Management Functions

Information Registered in User Authentication

Up to 5,001 users can be registered.

Registering Department IDs

Up to 1,000 Department IDs can be registered.

Authentication Functions

When an Active Directory server is specified as an authentication server, the following system environment is required.
Software (operating system):
Windows Server 2008 SP2*1/Windows Server 2008 R2 SP1/Windows Server 2012*2/Windows Server 2012 R2*2/Windows Server 2016*2/Windows Server 2019*2
*1 64-bit operating systems are not supported.
*2 Users cannot log in with Active Directory authentication if Kerberos Armoring is enabled for KDCrelated policies (group policies). Make sure to disable Kerberos Armoring.
Kerberos encryption methods for the Active Directory authentication supported by the current version of User Authentication are as follows.
Encryption method
128-bit AES (Advanced Encryption Standard)
256-bit AES (Advanced Encryption Standard)
DES (Data Encryption Standard)
RC4
The available encryption methods may vary, depending on the Active Directory settings.
Of the available encryption methods, the one with the highest cipher strength is automatically selected.
When specifying an Active Directory server as an authentication server, use the following ports*1 on the server.
To communicate with a DNS server:
port number 53
To communicate with a KDC (Key Distribution Center):
port number 88
To communicate with a server for LDAP directory service (can be changed to an arbitrary port number for the LDAP service):
port number 389
*1 The above port numbers are default values. These numbers may vary depending on the selected settings.
When specifying an LDAP server as an authentication server, the following system environment is required.
Software:
OpenLDAP
Operating system:
Requirements are pursuant to the product specifications of the LDAP server.
When specifying an LDAP server as an authentication server, use the following ports*1 on the server.
To communicate with the LDAP server using LDAP (when TLS is enabled):
port number 636
To communicate with the LDAP server using LDAP (when TLS is disabled):
port number 389
*1 The port numbers can be changed according to the LDAP server settings.

Firewall Settings

When specifying IP addresses in firewall settings, up to 16 IP addresses (or ranges of IP addresses) can be specified for both IPv4 and IPv6.
When specifying MAC addresses in firewall settings, up to 100 MAC addresses can be specified.

Registration of Certificates (User Signature Keys/Certificates, CA Certificates, S/MIME Certificates)

The algorithms and formats of keys and certificates that can be registered are as follows.
RSA signature algorithm:
SHA-1/SHA-256/SHA-384*1/SHA-512*1/MD2*2/MD5*2
RSA public-key algorithm (key length):
RSA (512 bits*2/1024 bits/2048 bits/4096 bits*2)
DSA signature algorithm:
SHA-1
DSA public-key algorithm (key length):
DSA (1024 bits/2048 bits/3072 bits)
ECDSA signature algorithm:
SHA-1/SHA-256/SHA-384/SHA-512
ECDSA public-key algorithm (key length):
ECDSA (P256/P384/P521)
Certificate format:
User Signature Keys/Certificates: PKCS#12*3
Keys, Certificates: PKCS#12*4
CA Certificates, S/MIME Certificates: X.509 DER/PEM
File extension:
User Signature Keys/Certificates: pfx/p12
Keys, Certificates: pfx/p12*4
CA Certificates, S/MIME Certificates: cer/pem
Maximum number of registerable certificates:
User Signature Keys/Certificates: 100 (one user certificate per user)
Keys, Certificates: 6*4
CA Certificates: 150
S/MIME Certificates: 2,000
*1 Available only when the key algorithm is 1024 bits or more.
*2 Cannot be used for user signatures
*3 Available only when installed by using the Remote UI.
*4 Used for TLS, IEEE802.1x, IPSec, and device signatures.

Registration of Certificate Revocation Lists (CRL)

Up to 50 certificate revocation lists (CRL) can be registered. Note, however, that CRL cannot be registered in the following cases.
The data size of the CRL exceeds 1 MB.
An unsupported signature algorithm is being used.
The number of revoked certificates registered in one CRL file exceeds 1,000.

Definition of "Weak Encryption"

When <Prohibit Use of Weak Encryption> is set to <On>, the use of the following algorithms are prohibited.
Hash:
MD4, MD5, SHA-1
HMAC:
HMAC-MD5
Common key cryptosystem:
RC2, RC4, DES
Public key cryptosystem:
RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA (512 bits/1024 bits), DH (512 bits/1024 bits)
Even when <Prohibit Use of Key/Certificate with Weak Encryption> is set to <On>, the hash algorithm SHA-1, which is used for signing a root certificate, can be used.

