SSO-H (Single Sign-On H)

SSO-H operates with the system environment described in "Domain Authentication" and "Local Device Authentication."

IMPORTANT
If you are using the Domain Authentication, you must set the current time on both the machine and the computer on the server with the Active Directory. When using Domain Authentication, make sure you register an administrator. If you do not register an administrator, some settings and management functions will not be available, depending on the application. The method of registering differs depending on your system environment. The user that belongs to the "Canon Peripheral Admins" group on the Active Directory is authenticated as the administrator by the Domain Authentication. Follow the instructions on the manual for Active Directory and create the "Canon Peripheral Admins" group, and then register an administrator. In order to prevent unauthorized use, make sure to change the user name and password of the Local Domain Authentication administrator as soon as you start using SSO-H. (See "Registering/Editing User Data for Local Device Authentication.")

IMPORTANT

If you are using the Domain Authentication, you must set the current time on both the machine and the computer on the server with the Active Directory.

When using Domain Authentication, make sure you register an administrator. If you do not register an administrator, some settings and management functions will not be available, depending on the application. The method of registering differs depending on your system environment.

The user that belongs to the "Canon Peripheral Admins" group on the Active Directory is authenticated as the administrator by the Domain Authentication. Follow the instructions on the manual for Active Directory and create the "Canon Peripheral Admins" group, and then register an administrator.

In order to prevent unauthorized use, make sure to change the user name and password of the Local Domain Authentication administrator as soon as you start using SSO-H. (See "Registering/Editing User Data for Local Device Authentication.")

Domain Authentication

A windows server in which Active Directory is installed and a DNS server for name resolution are necessary to use Domain Authentication.

Windows Server to Install Active Directory (Domain Controller)

Software

Operating system:
Windows 2000 Server SP4
Windows Server 2003 SP2
Windows Server 2003 R2 SP2
Windows Server 2008 SP2
Windows Server 2008 R2

IMPORTANT
If you use Windows Server 2008 R2 for Active Directory, only the DES (Data Encryption Standard) encryption protocol is supported.

System Requirements for Administrators and General User

Operating System Software	Web Browsers	Java Runtime Environment
Windows 2000 Professional SP4	Internet Explorer 6 SP1	Java Runtime Environment 1.4 or later
Windows XP Professional SP3	Internet Explorer 7
Windows Vista SP2	Internet Explorer 8
Windows 7	Internet Explorer 8
Windows Server 2003 SP2 Windows Server 2003 R2 SP2	Internet Explorer 7
Windows Server 2008 SP2 Windows Server 2008 R2	Internet Explorer 8
Mac OS X v10.3	Safari 1.3.2	Java 2 Platform Standard Edition 5.0
Mac OS X v10.4	Safari 2.0.4
Mac OS X v10.5	Safari 3.1.2
Mac OS X v10.6	Safari 4.0.3

System Requirements for Administrators and General User (When Using IPv6 Communications)

Operating System Software	Web Browsers	Java Runtime Environment
Windows XP Professional SP3	Internet Explorer 7	Java Runtime Environment 1.5 or later
Windows Vista SP2	Internet Explorer 8
Windows 7	Internet Explorer 8
Windows Server 2003 SP2 Windows Server 2003 R2 SP2	Internet Explorer 7
Windows Server 2008 SP2 Windows Server 2008 R2	Internet Explorer 8

Other System Requirements

Access privilege to Windows 2000/2003/2008 Domain Name System (DNS)

Access privilege to Domain Controller

Server Ports Used

The following server ports are used when using Domain Authentication with SSO-H:

Port Number	Application
53	Communication with the DNS server
88	Domain Authentication with the KDC (Key Distribution Center)
389	LDAP communications with the directory service (Default is 389, but it can be changed to a user-defined port at in the LDAP service properties.)

Local Device Authentication

An Active Directory environment network is not necessary to use Local Device Authentication.

System Requirements for Administrators and Regular Users

Operating System Software	Web Browsers	Java Runtime Environment
Windows 2000 Professional SP4	Internet Explorer 6 SP1	Java Runtime Environment 1.4 or later
Windows XP Professional SP3	Internet Explorer 7
Windows Vista SP2	Internet Explorer 8
Windows 7	Internet Explorer 8
Windows Server 2003 SP2 Windows Server 2003 R2 SP2	Internet Explorer 7
Windows Server 2008 SP2 Windows Server 2008 R2	Internet Explorer 8
Mac OS X v10.3	Safari 1.3.2	Java 2 Platform Standard Edition 5.0
Mac OS X v10.4	Safari 2.0.4
Mac OS X v10.5	Safari 3.1.2
Mac OS X v10.6	Safari 4.0.3

System Requirements for Administrators and Regular Users (When Using IPv6 Communications)

Operating System Software	Web Browsers	Java Runtime Environment
Windows XP Professional SP3	Internet Explorer 7	Java Runtime Environment 1.5 or later
Windows Vista SP2	Internet Explorer 8
Windows 7	Internet Explorer 8
Windows Server 2003 SP2 Windows Server 2003 R2 SP2	Internet Explorer 7
Windows Server 2008 SP2 Windows Server 2008 R2	Internet Explorer 8

IMPORTANT
For information on obtaining the Java Runtime Environment or Java 2 Platform Standard Edition, see the Oracle Web site. When accessing the machine from a computer using IPv6 communications, JAVA 2 Runtime Environment Standard Edition 1.5 or later is required. You must use the user logon name (pre-Windows 2000) registered in Active Directory in order to then enter a user name for Domain Authentication. You can use only alphanumeric characters for Domain Authentication. You cannot use symbols (\ / : * ? l <> [ ] ;, = + . "), or spaces. You can log in only if you use valid characters. User names and passwords are registered in a database inside the machine. When using the Local Device Authentication system, you can use only alphanumeric characters for the user name. You can only use alphanumeric characters and symbols for the passwords.

IMPORTANT

For information on obtaining the Java Runtime Environment or Java 2 Platform Standard Edition, see the Oracle Web site.

When accessing the machine from a computer using IPv6 communications, JAVA 2 Runtime Environment Standard Edition 1.5 or later is required.

You must use the user logon name (pre-Windows 2000) registered in Active Directory in order to then enter a user name for Domain Authentication.

You can use only alphanumeric characters for Domain Authentication. You cannot use symbols (\ / : * ? l <> [ ] ;, = + . "), or spaces. You can log in only if you use valid characters.

User names and passwords are registered in a database inside the machine.

When using the Local Device Authentication system, you can use only alphanumeric characters for the user name.

You can only use alphanumeric characters and symbols for the passwords.

Note
Port number is a default value. If you changed the settings, the port number is different. (See "Before Logging in to SSO-H Management Application.")