HomeSearch by PurposeConfiguring User Authentication and Account Track

Search by Purpose

Configuring User Authentication and Account Track

Settings Anyone can Change

To change the password of the login user ([Change Password])

To display:
  • [Utility]
    • [User Settings]
      • [Change Password]

Change the password of the user who is logged in through user authentication.

To change the E-mail address of the login user ([Change E-Mail Address])

To display:
  • [Utility]
    • [User Settings]
      • [Change E-Mail Address]

Change the E-mail address of the user who is logged in through user authentication.

  • You can specify this option when you are allowed by the administrator to change the setting. When allowing a user to change this setting, change the setting value of [Administrator Security Levels] (default: [Prohibit]). For details, refer to Here.

To register finger vein or IC card information of the login user ([Register Authentication Information])

To display:
  • [Utility]
    • [User Settings]
      • [Register Authentication Information]

Register or delete the biometric authentication information or IC card authentication information of the user who is logged in through user authentication.

Tap [Edit], then register authentication information. To delete authentication information, tap [Delete].

  • You can specify this option when you install the Authentication Unit and you are allowed to change the setting by the administrator.

In order that the login user changes whether to synchronize the user authentication and account track ([Synchronize User Auth. and Account Track])

To display:
  • [Utility]
    • [User Settings]
      • [Synchronize User Auth. and Account Track]

When user authentication and account track are both employed, specify whether to synchronize user authentication and account track setting for the login user.

Settings

Description

[Synchronize]/[Do Not Synchronize]

Select whether to synchronize user authentication and account track setting.

If you select [Synchronize] and login by using the user name and password that are used for user authentication, you are also allowed to login to the account to which you belong.

[Account Name]

When you have selected [Synchronize], select the account to which you belong.

  • You can specify this option when you are allowed by the administrator to select whether to synchronize user authentication and account track setting.

To change the destination access rights of the login user ([Limiting Access to Destinations])

To display:
  • [Utility]
    • [One-Touch/User Box Registration]
      • [Limiting Access to Destinations]

Limit the access to destinations for each user.

Settings

Description

[Apply Levels/Groups to Destinations]

To limit access to a destination by users, assign a permissible access level or reference allowed group to the destination.

After selecting a destination from [Address Book], [Group] or [Program], tap [Apply Level] or [Apply Group], then assign an access allowed level or reference allowed group to the destination.

  • You can specify [Apply Levels/Groups to Destinations] within the access allowed level for the respective users. For details, contact your administrator.

  • To specify a reference allowed group, the administrator must register the group in advance. For details, contact your administrator.

  • How to configure the setting for limiting the access to destinations for each user is explained using Web Connection. For details, refer to Here.

Settings only the Administrators can Change

To configure the general settings for user authentication ([User Authentication])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [User Authentication]

Configure the general settings for user authentication.

Settings

Description

[Authenticate]/[OFF]

Specify whether to implement user authentication.

[OFF] is specified by default.

[Authentication Method]

Select a user authentication method.

[ON (MFP)]

The authentication function of this machine is used for user authentication. This authentication method only allows users registered on this machine to use it.

[ON (MFP)] is specified by default.

[External Server Authentication]

Interacts with the authentication server used for user authentication in the operating environment. This authentication method only allows users registered on the authentication server to use this machine.

Register the authentication server beforehand from [Administrator Settings] - [User Authentication/Account Track] - [External Server Settings].

[Main + External Server]

Select this option to enable login using the authentication function of the MFP in case a trouble occurs on the external authentication server.

[Enhanced Server Authentication]

Interacts with the enhanced server such as Authentication Manager. This authentication method only allows users registered on the enhanced server to use this machine.

[Main + Enhanced Server]

Select this option to enable login using the authentication function of the MFP in case a trouble occurs on the enhanced server such as Authentication Manager.

[Default Authentication Method]

Select your preferred authentication method if [Main + External Server] or [Main + Enhanced Server] is selected with [Authentication Method].

  • If [Authentication Method] is set to [Main + External Server], [External Server Authentication] is specified by default.

  • If [Authentication Method] is set to [Main + Enhanced Server], [Enhanced Server Authentication] is specified by default.

[Overwrite User Info]

Configure this option if [External Server Authentication] or [Main + External Server] is selected with [Authentication Method].

When the external server authentication is used, authenticated user information is also managed on this machine.

If the number of users who have executed the external server authentication reaches the maximum number of users this machine can manage, authentication of any new users will not be permitted. Select whether to allow the user to overwrite registered user information for that case.

If you select [Allow], the oldest authenticated user information is erased and the new user is registered.

If [Enhanced Server Authentication] or [Main + Enhanced Server] is selected with [Authentication Method], [Allow] is specified forcibly.

[Restrict] is specified by default.

[Temporarily Save Authentication Info.]

Select whether to temporarily save authentication information in the main unit against a case where an external authentication server shuts down. [OFF] is specified by default.

To temporarily save authentication information, specify the timing to reconnect to the authentication server and the validity period of the data to be saved temporarily.

  • [Reconnection Settings]: Specify the timing to reconnect to the authentication server. Selecting [Reconnect for every login] connects to the authentication server at the time authentication is carried out on this machine. If the authentication server is in the shutdown state at the time authentication is carried out on this machine, first confirm that the authentication server is down, and use the temporarily saved authentication information to log in to this machine. Selecting [Set Reconnect Interval] connects to the authentication server at the time specified in [Reconnection Time], and check the status of the authentication server. If the authentication server is in the shutdown state, use the authentication information temporarily saved in the main unit to log in. [Set Reconnect Interval] is specified by default.

  • [Expiration Date Settings]: Select whether to set the validity period to the temporarily saved authentication information. To set the validity period, enter the desired value. [Invalid] is specified by default.

