=abcde, uid=xyz), the search will return hits only for a match of the attributes of both login names. This search function can be applied when "Cleartext Authentication" is specified.

  • Unique Attribute: Specify this to match the user information in the LDAP server with that in the machine. A user whose unique attribute registered in the LDAP server matches that of a user registered in the machine is treated as the same user in the machine. Specify the attribute that is used for unique information in the server as the Unique Attribute. You can enter "cn" or "employeeNumber" to use as "serialNumber" or "uid" as long as it is unique.

6Press [OK].

7Press [Exit] to display the confirmation dialog, and then press [Yes] to log out of the machine.

The Home screen is displayed.