System Requirements

User Authentication operates with the following system environments:

Windows Server Used for Active Directory Authentication (Domain Controller)

Server Used for LDAP Server Authentication

IMPORTANT
To use Active Directory Authentication, you must match the current time on the server in which Active Directory is running with the machine (and the computer to log in with). When using Server Authentication + Local Device Authentication, make sure you register the Administrator to the authentication server (Active Directory or LDAP server). If you do not register the Administrator, some settings and management functions may not be available, depending on the application. The registration method differs depending on your system environment. If you are using Active Directory Authentication, the user that belongs to the "Canon Peripheral Admins" group on Active Directory is the Administrator for Server Authentication + Local Device Authentication by default. (You can also set other groups to the Administrator.) Follow the instructions in the manual for Active Directory to create the "Canon Peripheral Admins" group, and then register the Administrator. If the default password is being used, the screen for changing the password is automatically displayed for security purposes. Change the password. (See "Managing User Information.")

IMPORTANT

To use Active Directory Authentication, you must match the current time on the server in which Active Directory is running with the machine (and the computer to log in with).

When using Server Authentication + Local Device Authentication, make sure you register the Administrator to the authentication server (Active Directory or LDAP server). If you do not register the Administrator, some settings and management functions may not be available, depending on the application. The registration method differs depending on your system environment.

If you are using Active Directory Authentication, the user that belongs to the "Canon Peripheral Admins" group on Active Directory is the Administrator for Server Authentication + Local Device Authentication by default. (You can also set other groups to the Administrator.) Follow the instructions in the manual for Active Directory to create the "Canon Peripheral Admins" group, and then register the Administrator.

If the default password is being used, the screen for changing the password is automatically displayed for security purposes. Change the password. (See "Managing User Information.")

Windows Server Used for Active Directory Authentication (Domain Controller)

A windows server in which Active Directory is installed and a DNS server for name resolution are necessary to use Active Directory Authentication.

Windows Server to Install Active Directory (Domain Controller)

Software

Operating system:
Windows Server 2003 SP2*1
Windows Server 2003 R2 SP2*1
Windows Server 2008 SP2*1
Windows Server 2008 R2 SP1
Windows Server 2012*2
Windows Server 2012 R2*2

*1 64 bit version for the operating system is not supported.

*2 If Kerberos Armoring is enabled in the KDC policy (group policy), users can no longer log in using Active Directory Authentication. Disable Kerberos Armoring to use Active Directory Authentication.

IMPORTANT
This version of User Authentication is compatible with both 128-bit AES (Advanced Encryption Standard) and DES (Data Encryption Standard) as the Kerberos encryption type to be used when performing Server Authentication + Local Device Authentication. The encryption type automatically switches according to the Active Directory settings. AES is used in an environment that supports both encryption types. If you use Windows Server 2003 SP2/R2 SP2 for the Active Directory, only the IPv4 communication protocol is supported (IPv6 cannot be used).

IMPORTANT

This version of User Authentication is compatible with both 128-bit AES (Advanced Encryption Standard) and DES (Data Encryption Standard) as the Kerberos encryption type to be used when performing Server Authentication + Local Device Authentication. The encryption type automatically switches according to the Active Directory settings. AES is used in an environment that supports both encryption types.

If you use Windows Server 2003 SP2/R2 SP2 for the Active Directory, only the IPv4 communication protocol is supported (IPv6 cannot be used).

Java Environment for Accessing from a Web Browser

The Java environment required for accessing from a Web browser when using Active Directory authentication is indicated below.

Windows:

Java SE Runtime Environment 7

Java SE Runtime Environment 8

Mac OS:

Java Platform Standard Edition 7

Server Ports Used

The following server ports are used when using Active Directory Authentication:

Port Number	Application
53	Communication with the DNS server
88	Active Directory Authentication with the KDC (Key Distribution Center)
389	LDAP communications with the directory service (Default is 389, but it can be changed to a user-defined port in the LDAP service properties.)

Server Used for LDAP Server Authentication

An LDAP server is necessary as an authentication server to use LDAP Server Authentication.

LDAP Server

Software:

Novell eDirectory V8.8 SP7 for Windows

Lotus Domino 8.5 for Windows

Operating System:

compliant with specifications for LDAP server products.

Server Ports Used

The following server ports are used when using LDAP Server Authentication:

Port Number	Application
636	LDAP communications with the LDAP server when SSL is enabled.
389	LDAP communications with the LDAP server when SSL is disabled.

NOTE
You can change the port number according to the LDAP server settings.

IMPORTANT
Internet Explorer (64-bit) cannot be used in combination with the Java SE Runtime Environment (64-bit) in Windows 8 (64-bit). For information on obtaining the Java Runtime Environment or Java 2 Platform Standard Edition, see the Oracle Web site. You must use the user logon name (pre-Windows 2000) registered in Active Directory in order to enter a user name for using Active Directory Authentication. You can use only alphanumeric characters for using Active Directory Authentication. You cannot use symbols (\ / : * ? l <> [ ] ; , = + . "), or spaces. You can log in only if you use valid characters. When using the Local Device Authentication system, you can use only alphanumeric characters for the user name.

IMPORTANT

Internet Explorer (64-bit) cannot be used in combination with the Java SE Runtime Environment (64-bit) in Windows 8 (64-bit).

For information on obtaining the Java Runtime Environment or Java 2 Platform Standard Edition, see the Oracle Web site.

You must use the user logon name (pre-Windows 2000) registered in Active Directory in order to enter a user name for using Active Directory Authentication.

You can use only alphanumeric characters for using Active Directory Authentication. You cannot use symbols (\ / : * ? l <> [ ] ; , = + . "), or spaces. You can log in only if you use valid characters.

When using the Local Device Authentication system, you can use only alphanumeric characters for the user name.

NOTE
Port number is a default value. If you change the settings, the port number is different. (See "Settings Common to TCP/IPv4 and TCP/IPv6.")