Precautions for Operation in Environments where the FIPS Mode Is Enabled

This software operates when the FIPS mode of Windows is enabled. However, some limitations apply. It may also be necessary to change the settings, depending on the printer.
IMPORTANT
Enable/disable the FIPS mode of Windows before installing this software.
For information on the procedure for enabling/disabling the FIPS mode of Windows with this software installed, see the following.
NOTE
For information on setting the FIPS mode of Windows, see the documentation for Windows.
This software does not have any settings regarding the FIPS mode. In operating systems with the FIPS mode enabled, it operates in the FIPS mode.

Target Devices

When the FIPS mode is enabled, the following models can be managed with this software.
Type I models with platform version 3.12 (with the latest firmware for version 3.12 applied)
NOTE
This software will not operate correctly unless the latest firmware for version 3.12 is applied to the printers. For information on the firmware versions that can be managed with this software, contact the following.
Your local authorized Canon dealer
For information on printer types and the corresponding printer models, see the following.
The method for checking the platform version of the printer is as follows.
1.
Press (Counter/Device Information) or the [Counter/Device Information] key on the printer.
2.
Press [Device Information/Other] > [Check Device Configuration].
3.
Check the version in [Platform Version].

Limitations

Settings for using SNMPv3 in communication with the printer
Only the following algorithms can be used. If they are set in the printers for management, change the settings.
Authentication password algorithm: SHA
Encryption password algorithm: AES
Address Book Management
Click [Data Management] > [Address Books] > [Import] > click [Import Destinations]
Address books exported from a printer or this software with [Security Level] set to [Level1] cannot be imported to this software.
Device Setting Values Management
Click the [Devices] menu > [Security Data] > [Device Setting Values Monitoring Logs] > select data > [Device Setting Values Monitoring Information] > select data in [Monitoring Logs] > [Device Setting Values Monitoring Log Details]
To make the [Data Path] and setting values displayed on the screen readable, it is necessary to upload the settings file of Device Settings Configurator version 2.0.8 or later to this software.
Login Service
The following login services can be used. If a login service other than the following is set in a printer for management, change the login service.
User Authentication
User authentication via Active Directory or an LDAP server is required.
Encrypted communication must be set on the Active Directory or LDAP server side.
Several settings need to be configured for the printer. See the following.
Printer Settings
Register the authentication information of a user with administrator privileges to this software in the following format.
[Devices] menu > [Device Communication Settings] > [Authentication Information]
[Authentication Method]: [Domain Authentication]
DepartmentID Authentication
Register the authentication information of a user with administrator privileges to this software in the following format.
[Devices] menu > [Device Communication Settings] > [Authentication Information]
[Authentication Method]: [System Manager ID]
Universal Login Manager
Local Database or uniFLOW can be used as the authentication mode.
Encrypted communication with the Remote UI must be set.
When using Local Database as the authentication mode, register the authentication information of a user with administrator privileges to this software in the following format.
[Devices] menu > [Device Communication Settings] > [Authentication Information]
[Authentication Method]: [User Authentication]
When using uniFLOW as the authentication mode and the uniFLOW server is linked with Active Directory or an LDAP server, register the authentication information of a user with administrator privileges to this software in the following format.
[Devices] menu > [Device Communication Settings] > [Authentication Information]
[Authentication Method]: [Domain Authentication]
When using uniFLOW as the authentication mode and the uniFLOW server is not linked with Active Directory or an LDAP server, register the authentication information of a user with administrator privileges to this software in the following format.
[Devices] menu > [Device Communication Settings] > [Authentication Information]
[Authentication Method]: [User Authentication]
NOTE
For information on the Active Directory, LDAP server, Universal Login Manager, and uniFLOW settings, see the instruction manual for the corresponding software.

Printer Settings

When using User Authentication as the login service of a Type I printer, it is necessary to configure the following settings on the printer.
NOTE
For details on the setting method, see the following.
Printer instruction manuals

Settings for Performing Authentication from This Software

Remote UI Settings
Printer control panel menu:
(Settings/Registration) > [Management Settings] > [License/Other]
[Remote UI]
On
[Use TLS]
On
If the Remote UI is already able to be used, this setting can be configured in the Remote UI.
Keyboard Authentication Settings
Remote UI menu:
[Settings/Registration] > [Management Settings] > [User Management] > [Authentication Management] > [Preferences] > [Basic Settings]
[Use of Authentication Function]
[Use the user authentication function]
On
[Keyboard Authentication]
On
[Keyboard Authentication]
[Local Device]
On
[Server]
On
Pull-down menu: [LDAP]
Also select [LDAP] for Active Directory.

LDAP Server Settings

IMPORTANT
When using Active Directory, configure the LDAP server settings with Active Directory as the LDAP server. Authentication from this software does not succeed by configuring Active Directory settings.
Remote UI menu:
[Settings/Registration] > [Management Settings] > [User Management] > [Authentication Management] > [Preferences] > [Server Settings]
After configuring the settings for linking with the LDAP server, configure the following settings for performing encrypted communication with the LDAP server.
[Use TLS]
On
Configure the following settings to set the printer administrator role to the LDAP users.
[Role Association]
[User Attribute to Browse]
Enter the name of the attribute with the name of the user or group registered.
[Character String]
Enter the name of the user or group registered in the attribute specified in [User Attribute to Browse].
[Role]
Select [Administrator].

Changing the FIPS Mode Setting with This Software Installed

The procedure for changing the FIPS mode setting with this software installed is indicated below. When upgrading this software, follow this procedure to change the FIPS mode setting before upgrading.
1.
Stop the services of this software.
Open [Windows Administrative Tools] > [Services] from the Start menu.
Stop the services in the following order.
Canon Management Console Agent (only when the Manager and Agent are running on the same computer)
Canon Management Console Manager
2.
Change the FIPS mode settings of Windows.
For information on the FIPS mode setting of Windows, see the documentation for Windows.
3.
Start the services in the following order.
Canon Management Console Manager
Canon Management Console Agent (only when the Manager and Agent are running on the same computer)
4.
If you enabled the FIPS mode with the settings file of Device Settings Configurator version 2.0.7 registered to this software, upload the settings file of Device Settings Configurator version 2.0.8.
For details, see the following.