FIPS 140-2 Standard Algorithm

When <Format Encryption Method to FIPS 140-2> is set to <On>, the following algorithms are prohibited from use.
Hash:
MD4, MD5, SHA-1 (for a purpose other than TLS)
Common key cryptosystem:
RC2, RC4, DES, PBE
Public key cryptosystem:
RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA signature (512 bits/1024 bits), DH (512 bits/1024 bits)

Log Management

The following types of logs can be managed on the machine. Collected logs can be exported in the CSV file format.
Log Type
Number Indicated as "Log Type" in the CSV File
Description
User Authentication
Log
4098
This log contains information related to the authentication status of user authentication (login/logout and user authentication success/failure), the
registering/changing/deleting of user information managed with User Authentication, and the management (adding/editing/deleting) of roles with the ACCESS MANAGEMENT SYSTEM.
Job Log
1001
This log contains information related to the completion of copy/fax/scan/send/print jobs.
Transmission Log
8193
The log contains information related to transmissions.
 File Save Log
8196
This log contains information related to the saving of files to the Network (Advanced Box of other machines) and Memory Media.
Mail Box Operation Log
8197
This log contains information related to the operations performed on data in the Memory RX Inbox and the Confidential Fax Inbox.
Mail Box Authentication Log
8199
This log contains information related to the authentication status of the Memory RX Inbox and the Confidential Fax Inbox.
Machine Management Log
8198
This log contains information related to the starting/shutting down of the machine and changes made to the settings using  (Settings/Registration). The Machine Management Log also records changes in user information or security-related settings when the machine is inspected or repaired by your local authorized dealer.
Network Authentication Log
8200
This log is recorded when IPSec communication fails.
Export/Import All Log
8202
This log contains information related to the importing/exporting of the settings by using the Export All/Import All function.
Mail Box Backup Log
8203
This log contains information related to the Memory RX Inbox and the Confidential Fax Inbox.
Application/Software Management Screen Operation Log
3101
This is an operation log for SMS (Service Management Service), software registration/updates, and AddOn application installers, etc.
Security Policy Log
8204
This log contains information related to the setting status of the security policy settings.
Group Management Log
8205
This log contains information related to the setting status (registering/editing/deleting) of the user groups.
System Maintenance Log
8206
This log contains information related to firmware updates and backup/restoration of the AddOn application, etc.
Authentication Print Log
8207
This log contains information and the operation history related to the forced hold print jobs.
Setting Synchronization Log
8208
This log contains information related to the synchronization of machine settings. Synchronizing Settings for Multiple Canon Multifunction Printers
Log for Audit Log Management
3001
This log contains information related to the starting and ending of this function (the Audit Log Management function), as well as the exporting of logs, etc.
Logs can contain up to 40,000 records. When the number of records exceeds 40,000, they are deleted, with the oldest records first.

Import/Export of the Setting Data

See Settings/Registration Table.

Max. Users Displayed for Picture Login

Up to 200 users

Max. Buttons Registered on the <Home> Screen

Max. number of Personal buttons: 60 per user (total of 12,000 for all users)
Max. number of Shared buttons: 60

Max. Destinations Registered to Address Book

Address Lists 1 to 10/ Address List for Administrator: 1,600
One-Touch Address List: 200
Personal Address List: 25
Group Address List: 4,000*1 (10 groups*2 x 400 destinations*3)
*1 Total 20,000 for all groups
*2 Max. number of groups per user (a total of 50 groups can be registered in a device)
*3 Max. number of destinations per group

Images That Can Be Imported for Login Screen Background

File Size: 1,024 KB
File Extension: jpg, jpeg, or png
Image Size: 640 pixels x 442 pixels or smaller

Visual Message Specifications

File Format
JPEG, PNG, BMP, GIF, Animated GIF, and HTML (on the intranet/internet)
Communication Protocol
SMB, WebDAV, HTTP
Maximum size of the contents
Max. 10 MB
Image Size
Other than HTML: 639 pixels x 400 pixels*
* If the image is larger than the above size, it is displayed in a reduced size without changing its aspect ratio. If the image is smaller than the above size, it is displayed without changing the size.
HTML: over 639 pixels x 400 pixels can be used (by scrolling through them)

SCEP Server Support

Only the Network Device Enrollment Service (NDES) of Windows Server 2008 R2/Windows Server 2012 R2/Windows Server 2016 is supported.
6FHJ-0KE