Before Logging In to SSO-H

SSO-H is an authentication system that runs on the machine. It is necessary to specify the following settings in the machine to use SSO-H for authentication.

Installing SSO-H

Obtaining a license file

In order to install SSO-H, a valid license file is required.
Obtain a valid license file from License Management System (http://www.canon.com/lms/license/).
In order to obtain a license file, a license access number in your package of AMS KIT and a device serial number (the number displayed on the upper left of the SMS screen) are required.

Installation of SSO-H

For SSO-H installation procedure, see "Installing Enhanced System Applications."
The following files are required for installation.
File to be selected with [Enhanced System Application File Path]
The following file stored in the "AMS for SFP Software/Manual CD-ROM":
SSOHforSFP_xxx.jar (xxx varying with the version)
File to be selected with [License File Path]
License file obtained in License Management System

Specifying the Various Settings

Network Settings

Confirm the machine's IP address. For more information, see "[Setup] Menu ([Network] Options)."

Date and Time Settings

When using Active Directory Authentication with SSO-H, it is necessary to synchronize the date and time settings of the authentication server and machine. Set the date and time of the machine in [Date/Time Settings] to the same date and time set on the authentication server. For more information, see "[Setup] Menu ([Control Menu] Options)." You can also specify daylight saving settings to automatically advance the standard time of the machine forward by one hour for a certain period each year.

DNS Settings (Active Directory Authentication)

For Active Directory Authentication, the machine uses a DNS server. If using Active Directory Authentication, specify the network settings. For more information, see "[Setup] Menu ([Network] Options)."
The DNS server that manages the domain name registered in the machine requires the following:
The domain name of the Active Directory server used for authentication (the IP address of the domain controller) must be able to be retrieved.
The DNS server must support SRV records.
The following settings are required if the port number used for LDAP on the Active Directory side is changed.
Information for the LDAP service of Active Directory must be registered as an SRV record as follows:
Service:
'_ldap'
Protocol:
'_tcp'
Port number:
The port number used by the LDAP service of the Active Directory domain (zone)
Host offering this service:
Host name of the domain controller that is actually providing the LDAP service of the Active Directory domain (zone)

Department ID Management Settings

Department ID Management must be disabled before using SSO-H. For instructions on disabling Department ID Management, see "Specifying an ID for Each Department ."

Language Settings

Specify the same language settings for Active Directory and the machine.

IMPORTANT
If the date and time settings of the authentication server and machine are not synchronized, a login error will occur when using Active Directory Authentication.
NOTE
The allowed difference in times can be changed using the settings of Active Directory. However, if more than '5' minutes is specified, the allowed difference will not be changed.
If Department ID Management is enabled, a warning message will be displayed on the login screen.
08X4-0XE