Configuring the Authentication Functions
You can configure the user login methods, authentication devices, and other authentication functions based on your system environment and needs. You can also specify how the login screen is displayed.
Configuring the User Login Methods and Authentication Devices
Specify the user login methods (Login Method) and authentication devices (Authentication Device). Note that the authentication devices need to be set up before configuring the settings below.
1
Start the Remote UI. Starting the Remote UI
2
Click [Settings/Registration] on the portal page. Remote UI Screen
3
Click [User Management] 
[Authentication Management].
[Authentication Management].4
Click [Basic Settings] [Edit...].
[Edit...].5
Select the check box for [Use the user authentication function] and specify the required settings.
Select the login methods that you want to use, and specify detailed settings such as authentication device settings.
Configuring mobile authentication
Specify the following settings when using mobile authentication.
[Authentication Functions to Use:]
Select the [Mobile Authentication] check box.
If you select the check box for mobile authentication, the check box for keyboard authentication is selected automatically. Also make sure to specify the settings for keyboard authentication.
Using IC card authentication
Configure the settings below when using IC card authentication.
[Authentication Functions to Use:]
Select the check box for [IC Card Authentication].
[Authenticate With:]
Select the user authentication device.
When [IC Card (Assumed Authentication)] is selected, login is performed using only the information registered on the IC card, and logged-in users can operate the machine with general user privileges.
When using an external authentication server, select [Server] and specify the type of server.
[Display Button on Settings Menu:]
Select the check boxes for the buttons to add to the menu that is displayed when pressing 
on the top right corner of the login screen.
on the top right corner of the login screen.
[Allow IC card authentication of other users while a user is logged in]
Select the check box to allow a user to log in to the machine with an IC card, even if another user is already logged in. If this function is enabled, the previously logged-in user is automatically logged out when the IC card is touched to the reader. This is not available when the machine is configured to perform authentication for separate functions.
[Specify a domain at authentication]*
Select the check box to allow users to specify the domain of the login destination on the IC card authentication login screen.
[Refer to the local device when a user is not registered]*
Select the check box to allow users to log in using the local device user information, even if they are not registered on the authentication server.
[Allow use of temporary card]
Select the check box to allow users to associate a temporary card with their account and temporarily log in to the machine if they have forgotten their card, etc. Set the expiration period of the temporary card accordingly. To configure this function, specify the following settings in advance. If you deselect the check box, the associations of all temporary cards are canceled.
[Use the user authentication function] is set to [On].
[IC Card Authentication] in [Authentication Functions to Use:] is set to [On].
[Local Device Authentication] in [IC Card Authentication] [Authenticate With:] is set to [On].
[Authenticate With:] is set to [On].[Register IC Card] in [IC Card Authentication] [Display Button on Settings Menu:] is set to [On].
[Display Button on Settings Menu:] is set to [On].If another user is associated with a temporary card before the card expires, the association with the existing user is canceled.
Only one temporary card can be associated with an account at a time. If an account is associated with another temporary card, the association with the existing temporary card is canceled.
[Register user information from the server to the IC card authentication destination]
Select the check box to associate user information obtained from the server with card information and register it to the machine in an environment in which you can perform authentication to an Active Directory or LDAP server from the machine (Registering Server Information), but cannot write card information, etc. Make sure to also select the server to use. To configure this function, specify the following settings in advance.
[Use the user authentication function] is set to [On].
[IC Card Authentication] in [Authentication Functions to Use:] is set to [On].
[Local Device Authentication] in [IC Card Authentication] [Authenticate With:] is set to [On].
[Authenticate With:] is set to [On].[Register IC Card] in [IC Card Authentication] [Display Button on Settings Menu:] is set to [On].
[Display Button on Settings Menu:] is set to [On].If you set [Register user information from the server to the IC card authentication destination] to [Off], all users added with this function are deleted.
If another user is associated with a temporary card, the association with the existing user is canceled.
Users registered with this function cannot log in using keyboard authentication. If you want to enable logging in with keyboard authentication using the user information on a server, specify the server as the authentication destination for keyboard authentication.
If the user information on the server is changed after a user has been registered to the machine, the user information in the machine is not automatically updated. Register the IC card again to reflect the latest information.
An IC card cannot be registered if the user information retrieved from the server contains characters that cannot be used by the machine.
If you select a server for [Authenticate With:], the Advanced Space of the machine cannot be accessed with the user ID and password for server authentication. If you use the Advanced Space during IC card authentication, it is necessary to register a user to the machine as well. Registering User Information in the Local Device
* This setting is only available when using an external authentication server.
Using keyboard authentication
Configure the settings below when using keyboard authentication.