To permit use by unregistered users when installing user authentication ([Public User Access])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Public User Access]

Specify whether to permit users other than the registered in an environment where user authentication is employed. Any user who is going to use this machine without performing authentication operation is called a "public user".

When permitting public users to use this machine, select the login method. [Restrict] is specified by default.

Settings

Description

[Restrict]

Usage of this machine by public users is prohibited.

[ON (With Login)]

Permits that public users use this machine. When a public user uses this machine, tap [Public User] on the Login screen to log in to this machine.

[ON (Without Login)]

Permits that public users use this machine. A public user can use this machine without logging in to this machine.

Using this option eliminates the login operations, providing advantages in an environment with a large number of public users.

To display the login screen when using a function restricted for public users ([Prohibited Function Login Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Prohibited Function Login Setting]

Specify whether to request switching of the user by displaying the login screen when a public user attempts to use any restricted function.

For example, if color copy is restricted for public users, the Login screen appears when a public user attempts a color copy operation. In this case, the user can use the color copy function by logging in to this machine as another user authorized to perform color copy operations.

[Do Not Request] (not request) is specified by default.

To configure whether to install account track ([Account Track])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Account Track]

Specify whether account tracking should be implemented to manage users by account.

[OFF] is specified by default.

To configure the general settings for account track ([Account Track Input Method])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Account Track Input Method]

When you have selected [ON] for [Account Track], select the account tracking method. [Account Name & Password] is specified by default.

Settings

Description

[Account Name & Password]

Enter the account name and password to log in. When cusing user authentication and account track in combination, the setting cannot be changed from [Account Name & Password].

[Password Only]

Enter only the password to log in.

To synchronize user authentication and account track when installing them ([Synchronize User Authentication & Account Track])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Synchronize User Authentication & Account Track]

When using user authentication and account track in conjunction, specify whether to synchronize user authentication and account track. [Synchronize] is specified by default.

Settings

Description

[Synchronize]

Select this option when users and accounts are in a one-on-one relation. When registering a user, just specify the department of a user, and login as the user also results in login as the associated account.

[Do Not Synchronize]

Select this option for users who join more than one account. To log in to this machine, users need to specify an account after entering the user name.

[Synchronize by User]

Have users select whether or not to synchronize user authentication and account track.

To specify whether to allow other users to print data when printing stopped because the number of print sheets exceeded the maximum number specified for the user ([When # of Jobs Reach Maximum])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [When # of Jobs Reach Maximum]

Sets the maximum number of sheets that each user can print. Here, select an operation if the number of sheets exceeds the maximum number of sheets that can be printed. [Skip Job] is specified by default.

Settings

Description

[Skip Job]

Stops the running job, and then starts the next job.

[Stop Job]

Stops all jobs.

  • To restart a suspended job, reset the counter.

To specify the maximum number of users when installing user authentication and account track ([Number of User Counters Assigned])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Number of Counters Assigned]

Counter management is carried out for each user or account track to install user authentication or account track. This machine provides 1,000 counter areas to carry out counter management. In this option, specify the number of counter areas to be assigned to each user.

[500] is specified by default.

  • If [Authentication Method] is set to [Main + Enhanced Server], a counter area can be assigned to temporarily save data when the enhanced server has shut down. Up to 1,000 counter areas can be assigned for users, account tracks, and the enhanced server in total.

To change the time to hold the Kerberos authentication ticket at Active Directory authentication ([Ticket Hold Time Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [Ticket Hold Time Setting]

Change the retention time for a Kerberos authentication ticket if Active Directory is used as an authentication server.

[600] minutes is specified by default.

To perform IC card authentication via the LDAP server ([LDAP-IC Card Authentication Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [General Settings]
          • [LDAP-IC Card Authentication Setting]

Configure settings for authentication by the LDAP server using the card ID registered on authentication cards in an environment with IC card-based user authentication implemented by connecting an Authentication Unit (IC card type).

You can set this option by selecting [External Server Authentication] or [Main + External Server] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [User Authentication] - [Authentication Method].

Settings

Description

[ON]/[OFF]

Specify whether to enable authentication by the LDAP server using the card ID registered on authentication cards.

[OFF] is specified by default.

[Setting Up LDAP]

Register the LDAP server to be used for authenticating the user ID of the IC card.

Tap [Check Connection] to try connecting to the LDAP server using the entered information and check if the iformation registered is correct.

Tap [Reset All Settings] to reset all the information entered.

[User Name Acquisition]

Select how to obtain the user name when logging in to this machine.

  • [Use Card ID]: Select this option when only IC card information is registered in the server. Uses the card ID in the IC card as user name.

  • [Acquiring]: Select this option when user information other than IC card information is registered in the server. Uses the user name obtained from the server. Enter the attribute to be searched as the user name ("uid") at [User Name Attribute].

[Use Card ID] is specified by default.

[Timeout]

Change the timeout time of communication with the LDAP server if necessary.

[60 second] is specified by default.

[Search Attribute]

Enter attributes for the place in which you have entered IC card information (using up to 64 characters).

The attribute must start with an alphabet character.

[uid] is specified by default.

[Server Address]

Enter the LDAP server address.

Use one of the following formats.

  • Example of host name entry: "host.example.com"

  • Example of IP address (IPv4) entry: "192.168.1.1"

  • Example of IP address (IPv6) entry: "fe80::220:6bff:fe10:2f16"

[Search Base]

Specify the starting point to search for a user to be authenticated (using up to 255 characters).

The range from the entered origin point, including the following tree structure, is searched.

Example of entry: "cn=users,dc=example,dc=com"

[SSL Setting]

Specify whether or not to use SSL for communication with the LDAP server.

[OFF] is specified by default.

[Port Number]

If necessary, change the LDAP server port number.

Normally, you can use the original port number.

