Management Functions
Information Registered in User Authentication
Up to 5,001 users can be registered.
Registering Department IDs
Up to 1,000 Department IDs can be registered.
Authentication Functions
When an Active Directory server is specified as an authentication server, the following system environment is required.
Software (operating system): | Windows Server 2012*1/Windows Server 2012 R2*1/Windows Server 2016*1/Windows Server 2019*1/Windows Server 2022*1 |
*1 Users cannot log in with Active Directory authentication if Kerberos Armoring is enabled for KDCrelated policies (group policies). Make sure to disable Kerberos Armoring. | |
Kerberos encryption methods for the Active Directory authentication supported by the current version of User Authentication are as follows.
Encryption method | 128-bit AES (Advanced Encryption Standard) 256-bit AES (Advanced Encryption Standard) DES (Data Encryption Standard) RC4 |
|
The available encryption methods may vary, depending on the Active Directory settings. Of the available encryption methods, the one with the highest cipher strength is automatically selected. |
When specifying an Active Directory server as an authentication server, use the following ports*1 on the server.
To communicate with a DNS server: | port number 53 |
To communicate with a KDC (Key Distribution Center): | port number 88 |
To communicate with a server for LDAP directory service (can be changed to an arbitrary port number for the LDAP service): | port number 389 |
*1 The above port numbers are default values. These numbers may vary depending on the selected settings. | |
When specifying an LDAP server as an authentication server, the following system environment is required.
Software: | OpenLDAP |
Operating system: | Requirements are pursuant to the product specifications of the LDAP server. |
When specifying an LDAP server as an authentication server, use the following ports*1 on the server.
To communicate with the LDAP server using LDAP (when TLS is enabled): | port number 636 |
To communicate with the LDAP server using LDAP (when TLS is disabled): | port number 389 |
*1 The port numbers can be changed according to the LDAP server settings. | |
Firewall Settings
When specifying IP addresses in firewall settings, up to 16 IP addresses (or ranges of IP addresses) can be specified for both IPv4 and IPv6.
When specifying MAC addresses in firewall settings, up to 100 MAC addresses can be specified.
The exception addresses and exception port numbers that can be used for communication using the sub line and are registered by default are indicated below.
Exception addresses: | 0.0.0.1 to 255.255.255.255 |
Exception port numbers: | 53, 67, 68, 80, 161, 443, 515*, 631*, 3702, 5353, 5357, 5358, 8000*, 8080, 8443*, 9013, 9100*, 10443*, 20010*, 47545 |
* Inbound filter only | |
Registration of Keys and Certificates
If you install a key or CA certificate from a computer, make sure that they meet the following requirements:
Format | Key: PKCS#12*1 CA certificate: X.509 DER/PEM |
File extension | Key: ".p12" or ".pfx" CA certificate: ".cer" or ".pem" |
Public key algorithm (and key length) | RSA (512 bits, 1024 bits, 2048 bits, 4096 bits) DSA (1024 bits, 2048 bits, 3072 bits) ECDSA (P256, P384, P521) |
Certificate signature algorithm | RSA: SHA-1, SHA-256, SHA-384*2, SHA-512*2, MD2, MD5 DSA: SHA-1 ECDSA: SHA-1, SHA-256, SHA-384, SHA-512 |
Certificate thumbprint algorithm | SHA-1 |
*1 Requirements for the certificate contained in a key are pursuant to CA certificates. *2 SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more. | |
Registration of Certificate Revocation Lists (CRL)
Up to 50 certificate revocation lists (CRL) can be registered. Note, however, that CRL cannot be registered in the following cases.
The data size of the CRL exceeds 1 MB.
An unsupported signature algorithm is being used.
The number of revoked certificates registered in one CRL file exceeds 10,000.
Definition of "Weak Encryption"
When [Prohibit Use of Weak Encryption] is selected, the use of the following algorithms is prohibited.
Hash: | MD4, MD5, SHA-1 |
HMAC: | HMAC-MD5 |
Common key cryptosystem: | RC2, RC4, DES |
Public key cryptosystem: | RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA (512 bits/1024 bits), DH (512 bits/1024 bits) |
|
Even when [Prohibit Use of Key/Certificate with Weak Encryption] is selected, the hash algorithm SHA-1, which is used for signing a root certificate, can be used. |
FIPS 140-2 Standard Algorithm
When [Format Encryption Method to FIPS 140-2] is selected, the following algorithms are prohibited from use.
Hash: | MD4, MD5, SHA-1 (for a purpose other than TLS) |
Common key cryptosystem: | RC2, RC4, DES, PBE |
Public key cryptosystem: | RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA signature (512 bits/1024 bits), DH (512 bits/1024 bits) |
Log Management
The following types of logs can be managed on the machine. Collected logs can be exported in the CSV file format.
Log Type | Number Indicated as "Log Type" in the CSV File | Description |
User Authentication Log | 4098 | This log contains information related to the authentication status of user authentication (login/logout and user authentication success/failure), the registering/changing/deleting of user information managed with User Authentication. |
Job Log | 1001 | This log contains information related to the completion of print jobs. |
Receive Log | 8193 | This log contains information related to reception. |
Machine Management Log | 8198 | This log contains information related to the starting/shutting down of the machine and changes made to the settings using <Set>. The Machine Management Log also records changes in user information or security-related settings when the machine is inspected or repaired by your dealer or service representative. |
Network Authentication Log | 8200 | This log is recorded when IPSec communication fails. |
Export/Import All Log | 8202 | This log contains information related to the importing/exporting of the settings by using the Export All/Import All function. |
Application/Software Management Screen Operation Log | 3101 | This is an operation log for software registration/updates, and AddOn application installers, etc. |
Security Policy Log | 8204 | This log contains information related to the setting status of the security policy settings. |
System Maintenance Log | 8206 | This log contains information related to firmware updates and backup/restoration of the AddOn application, etc. |
Authentication Print Log | 8207 | This log contains information and the operation history related to the forced hold print jobs. |
Log for Audit Log Management | 3001 | This log contains information related to the starting and ending of this function (the Audit Log Management function), as well as the exporting of logs, etc. |
|
Logs can contain up to 40,000 records. When the number of records exceeds 40,000, they are deleted, with the oldest records first. |
Import/Export of the Setting Data
SCEP Server Support
Only the Network Device Enrollment Service (NDES) of Windows Server 2008 R2/Windows Server 2012 R2/Windows Server 2016 is supported.