[Authentication Functions to Use:]
Select the check box for [Keyboard Authentication].
[Authenticate With:]
Select the user authentication device.
Select the check box for [Local Device] if you are using the database inside this machine to manage user information.
When using an external authentication server, select [Server] and specify the type of server.
[Number of Caches for Login Users:]
The names of users who previously logged in can be displayed in a drop-down list on the login screen on the machine. Select [0] to hide the login history, and select [1] to display only the name of the user who logged in most recently.
[Display Button on Settings Menu:]
Select the check box to add the <Change Password> button to the menu that is displayed when pressing on the top right corner of the login screen.
on the top right corner of the login screen.[Preset the value read from the IC card as the user name]
Select the check box to automatically enter the card ID in [User Name:] on the login screen when IC card authentication is available.
Configuring detailed settings for authentication functions
You can configure detailed settings for the personal authentication functions.
[Authentication Mode:]
Select the authentication mode to use for Remote UI login. When [Guest Authentication Mode] is selected, unregistered users can also log in by clicking [Log In (Guest)]. Select [Administrator Authentication Mode] to only allow users with Administrator privileges to log in.
[Web Service Authentication Method:]
Select the local device authentication method to use for communications with Web service applications.
[Disable integrated authentication]
Integrated authentication is a function that enables the authentication information used when logging in to be used when logging in at other times. Users simply log in one time, which improves convenience but also increases the risk of unauthorized access. Disabling integrated authentication and requiring a password for separate functions is an effective measure to prevent unauthorized access. Select the check box to disable the integrated authentication function.
To disable the integrated authentication function only for logged-in users who are registered in the local device, select the check box for [Disable integrated authentication using credentials for local device authentication].
To disable the integrated authentication function only for logged-in users who are registered in the LDAP server, select the check box for [Disable integrated authentication using credentials for LDAP server authentication].
When integrated authentication is disabled, a separate user name and password must be registered in order to access the folders and boxes listed below.
Personal folder
LDAP server
Shared folder/FTP server/WebDAV server
Advanced Space
Integrated authentication is valid while the session is valid.
[Use department ID as user group]
Select the check box to use Department IDs as the user groups (Registering User Information in the Local Device) to which users are registered.
[Automatically set the department ID at user registration]
Select the check box to automatically allocate a Department ID when you register/edit a user via the Remote UI. A new Department ID will not be allocated if one has already been allocated. This setting can only be specified from the Remote UI.
Department IDs are automatically allocated in order, starting from 0000001.
0 (nothing) is allocated for the PIN.
In the following cases, the Department ID is not registered automatically.
If a user is registered from the control panel of the machine
If 1,000 Department IDs are already registered
If 1,001 or more users are already registered
[Default Role When Registering User:]
Select the role to apply to users in situations such as when no privileges are set.
[Allow e-mail address settings]
Select the check box to enable users without Administrator privileges to specify their own e-mail addresses in their user accounts.
[Functions to Restrict:]
Select the check boxes for functions that cannot be used when personal authentication management is enabled.
[Delete users that have not logged in for the specified period]
Select the check box to delete users registered in the local device who have not logged in to the machine for a specified period of time. Make sure to also specify the number of days before automatic deletion and the time it is executed.
If you set [Auto Delete After:] to [0], all accounts other than the administrator are deleted at the time set in [Auto Delete Time:].
If the accounts cannot be deleted at the specified time because the machine is turned OFF or is completely in sleep mode, the accounts are deleted the next time that the machine starts.
If a user has never logged in before, the date and time that the user was registered is displayed as the time that the user last logged in.
6
Click [Update].
7
Restart the machine. Restarting the Machine
|
|
|
The authentication method selected for [Web Service Authentication Method:] is also used for personal authentication during the device information distribution. Performing User Authentication when Distributing Device Information
|
Specifying When to Display the Login Screen
You can specify when to display the login screen by selecting either "when you start using the machine" or "after a function button is pressed." If "after a function button is pressed" is selected, you can specify the functions that require user login. Functions that are not specified are available to unregistered users.
1
Start the Remote UI. Starting the Remote UI
2
Click [Settings/Registration] on the portal page. Remote UI Screen
3
Click [User Management] [Authentication Management].
[Authentication Management].4
Click [Control Panel Settings] [Edit...].
[Edit...].5
Configure the settings as necessary.
[Login Settings]In [Display Login Screen:], select when the login screen is displayed.
If you selected [Display login screen when functions requiring authentication are selected], also select the functions to display the login screen for.
If you selected [Display login screen when functions requiring authentication are selected], also select the functions to display the login screen for.
[Login Screen Background Settings]You can specify a background image for the login screen.
6
Click [Update].