[389] is specified by default.

[Port Number (SSL)]

If necessary, change the SSL communication port number.

Normally, you can use the original port number.

[636] is specified by default.

[Certificate Verification Level Settings]

To validate the certificate during SSL communication, select items to be verified.

  • [Expiration Date]: Confirm whether the certificate is within the validity period. [Confirm] is specified by default.

  • [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer. [Do Not Confirm] is specified by default.

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine. [Do Not Confirm] is specified by default.

  • [Expiration Date Confirmation]: Confirm whether the certificate has expired. [Do Not Confirm] is specified by default.

  • [CN]: Confirm whether CN (Common Name) of the certificate matches the server address. [Do Not Confirm] is specified by default.

[Authentication Type]

Select the authentication method to log in to the LDAP server. Select one appropriate for the authentication method used for your LDAP server.

  • [Simple]

  • [Digest-MD5]

  • [GSS-SPNEGO]

  • [NTLM v1]

  • [NTLM v2]

[Simple] is specified by default.

[Referral Setting]

Select whether to use the referral function, if necessary.

Make an appropriate choice to fit the LDAP server environment.

[ON] is specified by default.

[Login Name]

Log in to the LDAP server, and enter the login name to search for a user (using up to 64 characters).

[Password]

Enter the password of the user name you entered into [Login Name] (using up to 64 characters).

[Domain Name]

Enter the domain name to log in to the LDAP server (using up to 64 characters).

If [GSS-SPNEGO] is selected for [Authentication Type], enter the domain name of Active Directory.

[LDAP Server Connection Settings]

Select the name of the external server to be used as authentication information saved on this machine.

The authentication information is saved on this machine when the LDAP-IC card authentication is successfully completed. This authentication information includes the user name and the external server name. As authentication information to be saved on this machine, the name of external server registered on this machine can be registered.

To specify whether to display a list of registered users on the login screen and allow a user to select a desired one ([User Name List])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [User Name List]

Select whether to display the [User Name List] icon in the login screen.

Selecting [ON] enables you to select the login user from the list of user names registered on this machine.

[OFF] is specified by default.

To specify the default function permission applied to users when external server authentication is installed ([Default Function Permission])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [Default Function Permission]

Specify the default function permission applied to users when an external authentication server is used.

Functions available to users who log in to this machine for the first time are limited according to the settings configured here.

  • The default function permission can also be specified with Web Connection. For details, refer to Here.

To specify operations for the ID & Print function ([ID & Print Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [ID & Print Settings]

Specify the operations of the ID & Print function.

Settings

Description

[ID & Print]

Select whether to handle jobs normally printed from the printer driver as ID & Print jobs.

  • [ON]: Jobs that are normally printed are handled as ID & Print jobs.

  • [OFF]: Only jobs for which ID & Print is set are handled as print jobs.

[OFF] is specified by default.

[Public User]

Select the process performed when a public user job or a job without user authentication information is received.

  • [Print Immediately]: Prints the job without saving it in the ID & Print User Box.

  • [Save]: Saves the job in the ID & Print User Box.

[Print Immediately] is specified by default.

To specify the printing method when using the ID & Print function in the authentication unit ([ID & Print Operation Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [ID & Print Operation Settings]

When using the ID & Print function on an Authentication Unit, select whether to request user authentication for printing each job or to allow the user to print all jobs once the user is authenticated. [Print All Jobs] is specified by default.

Settings

Description

[Print All Jobs]

One successful authentication session allows the user to print all jobs.

[Print Each Job]

One successful authentication session allows the user to print a single job.

To specify the default operation to be performed after authentication on the login screen when using the ID & Print function ([Default Operation Selection])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [Administrative Settings]
            • [Default Operation Selection]

Select the default value for the operation that is performed after the authentication process is carried out in the login screen. [Print & Access Basic Screen] is specified by default.

Settings

Description

[Print & Access Basic Screen]

The ID & Print job is executed and the user logs in this machine.

[Access]

The user logs in to this machine. The ID & Print job is not executed.

To register user information ([User Registration])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [User Registration]
            • [Edit]

Register the user information. In addition, configure function permission and the upper limit of the number of printable sheets for each user.

Select a number and tap [Edit], and the user registration or editing screen is displayed.

To limit the public user functions, tap [] on the number selection screen. Then, select [Public] and tap [Edit].

Settings

Description

[User Name]

Enter the user name to log in to this machine (using up to 64 characters).

You cannot configure the same user name as an the one which has already been assigned to a registered user. Once a user name is registered, it cannot be changed.

[Password]

Enter the password to log in to this machine (using up to 64 characters).

[E-mail Address]

Enter the user's E-mail address (using up to 320 characters) if necessary.

If the E-mail address is registered, the Scan to Me function is available to the user.

[Max. Allowance Set]

Set the maximum number of pages that the user can print.

  • [Total Allowance]: Specify the total number of pages that can be printed. To omit setting of the maximum, select [No Limit].

  • [Individual Allowance]: Specify the number of pages that can be printed separately for [Color] and [Black]. To omit setting of the maximum, select [No Limit].

Tap [All Users] to apply the maximum setting to all users.

[Disable] is specified by default.

[Register Auth. Info.]

If an Authentication Unit is used to adopt the user authentication, tap [Edit] to register authentication information.

To delete authentication information, tap [Delete].

[Function Permission]

Restrict functions available to users.

Specify whether to restrict the following functions, respectively:

  • [Copy]: [Full Color/Black] is specified by default.

  • [Scan]: [Full Color/Black] is specified by default.

  • [Fax]: [Full Color/Black] is specified by default.

  • [Print]: [Full Color/Black] is specified by default.

  • [User Box]: [Allow] is specified by default.

  • [Print Scan/Fax TX]: [Full Color/Black] is specified by default.

