Management Functions

Information Registered in User Authentication

Up to 5,001 users can be registered.

Registering Department IDs

Up to 1,000 Department IDs can be registered.

Authentication Functions

When an Active Directory server is specified as an authentication server, the following system environment is required.
Software (operating system):
Windows Server 2012*1/Windows Server 2012 R2*1/Windows Server 2016*1/Windows Server 2019*1
*1 Users cannot log in with Active Directory authentication if Kerberos Armoring is enabled for KDCrelated policies (group policies). Make sure to disable Kerberos Armoring.
Kerberos encryption methods for the Active Directory authentication supported by the current version of User Authentication are as follows.
Encryption method
128-bit AES (Advanced Encryption Standard)
256-bit AES (Advanced Encryption Standard)
DES (Data Encryption Standard)
RC4
The available encryption methods may vary, depending on the Active Directory settings.
Of the available encryption methods, the one with the highest cipher strength is automatically selected.
When specifying an Active Directory server as an authentication server, use the following ports*1 on the server.
To communicate with a DNS server:
port number 53
To communicate with a KDC (Key Distribution Center):
port number 88
To communicate with a server for LDAP directory service (can be changed to an arbitrary port number for the LDAP service):
port number 389
*1 The above port numbers are default values. These numbers may vary depending on the selected settings.
When specifying an LDAP server as an authentication server, the following system environment is required.
Software:
OpenLDAP
Operating system:
Requirements are pursuant to the product specifications of the LDAP server.
When specifying an LDAP server as an authentication server, use the following ports*1 on the server.
To communicate with the LDAP server using LDAP (when TLS is enabled):
port number 636
To communicate with the LDAP server using LDAP (when TLS is disabled):
port number 389
*1 The port numbers can be changed according to the LDAP server settings.

Firewall Settings

When specifying IP addresses in firewall settings, up to 16 IP addresses (or ranges of IP addresses) can be specified for both IPv4 and IPv6.
When specifying MAC addresses in firewall settings, up to 100 MAC addresses can be specified.
The exception addresses and exception port numbers that can be used for communication using the sub line and are registered by default are indicated below.
Exception addresses:
0.0.0.1 to 255.255.255.255
Exception port numbers:
53, 67, 68, 80, 161, 443, 515*, 631*, 3702, 5353, 5357, 5358, 8000*, 8080, 8443*, 9013, 9100*, 10443*, 20010*, 47545
* Inbound filter only

Registration of Certificates (User Signature Keys/Certificates, CA Certificates, S/MIME Certificates)

The algorithms and formats of keys and certificates that can be registered are as follows.
RSA signature algorithm:
SHA-1/SHA-256/SHA-384*1/SHA-512*1/MD2*2/MD5*2
RSA public-key algorithm (key length):
RSA (512 bits*2/1024 bits/2048 bits/4096 bits*2)
DSA signature algorithm:
SHA-1
DSA public-key algorithm (key length):
DSA (1024 bits/2048 bits/3072 bits)
ECDSA signature algorithm:
SHA-1/SHA-256/SHA-384/SHA-512
ECDSA public-key algorithm (key length):
ECDSA (P256/P384/P521)
Certificate format:
User Signature Keys/Certificates: PKCS#12*3
Keys, Certificates: PKCS#12*4
CA Certificates, S/MIME Certificates: X.509 DER/PEM
File extension:
User Signature Keys/Certificates: pfx/p12
Keys, Certificates: pfx/p12*4
CA Certificates, S/MIME Certificates: cer/pem
Maximum number of registerable certificates:
User Signature Keys/Certificates: 100 (one user certificate per user)
Keys, Certificates: 6*4
CA Certificates: 150
S/MIME Certificates: 2,000
*1 Available only when the key algorithm is 1024 bits or more.
*2 Cannot be used for user signatures
*3 Available only when installed by using the Remote UI.
*4 Used for TLS, IEEE802.1x, IPSec, and device signatures.

Registration of Certificate Revocation Lists (CRL)

Up to 50 certificate revocation lists (CRL) can be registered. Note, however, that CRL cannot be registered in the following cases.
The data size of the CRL exceeds 1 MB.
An unsupported signature algorithm is being used.
The number of revoked certificates registered in one CRL file exceeds 1,000.

Definition of "Weak Encryption"

When <Prohibit Use of Weak Encryption> is set to <On>, the use of the following algorithms are prohibited.
Hash:
MD4, MD5, SHA-1
HMAC:
HMAC-MD5
Common key cryptosystem:
RC2, RC4, DES
Public key cryptosystem:
RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA (512 bits/1024 bits), DH (512 bits/1024 bits)
Even when <Prohibit Use of Key/Certificate with Weak Encryption> is set to <On>, the hash algorithm SHA-1, which is used for signing a root certificate, can be used.

