Configuring the Personal Authentication Management Settings

The User Authentication login service performs personal authentication based on the information registered for each user, enabling you to limit the users who can access the machine. User information registration (authentication) can be performed on this machine and on an external server. You can configure the authentication system to use only this machine as the authentication device, or you can additionally specify an Active Directory or LDAP authentication server on the network as an authentication device to utilize the existing user information registered on the server (Authentication Device). Administrators can also specify which functions are available to each individual user, such as "user A is prohibited from making copies" or "user B is allowed to use all machine functions." For the user login method, you can enter authentication information, select a user, or use a mobile device Bluetooth function (Login Method). Before configuring the user authentication settings, decide the authentication device and login method. Configuring Personal Authentication Management with User Authentication

Authentication Device

The authentication devices described below can be used for personal authentication management. Each type of authentication device requires a different environment and settings. Confirm your system environment before configuring. System Specifications
Local Device (This Machine)
User information is managed on the database inside the machine. User information is registered and edited via the control panel or the Remote UI. When the local device is configured as a standalone authentication device, Department ID Management can also be performed at the same time. Registering User Information in the Local Device
Active Directory/LDAP Server
In addition to the local device, you can specify an LDAP server or Windows Server with Active Directory installed as the authentication device. One advantage of using this type of device is that the users registered on the server can be added as general users without any changes. To provide administrator privileges to a user, the user must be assigned to a specific administrator group on the Active Directory or LDAP server. To specify the additional authentication device, you must register the information of the server used for authentication. Registering Server Information

Login Method

The user login methods described below are available for personal authentication management. It is also possible to use these methods in combination with each other. For more information on login operations, see Logging into the Machine.
Picture Login
This method enables users to log in by pressing a user name displayed on the control panel, eliminating the task of entering a user name. This method is only available to users who are registered to the local device. To prevent unauthorized logins, it is also possible to set a PIN. User information can be registered manually or automatically (Configuring the User Login Methods and Authentication Devices).
Keyboard Authentication
With this method, users log in by entering their user name and password using the keyboard displayed on the control panel. This method is available regardless of the authentication device that is used. Note that when using this method in combination with the Picture Login method, only users registered in the local device can log in to the machine.
Mobile Authentication
Perform user authentication with a mobile device. You can log in to the machine using Canon PRINT Business. Optional products are required to use this function (System Options). You must first configure Bluetooth settings in the machine (<Network>  <Bluetooth Settings>) and enter user information with Canon PRINT Business. For more information on settings and operational procedures, see the Help of the application.

Configuring Personal Authentication Management with User Authentication

Configure the personal authentication management settings in the order described below.
Check the basic configuration.
Is the machine properly connected to the computer? Setting up the Network Environment
If you are using an authentication server, have the DNS settings been configured for the machine?
If you are using an authentication server, have the date and time been properly set? Setting the Date/Time
Check the login service.
Log in to the Remote UI with Administrator privileges, click [Settings/Registration]  [User Management]  [Authentication Management]  [Authentication Service Information], and check that the login service is indicated as User Authentication.
Configure the authentication server settings.
Register user information on the local device and specify the authentication server.
Select the user authentication system.
Make sure to log out after you finish using the Remote UI. If you close the Remote UI without logging out, it may take a long time to log in next time.
If you want to limit authentication method to User Authentication (restrict use of System Manager ID for authentication) when the machine is accessed from a device management software or driver, make sure to set <Prohibit Authentication Using Department ID and PIN> to <On>. <Prohibit Authentication Using Department ID and PIN>