  • [Save to External Memory]: [Restrict] is specified by default.

  • [External Memory Document Scan]: [Restrict] is specified by default.

  • [Manual Destination Input]: [Allow] is specified by default.

  • [Biometric/IC Card Info. Registration]: [Restrict] is specified by default.

  • [Cellular Phone/PDA]: [Allow] is specified by default.

  • [Web Browser]: [Allow] is specified by default.

Tap [All Users] to apply the Function Permission to all users.

[Pause]

Disable registered users temporarily if necessary. If [Stop Job] is set, the users cannot log in to the MFP any longer.

Tap [All Users] to temporarily suspend the use of this machine by any user.

[Continue Job] is specified by default.

[Custom Pattern Function]

Specify the display pattern of function keys in the Copy, Scan/Fax and User Box modes for each user.

  • [Full Functions]: Displays all function keys.

  • [Standard Functions] (Not displayed in some area): Displays commonly used function keys.

  • [Basic Functions]: Displays the more basic function keys than [Standard Functions].

  • [Disable]: User-specific pattern is not configured. The settings of this machines are applied.

You can set this option by selecting [Allow] in [Administrator Settings] - [System Settings] - [Custom Display Settings] - [User/Admin Function Permissions].

[Disable] is specified by default.

[Synchronize Account Track]

Specify whether to synchronize user authentication and account track when both user authentication and account track are implemented.

Tap [All Users] to apply the setting for synchronizing user authentication and account track to all users.

You can set this option by selecting [Synchronize by User] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [Synchronize User Authentication & Account Track].

[Account Name]

If user authentication and account track are implemented and if they are synchronized with each other, select the account to which the user belongs.

Account names must be registered in advance.

  • To change the registered user information, select the registration number and tap [Edit].

  • To delete a registered user, select the registration number and tap [Delete].

  • When using user authentication and account track in combination, register account information beforehand in [Administrator Settings] - [User Authentication/Account Track] - [Account Track Settings] - [Account Track Registration].

  • Information on users authenticated by the external authentication server is also registered. You can change the settings of [Max. Allowance Set], [Function Permission], [Custom Pattern Function], [Synchronize Account Track], and [Account Name] for users authenticated by the external authentication server if necessary.

To specify the function permission and the upper limit of sheets for each user ([User Registration])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [User Registration]
            • [Edit]

Register the user information. In addition, configure function permission and the upper limit of the number of printable sheets for each user.

Select a number and tap [Edit], and the user registration or editing screen is displayed.

To limit the public user functions, tap [] on the number selection screen. Then, select [Public] and tap [Edit].

Settings

Description

[User Name]

Enter the user name to log in to this machine (using up to 64 characters).

You cannot configure the same user name as an the one which has already been assigned to a registered user. Once a user name is registered, it cannot be changed.

[Password]

Enter the password to log in to this machine (using up to 64 characters).

[E-mail Address]

Enter the user's E-mail address (using up to 320 characters) if necessary.

If the E-mail address is registered, the Scan to Me function is available to the user.

[Max. Allowance Set]

Set the maximum number of pages that the user can print.

  • [Total Allowance]: Specify the total number of pages that can be printed. To omit setting of the maximum, select [No Limit].

  • [Individual Allowance]: Specify the number of pages that can be printed separately for [Color] and [Black]. To omit setting of the maximum, select [No Limit].

Tap [All Users] to apply the maximum setting to all users.

[Disable] is specified by default.

[Register Auth. Info.]

If an Authentication Unit is used to adopt the user authentication, tap [Edit] to register authentication information.

To delete authentication information, tap [Delete].

[Function Permission]

Restrict functions available to users.

Specify whether to restrict the following functions, respectively:

  • [Copy]: [Full Color/Black] is specified by default.

  • [Scan]: [Full Color/Black] is specified by default.

  • [Fax]: [Full Color/Black] is specified by default.

  • [Print]: [Full Color/Black] is specified by default.

  • [User Box]: [Allow] is specified by default.

  • [Print Scan/Fax TX]: [Full Color/Black] is specified by default.

  • [Save to External Memory]: [Restrict] is specified by default.

  • [External Memory Document Scan]: [Restrict] is specified by default.

  • [Manual Destination Input]: [Allow] is specified by default.

  • [Biometric/IC Card Info. Registration]: [Restrict] is specified by default.

  • [Cellular Phone/PDA]: [Allow] is specified by default.

  • [Web Browser]: [Allow] is specified by default.

Tap [All Users] to apply the Function Permission to all users.

[Pause]

Disable registered users temporarily if necessary. If [Stop Job] is set, the users cannot log in to the MFP any longer.

Tap [All Users] to temporarily suspend the use of this machine by any user.

[Continue Job] is specified by default.

[Custom Pattern Function]

Specify the display pattern of function keys in the Copy, Scan/Fax and User Box modes for each user.

  • [Full Functions]: Displays all function keys.

  • [Standard Functions] (Not displayed in some area): Displays commonly used function keys.

  • [Basic Functions]: Displays the more basic function keys than [Standard Functions].

  • [Disable]: User-specific pattern is not configured. The settings of this machines are applied.

You can set this option by selecting [Allow] in [Administrator Settings] - [System Settings] - [Custom Display Settings] - [User/Admin Function Permissions].

[Disable] is specified by default.

[Synchronize Account Track]

Specify whether to synchronize user authentication and account track when both user authentication and account track are implemented.

Tap [All Users] to apply the setting for synchronizing user authentication and account track to all users.

You can set this option by selecting [Synchronize by User] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [Synchronize User Authentication & Account Track].

[Account Name]

If user authentication and account track are implemented and if they are synchronized with each other, select the account to which the user belongs.

Account names must be registered in advance.

