Overview of the Authentication System
This machine can utilize an authentication system to enable personalization for user convenience and improved security by limiting user access to functions.
By registering user accounts to the machine, settings can be specified for users individually.
When users use the machine, they must log in to the machine with a user account and password.
This is called "user management," and the person in charge of managing users is called an "administrator."
The term "authentication" is used to refer to both limiting access to functions and managing users.
Unauthorized access can be prevented with an authentication system because users without an account cannot use the functions of the machine at all or can only use some limited functions.
Authentication information can also be used to personalize the machine for each user. You can create personal buttons for the Quick Menu and store password information entered when using functions so that it does not need to be entered a second time.
User Management
You can register and delete user accounts and limit the functions that can be used by each user.
The default authentication system that can be used with the machine is "User Authentication." To make full use of the functions of User Authentication, it is necessary to enable the ACCESS MANAGEMENT SYSTEM. (See "ACCESS MANAGEMENT SYSTEM.")
Authentication Systems
With this machine, user authentication is performed using a login service.
The login service enabled by default is User Authentication. Either of two authentication systems can be selected; "Local Device Authentication," which manages users using the machine by itself, and "Server Authentication + Local Device Authentication," which manages users by also connecting with an authentication server (such as Active Directory).
The login service can be switched to DepartmentID Authentication, but it is recommended that you use the machine with the default login service because User Authentication enables more detailed management.
User Authentication
When performing authentication using User Authentication, the administrator with all privileges is called the "Administrator."
The Administrator can assign a single "role" to each user account.
Roles are "setting groups" that set what functions a user can and cannot use in detail.
The Administrator can create several setting groups that are able to use different functions and assign those groups to users to perform more detailed user management, rather than setting privileges regarding the use of the machine itself.
Examples:
Privileges Regarding Settings/Registration
|
User Role
|
Network Related Settings
|
Settings Related to Machine Operations
|
|
Administrator
|
 |
|
|
NetworkAdmin
|
|
-
|
|
DeviceAdmin
|
-
|
|
|
General Users
|
-
|
-
|
If another Canon device was managed by Department ID, you can use it in the same way by registering department names as user names. This enables you to perform detailed authentication management such as limiting usage by function in addition to limiting the number of copies and prints. (See "Department ID Management.")
For details on User Authentication, see "Setting User Authentication (for the Administrator)."
DepartmentID Authentication
When performing authentication using DepartmentID Authentication, the administrator is called the "System Manager."
With DepartmentID Authentication, authentication management can be performed by department. Functions cannot be limited by user.
For details on DepartmentID Authentication, see "Other Login Services."
Functions Related to Other Authentication
You can set functions that use authentication systems (such as personal folders).
You can also omit the login procedure for each function.
User Setting Information Management (User Setting Information Management Service)
This mode enables you to link information such as the user name and password set for each function by each user with the user information of User Authentication.
You can delete the user setting information that each user is using from the User Setting Information Management Service page. (See "User Setting Information Management (User Setting Information Management Service).")
Authentication Method Settings for Sending Operations
You can specify what type of authentication method you use for accessing personal folders or external servers, and which user name and password you use as authentication information. (See "Authentication Method Settings for Sending Operations.")
Secure Printing Simple Authentication Settings
When you are performing user management using a login service such as User Authentication, you can perform secure printing without having to enter a user name and password each time. (See "Simple Authentication Settings for Secure Print.")
Integrated Authentication
This function enables you to use the login information, required to log in to the machine, for other authentications. If the login service you are using supports integrated authentication, it is not necessary for logged in users to perform authentication by entering a login name and password when using functions that are allowed (such as sending to personal folders or accessing LDAP servers and file servers). (See "Accessing the Advanced Space of Another Machine.")
You can disable this function if necessary.
Using the ACCESS MANAGEMENT SYSTEM to Expand the Functions of the Machine
The ACCESS MANAGEMENT SYSTEM enables you to use the machine more conveniently by creating custom roles, etc.
This document assumes that the ACCESS MANAGEMENT SYSTEM has been enabled. (See "ACCESS MANAGEMENT SYSTEM.")
The ACCESS MANAGEMENT SYSTEM is optional. For information on the optional products required to use this function, see "Optional Products Required for Each Function".
|
IMPORTANT
|
|
For details on the ACCESS MANAGEMENT SYSTEM, see "ACCESS MANAGEMENT SYSTEM Administrator Guide."
|