FIPS 140-2 Standard Algorithm

When <Format Encryption Method to FIPS 140-2> is set to <On>, the following algorithms are prohibited from use.
Hash:
MD4, MD5, SHA-1 (for a purpose other than TLS)
Common key cryptosystem:
RC2, RC4, DES, PBE
Public key cryptosystem:
RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA signature (512 bits/1024 bits), DH (512 bits/1024 bits)

Log Management

The following types of logs can be managed on the machine. Collected logs can be exported in the CSV file format.
Log Type
Number Indicated as "Log Type" in the CSV File
Description
User Authentication
Log
4098
This log contains information related to the authentication status of user authentication (login/logout and user authentication success/failure), the registering/changing/deleting of user information managed with User Authentication, and the management (adding/editing/deleting) of roles with the ACCESS MANAGEMENT SYSTEM.
Job Log
1001
This log contains information related to the completion of print jobs.
Transmission Log
8193
The log contains information related to transmissions.
Advanced Space Save Log
8196
This log contains information related to the saving of files to the Advanced Space, Network (Advanced Space of other machines), and Memory Media.
Mail Box Operation Log
8197
This log contains information related to the operations performed on data in the Mail Box.
Mail Box Authentication Log
8199
This log contains information related to the authentication status of the Mail Box.
Machine Management Log
8198
This log contains information related to the starting/shutting down of the machine, changes made to the settings by using the  (Settings/Registration), changes made to the settings by using the Device Information Delivery function, and the time setting. The Machine Management Log also records changes in user information or security-related settings when the machine is inspected or repaired by your dealer or service representative.
Network Authentication Log
8200
This log is recorded when IPSec communication fails.
Export/Import All Log
8202
This log contains information related to the importing/exporting of the settings by using the Export All/Import All function.
Mail Box Backup Log
8203
Log for backups of the following:
User Inboxes
Mail Box
Memory RX Inbox
Confidential Fax Inbox
Advanced Space
Any held data
Form registered for the Superimpose Images function
Application/Software Management Screen Operation Log
3101
This is an operation log for SMS (Service Management Service), software registration/updates, and MEAP application installers, etc.
Security Policy Log
8204
This log contains information related to the setting status of the security policy settings.
Group Management Log
8205
This log contains information related to the setting status (registering/editing/deleting) of the user groups.
System Maintenance Log
8206
This log contains information related to firmware updates and backup/restoration of the MEAP application, etc.
Authentication Print Log
8207
This log contains information and the operation history related to the forced hold print jobs.
Setting Synchronization Log
8208
This log contains information related to the synchronization of machine settings. Synchronizing Settings for Multiple Canon Multifunction Printers
Log for Audit Log Management
3001
This log contains information related to the starting and ending of this function (the Audit Log Management function), as well as the exporting of logs, etc.
Logs can contain up to 40,000 records. When the number of records exceeds 40,000, they are deleted, with the oldest records first.

Import/Export of the Setting Data

See Settings/Registration.

Data Backup/Restoration

To back up or restore data, you can use an external storage device that meets the following requirements.
Interface:
USB 2.0/USB 3.0
File system:
FAT32/exFAT
Partition size:
more than 32 GB (Must not be divided into multiple partitions)
Power supply:
must supply power from an external power source

Number of machines and users supported by synchronization of custom settings (server)

Number of synchronizable machines in a group: 10
Number of synchronizable users for personalized setting values: 1,000

Maximum number of users whose setting information can be saved in the machine

Users: 500
Groups: 50

Max. Buttons Registered on the <Home> Screen

Max. number of Personal buttons: 60 per user (total of 12,000 for all users)
Max. number of Shared buttons: 60

Images That Can Be Imported for Login Screen Background

File Size: 1,024 KB
File Extension: jpg, jpeg, or png
Image Size: 800 pixels x 486 pixels or smaller

Visual Message Specifications

File Format
JPEG, PNG, BMP, GIF, Animated GIF, and HTML (on the intranet/internet)
Communication Protocol
SMB, WebDAV, HTTP
Mazimum size of the contents
Max. 10 MB
Image Size
Other than HTML: 799 pixels x 509 pixels*
* If the image is larger than the above size, it is displayed in a reduced size without changing its aspect ratio. If the image is smaller than the above size, it is displayed without changing the size.
HTML: over 799 pixels x 509 pixels can be used (by scrolling through them)

SCEP Server Support

Only the Network Device Enrollment Service (NDES) of Windows Server 2008 R2/2012 R2/2016 is supported.
A8L7-0FY