  • To change the registered user information, select the registration number and tap [Edit].

  • To delete a registered user, select the registration number and tap [Delete].

  • When using user authentication and account track in combination, register account information beforehand in [Administrator Settings] - [User Authentication/Account Track] - [Account Track Settings] - [Account Track Registration].

  • Information on users authenticated by the external authentication server is also registered. You can change the settings of [Max. Allowance Set], [Function Permission], [Custom Pattern Function], [Synchronize Account Track], and [Account Name] for users authenticated by the external authentication server if necessary.

To check the operation conditions of this machine for each user or eco information (economy level) ([User Counter])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User Authentication Settings]
          • [User Counter]

Use this option to check the number of pages for each user and to reset the counter.

Select the registration number of a user subject to counter checking and tap [Counter Details].

Settings

Description

[Counter Details]

Shows the counter for the selected user. You can check the number of pages used for each function or color.

Tap [Eco Info] to display the ratios of color printing, 2-sided printing and page combination by the user and check how effectively toner and paper saving is accomplished.

Tap [Clear Counter] to clear the user's counter.

[Reset All Counters]

Resets counters for all users.

To register account track information ([Account Track Registration])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Account Track Settings]
          • [Account Track Registration]
            • [Edit]

Register account information. In addition, configure function permission and the maximum allowance on the number of pages printed for each account.

Settings

Description

[Account Name]

Enter the account name used for logging in to this machine (using up to eight characters).

[Password]

Enter the password to log in to this machine (using up to 64 characters).

[Max. Allowance Set]

Restricts the number of pages each account can print.

  • [Total Allowance]: Specify the total number of pages that can be printed. To omit setting of the maximum, select [No Limit].

  • [Individual Allowance]: Specify the number of pages that can be printed separately for [Color] and [Black]. To omit setting of the maximum, select [No Limit].

Tap [All Accounts] to apply the maximum setting to all accounts.

[No Limit] is specified by default.

[Function Permission]

Restrict functions available to users.

Specify whether to restrict the following functions, respectively:

  • [Copy]: [Full Color/Black] is specified by default.

  • [Scan]: [Full Color/Black] is specified by default.

  • [Fax]: [Full Color/Black] is specified by default.

  • [Print]: [Full Color/Black] is specified by default.

  • [Print Scan/Fax TX]: [Full Color/Black] is specified by default.

Tap [All Accounts] to apply function permission setting to all accounts.

[Pause]

Disable registered accounts temporarily if necessary. If [Stop Job] is set, the users cannot log in to the MFP any longer.

Tap [All Accounts] to temporarily suspend the use of this machine by any account.

[Continue Job] is specified by default.

[Custom Pattern Function]

Specify the display pattern of function keys in the Copy, Scan/Fax and User Box modes for each account.

  • [Full Functions]: Displays all function keys.

  • [Standard Functions] (Not displayed in some area): Displays commonly used function keys.

  • [Basic Functions]: Displays the more basic function keys than [Standard Functions].

  • [Disable]: Account-specific pattern is not configured. The settings of this machines are applied.

You can set this option by selecting [Allow] in [Administrator Settings] - [System Settings] - [Custom Display Settings] - [User/Admin Function Permissions].

[Disable] is specified by default.

  • To change the registered account information, select the registration number and tap [Edit].

  • To delete a registered account, select the registration number and tap [Delete].

To specify the function permission and the upper limit of sheets for each account track ([Account Track Registration])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Account Track Settings]
          • [Account Track Registration]
            • [Edit]

Register account information. In addition, configure function permission and the maximum allowance on the number of pages printed for each account.

Settings

Description

[Account Name]

Enter the account name used for logging in to this machine (using up to eight characters).

[Password]

Enter the password to log in to this machine (using up to 64 characters).

[Max. Allowance Set]

Restricts the number of pages each account can print.

  • [Total Allowance]: Specify the total number of pages that can be printed. To omit setting of the maximum, select [No Limit].

  • [Individual Allowance]: Specify the number of pages that can be printed separately for [Color] and [Black]. To omit setting of the maximum, select [No Limit].

Tap [All Accounts] to apply the maximum setting to all accounts.

[No Limit] is specified by default.

[Function Permission]

Restrict functions available to users.

Specify whether to restrict the following functions, respectively:

  • [Copy]: [Full Color/Black] is specified by default.

  • [Scan]: [Full Color/Black] is specified by default.

  • [Fax]: [Full Color/Black] is specified by default.

  • [Print]: [Full Color/Black] is specified by default.

  • [Print Scan/Fax TX]: [Full Color/Black] is specified by default.

Tap [All Accounts] to apply function permission setting to all accounts.

[Pause]

Disable registered accounts temporarily if necessary. If [Stop Job] is set, the users cannot log in to the MFP any longer.

Tap [All Accounts] to temporarily suspend the use of this machine by any account.

[Continue Job] is specified by default.

[Custom Pattern Function]

Specify the display pattern of function keys in the Copy, Scan/Fax and User Box modes for each account.

  • [Full Functions]: Displays all function keys.

  • [Standard Functions] (Not displayed in some area): Displays commonly used function keys.

  • [Basic Functions]: Displays the more basic function keys than [Standard Functions].

  • [Disable]: Account-specific pattern is not configured. The settings of this machines are applied.

You can set this option by selecting [Allow] in [Administrator Settings] - [System Settings] - [Custom Display Settings] - [User/Admin Function Permissions].

[Disable] is specified by default.

  • To change the registered account information, select the registration number and tap [Edit].

  • To delete a registered account, select the registration number and tap [Delete].

To check the operation conditions of this machine for each account track or eco information (economy level) ([Account Track Counter])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Account Track Settings]
          • [Account Track Counter]

You can check the number of pages used for each account and reset the counter.

Select the registration number of an account subject to counter checking and tap [Counter Details].

Settings

Description

[Counter Details]

Shows the counter for the selected account. You can check the number of pages used for each function or color.

Tap [Eco Info] to display the ratios of color printing, 2-sided printing and page combination by the account and check how effectively toner and paper saving is accomplished.

Tap [Clear Counter] to clear the account's counter.

[Reset All Counters]

Resets counters for all accounts.

To specify an action to be taken when this machine receives a print job without authentication information ([Print without Authentication])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Print without Authentication]

Select whether to allow users to start print jobs without authentication information (jobs for which the print command is executed even though user authentication or account track is not correctly configured in the printer driver). [Restrict] is specified by default.

Settings

Description

[Full Color/Black]

Both color printing and black-and-white printing are allowed.

Print jobs are counted as public user jobs.

[Black Only]

Only black-and-white printing is allowed. Color printing jobs are also printed in black and white.

Print jobs are counted as public user jobs.

[Restrict]

Printing is restricted.

Canceling [Restrict] allows everybody to perform printing. Select [Restrict] to control user access and ensure security.

To print a list in which the operation conditions of this machine are calculated for each user or account track ([Print Counter List])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Print Counter List]

A print counter list is printed. You can print a list if user authentication or account track has been adopted.

In [Print Item], specify whether to print all information or only to print typed information. Change print settings as required, then tap [Start] to start printing.

To register an external server for user authentication ([External Server Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [External Server Settings]
          • [New]

When employing external server authentication, register the authentication server. When registering multiple authentication servers, register the one you want to normally use as the default value.

Select a number for registering the server and tap [New].

Settings

Description

[Server Name]

Enter the name of your authentication server (using up to 32 characters).

Assign an easy-to-understand name to the authentication server to be registered.

[Server Type]

Select the type of the authentication server and set required information. The items you are able to configure will vary depending on the selected server type.

[Active Directory]

Register server information when Active Directory is used as the authentication server.

  • [Default Domain Name]: Enter the default domain name of your Active Directory (using up to 64 characters).

  • [Timeout]: Change the timeout interval for communication with Active Directory, if required.
    [60 sec.] is specified by default.

[NTLM v1]

Register server information when NTLM v1 is used as the authentication server.

  • [Default Domain Name]: Enter the default domain name of your authentication server (using up to 64 characters). The default domain name must be uppercase letters.

[NTLM v2]

Register server information when NTLM v2 is used as the authentication server.

  • [Default Domain Name]: Enter the default domain name of your authentication server (using up to 64 characters). The default domain name must be uppercase letters.

[NDS over IPX]

Register server information when NDS over IPX is used as the authentication server.

  • [Default NDS Tree Name]: Enter the default NDS tree name (using up to 63 characters).

  • [Default NDS Context Name]: Enter the default NDS context name (using up to 191 characters).

You can set this option by selecting [ON] in [Administrator Settings] - [Network Settings] - [NetWare Settings] - [IPX Settings].

[NDS over TCP/IP]

Register server information when NDS over TCP/IP is used as the authentication server.

  • [Default NDS Tree Name]: Enter the default NDS tree name (using up to 63 characters).

  • [Default NDS Context Name]: Enter the default NDS context name (using up to 191 characters).

[LDAP]

Register server information when LDAP is used as the authentication server.

  • [Server Address]: Enter your LDAP server address.

  • [Search Base]: Specify the starting point for searching a user (using up to 255 characters)

  • [SSL Setting]: Specify whether to use SSL for communications. [OFF] is specified by default.

  • [Port No.]: If necessary, change the port number. [389] is specified by default.

  • [Timeout]: Change the timeout interval for communication with the LDAP server, if required. [60] sec. is specified by default.

  • [Authentication Type]: Select the authentication method to log in to the LDAP server. Select one appropriate for the authentication method used for your LDAP server. [Simple] is specified by default.

  • [Search Attribute(s)]: Enter the search attribute used in user account search (using up to 64 characters). [uid] is specified by default.

  • [Search Attributes Authentication]: Specify whether to have DN (Distinguished Name) generated automatically that is required for authentication by the LDAP server when [Simple] is selected for [Authentication Type]. Also, enter authentication information used for logging in to the LDAP server in order to search for the user ID. [No Limit] is specified by default.

  • To change the registered authentication server information, select the registration number and tap [Edit].

  • To delete the registered authentication server, select the registration number and tap [Delete].

  • When registering multiple authentication servers, select the authentication server that is normally used and then tap [Set as Default] to register it as the default.

To restrict the registered destinations that can be accessed by users ([Limiting Access to Destinations])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Limiting Access to Destinations]

Limit the access to destinations for each user.

Restrict destinations that can be browsed by users by combining [Apply Levels/Groups to Destinations] and [Apply Levels/ Groups to Users].

  • For details on the restriction of browsing destinations, refer to Here.

Settings

Description

[Create Group]

Register a reference allowed group.

In a reference allowed group, destinations and users can be registered, and such users can reference destinations registered in the same group.

  • To register a group, select the registration number and tap [Edit].

  • To check destinations or users registered in a group, tap [Details].

[Group Name]

Enter the name of the group (using up to 24 characters).

[Access Allowed Level]

To manage the address book by combining the access allowed level and reference allowed group, select an access allowed level of the reference allowed group.

[Level 0] is specified by default.

[Apply Levels/Groups to Destinations]

Select a registered destination from [Address Book], [Group], or [Program], and then configure either the reference allowed group or access allowed level.

[Apply Group]

Assign a reference allowed group to the registered destination you have selected.

Before you can assign a reference allowed group, you need to register the reference allowed group in [Create Group].

[Apply Level]

Assign an access allowed level to the registered destination you have selected.

[Level 0] is specified by default.

[Apply Levels/Groups to Users]

Select a registered user or public user and specify a reference allowed group or access allowed level. You can combine reference allowed group and access allowed level settings.

[Apply Group]

Assign a reference allowed group to the registered user you have selected.

Before you can assign a reference allowed group, you need to register the reference allowed group in [Create Group].

[Apply Level]

Assign an access allowed level to the registered user you have selected.

[Level 0] is specified by default.

To specify how to log in to the IC card authentication or which operation is to be performed at authentication ([General Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Authentication Device Settings]
          • [General Settings]

Configure the login method for IC card authentication or biometric authentication as well as operations to take place upon authentication.

Settings

Description

[Card Authentication]

This item is available when the optional Authentication Unit (IC card type) is installed.

[IC Card type setting]

Select the type of the required IC card.

  • To use the Felica card, select [FeliCa], [SSFC], [FCF], or [FCF (Campus)]. When [SSFC] is selected, detailed information such as the company code or company identification code is registered.

  • To use the Type A card, select [Type A].

  • To use the Felica and Type A cards together, select [FeliCa+TypeA], [SSFC+TypeA], [FCF+Type A], or [FCF(Campus)+Type A]. When [SSFC+TypeA] is selected, detailed information such as the company code or company identification code is registered.

[IC Card Type]

The specified IC card type is displayed depending on the type of your loadable driver.

[Operation Settings]

Select how to log in to this machine.

  • [Card Authentication]: Pass the IC card over the authentication unit to log in.

  • [Card Authentication + Password]: Pass the IC card over the authentication unit, and enter the password to log in.

[Card Authentication] is specified by default.

[Authentication Card ID Number]

Specify whether to notify the counter, which collects the use status of this machine, of the authentication card ID.

[Ignore] is specified by default.

[Bio Authentication]

This item is available when the optional Authentication Unit (biometric type) is installed.

[Beep Sound]

Select whether to give a "blip" sound when the finger vein pattern is scanned successfully.

[ON] is specified by default.

[Operation Settings]

Select how to log in to this machine.

  • [1-to-many authentication]: A user simply needs to place his or her finger to log in.

  • [1-to-1 authentication]: Enter the user name and position his or her finger to log in.

[1-to-many authentication] is specified by default.

To specify how to log in to the biometric authentication or which operation is to be performed at authentication ([General Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Authentication Device Settings]
          • [General Settings]

Configure the login method for IC card authentication or biometric authentication as well as operations to take place upon authentication.

Settings

Description

[Card Authentication]

This item is available when the optional Authentication Unit (IC card type) is installed.

[IC Card type setting]

Select the type of the required IC card.

  • To use the Felica card, select [FeliCa], [SSFC], [FCF], or [FCF (Campus)]. When [SSFC] is selected, detailed information such as the company code or company identification code is registered.

  • To use the Type A card, select [Type A].

  • To use the Felica and Type A cards together, select [FeliCa+TypeA], [SSFC+TypeA], [FCF+Type A], or [FCF(Campus)+Type A]. When [SSFC+TypeA] is selected, detailed information such as the company code or company identification code is registered.

[IC Card Type]

The specified IC card type is displayed depending on the type of your loadable driver.

[Operation Settings]

Select how to log in to this machine.

  • [Card Authentication]: Pass the IC card over the authentication unit to log in.

  • [Card Authentication + Password]: Pass the IC card over the authentication unit, and enter the password to log in.

[Card Authentication] is specified by default.

[Authentication Card ID Number]

Specify whether to notify the counter, which collects the use status of this machine, of the authentication card ID.

[Ignore] is specified by default.

[Bio Authentication]

This item is available when the optional Authentication Unit (biometric type) is installed.

[Beep Sound]

Select whether to give a "blip" sound when the finger vein pattern is scanned successfully.

[ON] is specified by default.

[Operation Settings]

Select how to log in to this machine.

  • [1-to-many authentication]: A user simply needs to place his or her finger to log in.

  • [1-to-1 authentication]: Enter the user name and position his or her finger to log in.

[1-to-many authentication] is specified by default.

To specify an operation to be carried out after original scanning was completed when user authentication is performed using an authentication unit ([Logoff Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Authentication Device Settings]
          • [Logoff Settings]

Specify whether to log out automatically when scanning of the original finishes.

[Do not log off] is specified by default.

To specify whether to display the logout confirmation screen at logout ([Logout Confirmation Screen Display Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User/Account Common Setting]
          • [Logout Confirmation Screen Display Setting]

Specify whether to display the logout confirmation screen on the Touch Panel when you log out of the login mode (Recipient User or Public User) entered by tapping [Access].

[ON] is specified by default.

To specify whether to handle the single-color and 2-color printing as a color or black-and-white printing ([Single Color > 2 Color Output Management])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User/Account Common Setting]
          • [Single Color > 2 Color Output Management]

Switch settings for single color or 2-color printing between options to handle it as either color or black-and-white printing. [Color] is specified by default.

Settings

Description

[Color]

Manages single color and 2-color printing as color print.

[Black]

Manages single color and 2-color printing as black print. Select this option to manage full-color printing alone as color print.

To specify whether to allow a user to obtain counter information of this machine from the remote diagnosis system ([Counter Remote Control])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [User/Account Common Setting]
          • [Counter Remote Control]

Specify whether to allow acquisition of counter information managed on this machine when a remote diagnosis system is used.

[Restrict] is specified by default.

To specify whether to enable the Scan to Home function ([Scan to Home Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Scan to Home Settings]

Select whether to enable the Scan to Home function.

This item can be configured when Active Directory is used as an authentication server.

[Disable] is specified by default.

To quote user's authentication information for access to a shared folder ([Scan to Authorized Folder Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Scan to Authorized Folder Settings]

Specify whether to limit the transmission destinations. The authentication information of the users who have logged in to this machine is used for accessing a shared folder on the network.

If [Scan to Authorized Folder Settings] is set to [Limit], the following restrictions will be applied:

  • Addresses cannot be specified by direct input for scan transmission.

  • Users cannot save files to User Boxes.

  • Users cannot send files from User Boxes.

  • Users cannot use annotation User Boxes.

  • Users cannot select addresses from transmission log.

  • Users cannot use the URL notification function.

[Do Not Limit] is specified by default.

To print data from the printer driver without entering a password when user authentication is installed ([Print Simple Auth.])

To display:
  • [Utility]
    • [Administrator Settings]
      • [User Authentication/Account Track]
        • [Print Simple Auth.]

Specify whether to allow authentication based only on the user name (quick authentication for printing) when the printer driver is used for printing in an environment where user authentication is employed. When external server authentication is implemented, register the authentication server for quick authentication for printing.

Settings

Description

[Authentication Setting]

Specify whether to allow authentication based only on the user name (quick authentication for printing) when the printer driver is used for printing in an environment where user authentication is employed.

[Restrict] is specified by default.

[Register Authentication Server]

When external server authentication is implemented, register the LDAP server to check user names.

Tap [Check Connection] to try connecting to the LDAP server using the entered information and check if the information registered is correct.

Tap [Reset All Settings] to reset all the information entered,

[External Server Authentication]

Select the external server name to be used as a part of user information when authentication using the LDAP server is successfully completed from the external servers registered on this machine.

The external server selected here is used for the following purpose.

  • Using as a part of authentication information saved on this machine

  • Using for restricting the functions of this machine or managing the maximum allowance

[Timeout]

If necessary, change the time-out time to limit a communication with the LDAP server.

[60 sec.] is specified by default.

[Search Attribute]

Enter the search attribute to be used for search of a user using the LDAP server (using up to 64 characters).

The attribute must start with an alphabet character.

[uid] is specified by default.

[Server Address]

Enter the LDAP server address.

Use one of the following formats.

  • Example of host name entry: "host.example.com"

  • Example of IP address (IPv4) entry: "192.168.1.1"

  • Example of IP address (IPv6) entry: "fe80::220:6bff:fe10:2f16"

[Search Base]

Specify the starting point to search for a user to be authenticated (using up to 255 characters). The range from the entered origin point, including the following tree structure, is searched.

Example of entry: "cn=users,dc=example,dc=com"

[SSL Setting]

Specify whether or not to use SSL for communication with the LDAP server.

[OFF] is specified by default.

[Port Number]

If necessary, change the LDAP server port number.

Normally, you can use the original port number.

[389] is specified by default.

[Port Number (SSL)]

If necessary, change the SSL communication port number.

Normally, you can use the original port number.

[636] is specified by default.

[Certificate Verification Level Settings]

To validate the certificate during SSL communication, select items to be verified.

  • [Expiration Date]: Confirm whether the certificate is within the validity period. [Confirm] is specified by default.

  • [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer. [Do Not Confirm] is specified by default.

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine. [Do Not Confirm] is specified by default.

  • [Expiration Date Confirmation]: Confirm whether the certificate has expired. [Do Not Confirm] is specified by default.

  • [CN]: Confirm whether CN (Common Name) of the certificate matches the server address. [Do Not Confirm] is specified by default.

[Authentication Type]

Select the authentication method to log in to the LDAP server.

Select one appropriate for the authentication method used for your LDAP server.

  • [Simple]

  • [Digest-MD5]

  • [GSS-SPNEGO]

  • [NTLM v1]

  • [NTLM v2]

[Simple] is specified by default.

[Referral Setting]

Select whether to use the referral function, if necessary.

Make an appropriate choice to fit the LDAP server environment.

[ON] is specified by default.

[Login Name]

Log in to the LDAP server, and enter the login name to search for a user (using up to 64 characters).

[Password]

Enter the password of the user name you entered into [Login Name] (using up to 64 characters).

[Domain Name]

Enter the domain name to log in to the LDAP server (using up to 64 characters).

If [GSS-SPNEGO] is selected for [Authentication Type], enter the domain name of Active Directory.

To use this machine in the single sign-on environment of Active Directory ([Single Sign-On Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Network Settings]
        • [Single Sign-On Setting]

Join the machine to the Active Directory domain and establish the single sign-on environment.

You can set this option by selecting [External Server Authentication] or [Main + External Server] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [User Authentication] - [Authentication Method].

Settings

Description

[Domain Login Setting]

Configure settings to join services of this machine in a domain.

Joining services of this machine in the domain allows the user to use them if authenticated once by Active Directory.

[ON]/[OFF]

Select whether to use singe-sign on.

Enter the host name, domain name, account name, and password, then tap [OK] to execute domain joining processing.

[OFF] is specified by default.

[Host Name]

Enter the host name of this machine (using up to 253 characters).

Enter the host name you specified in [Administrator Settings] - [Network Settings] - [TCP/IP Settings] - [DNS Host].

[Domain Name]

Enter the domain name of Active Directory (using up to 64 characters).

[Account Name]

Enter the administrator's account name of the Active Directory domain (using up to 64 characters).

[Password]

Enter the administrator's password of the Active Directory domain (using up to 64 characters).

[TX Timeout]

Change the time-out time of domain joining processing if necessary.

[30] is specified by default.

[Applications and Settings]

Displays a list of services of this machine that join the Active Directory domain.

When this machine joins the Active Directory domain, [PRINTER] appears.

[Auto Log Out Time]

When the user uses services of this machine in the Active Directory domain, change the time to hold the user's authentication information on this machine.

Since the user can reuse authentication information while it is held on this machine, they can use the services of this machine without performing authentication again.

[1 Hour] is specified by default.