Management Functions
Information Registered in User Authentication
Up to 5,001 users can be registered.
Registering Department IDs
Up to 1,000 Department IDs can be registered.
Authentication Functions
When an Active Directory server is specified as an authentication server, the following system environment is required.
Software (operating system): | Windows Server 2012*1/Windows Server 2012 R2*1/Windows Server 2016*1/Windows Server 2019*1/Windows Server 2022*1 |
*1 Users cannot log in with Active Directory authentication if Kerberos Armoring is enabled for KDCrelated policies (group policies). Make sure to disable Kerberos Armoring. | |
Kerberos encryption methods for the Active Directory authentication supported by the current version of User Authentication are as follows.
Encryption method | 128-bit AES (Advanced Encryption Standard) 256-bit AES (Advanced Encryption Standard) DES (Data Encryption Standard) RC4 |
|
The available encryption methods may vary, depending on the Active Directory settings. Of the available encryption methods, the one with the highest cipher strength is automatically selected. |
When specifying an Active Directory server as an authentication server, use the following ports*1 on the server.
To communicate with a DNS server: | port number 53 |
To communicate with a KDC (Key Distribution Center): | port number 88 |
To communicate with a server for LDAP directory service (can be changed to an arbitrary port number for the LDAP service): | port number 389 |
*1 The above port numbers are default values. These numbers may vary depending on the selected settings. | |
When specifying an LDAP server as an authentication server, the following system environment is required.
Software: | OpenLDAP |
Operating system: | Requirements are pursuant to the product specifications of the LDAP server. |
When specifying an LDAP server as an authentication server, use the following ports*1 on the server.
To communicate with the LDAP server using LDAP (when TLS is enabled): | port number 636 |
To communicate with the LDAP server using LDAP (when TLS is disabled): | port number 389 |
*1 The port numbers can be changed according to the LDAP server settings. | |
Firewall Settings
When specifying IP addresses in firewall settings, up to 16 IP addresses (or ranges of IP addresses) can be specified for both IPv4 and IPv6.
When specifying MAC addresses in firewall settings, up to 100 MAC addresses can be specified.
The exception addresses and exception port numbers that can be used for communication using the sub line and are registered by default are indicated below.
Exception addresses: | 0.0.0.1 to 255.255.255.255 |
Exception port numbers: | 53, 67, 68, 80, 161, 443, 515*, 631*, 3702, 5353, 5357, 5358, 8000*, 8080, 8443*, 9013, 9100*, 10443*, 20010*, 47545 |
* Inbound filter only | |
Registration of Certificates (User Signature Keys/Certificates, CA Certificates, S/MIME Certificates)
The algorithms and formats of keys and certificates that can be registered are as follows.
RSA signature algorithm: | SHA-1*1/SHA-256/SHA-384*2/SHA-512*2/MD2*1*3/MD5*1*3 |
RSA public-key algorithm (key length): | RSA (512 bits*3/1024 bits/2048 bits/4096 bits*3) |
DSA signature algorithm: | SHA-1*1*3 |
DSA public-key algorithm (key length): | DSA (1024 bits/2048 bits/3072 bits)*1*3 |
ECDSA signature algorithm: | SHA-1*1*3/SHA-256/SHA-384/SHA-512 |
ECDSA public-key algorithm (key length): | ECDSA (P256/P384/P521) |
Certificate format: | User Signature Keys/Certificates: PKCS#12*1 Keys, Certificates: PKCS#12*1*4 CA Certificates, S/MIME Certificates: X.509 DER/PEM |
File extension: | User Signature Keys/Certificates: pfx/p12 Keys, Certificates: pfx/p12*4 CA Certificates, S/MIME Certificates: cer/pem |
Maximum number of registerable certificates: | User Signature Keys/Certificates: 100 (one user certificate per user) Keys, Certificates: 6*4 CA Certificates: 150 S/MIME Certificates: 2,000 |
*1 Available only when installed by using the Remote UI. *2 Available only when the key algorithm is 1024 bits or more. *3 Cannot be used for user signatures *4 Used for TLS, IEEE802.1x, IPSec, and device signatures. | |
Registration of Certificate Revocation Lists (CRL)
Up to 50 certificate revocation lists (CRL) can be registered. Note, however, that CRL cannot be registered in the following cases.
The data size of the CRL exceeds 1 MB.
An unsupported signature algorithm is being used.
The number of revoked certificates registered in one CRL file exceeds 10,000.
Definition of "Weak Encryption"
When <Prohibit Use of Weak Encryption> is set to <On>, the use of the following algorithms are prohibited.
Hash: | MD4, MD5, SHA-1 |
HMAC: | HMAC-MD5 |
Common key cryptosystem: | RC2, RC4, DES |
Public key cryptosystem: | RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA (512 bits/1024 bits), DH (512 bits/1024 bits) |
|
Even when <Prohibit Use of Key/Certificate with Weak Encryption> is set to <On>, the hash algorithm SHA-1, which is used for signing a root certificate, can be used. |
FIPS 140-2 Standard Algorithm
When <Format Encryption Method to FIPS 140-2> is set to <On>, the following algorithms are prohibited from use.
Hash: | MD4, MD5, SHA-1 (for a purpose other than TLS) |
Common key cryptosystem: | RC2, RC4, DES, PBE |
Public key cryptosystem: | RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA signature (512 bits/1024 bits), DH (512 bits/1024 bits) |
Log Management
The following types of logs can be managed on the machine. Collected logs can be exported in the CSV file format.
Log Type | Number Indicated as "Log Type" in the CSV File | Description |
User Authentication Log | 4098 | This log contains information related to the authentication status of user authentication (login/logout and user authentication success/failure), the registering/changing/deleting of user information managed with User Authentication, and the management (adding/editing/deleting) of roles with the ACCESS MANAGEMENT SYSTEM. |
Job Log | 1001 | This log contains information related to the completion of copy/fax/scan/send/print jobs. |
Transmission Log | 8193 | The log contains information related to transmissions. |
Advanced Box Save Log | 8196 | This log contains information related to the saving of files to the Advanced Box, Network (Advanced Box of other machines), and Memory Media. |
Mail Box Operation Log | 8197 | This log contains information related to the operations performed on data in the Mail Box, the Memory RX Inbox, and the Confidential Fax Inbox. |
Mail Box Authentication Log | 8199 | This log contains information related to the authentication status of the Mail Box, the Memory RX Inbox, and the Confidential Fax Inbox. |
Advanced Box Operation Log | 8201 | This log contains information related to data operations in the Advanced Box. |
Machine Management Log | 8198 | This log contains information related to the starting/shutting down of the machine, changes made to the settings by using the  (Settings/Registration), changes made to the settings by using the Device Information Delivery function, and the time setting. The Machine Management Log also records changes in user information or security-related settings when the machine is inspected or repaired by your dealer or service representative. |
Network Authentication Log | 8200 | This log is recorded when IPSec communication fails. |
Export/Import All Log | 8202 | This log contains information related to the importing/exporting of the settings by using the Export All/Import All function. |
Mail Box Backup Log | 8203 | Log for backups of the following: User Inboxes Memory RX Inbox Confidential Fax Inbox Advanced Box |
Application/Software Management Screen Operation Log | 3101 | This is an operation log for SMS (Service Management Service), software registration/updates, and MEAP application installers, etc. |
Security Policy Log | 8204 | This log contains information related to the setting status of the security policy settings. |
Group Management Log | 8205 | This log contains information related to the setting status (registering/editing/deleting) of the user groups. |
System Maintenance Log | 8206 | This log contains information related to firmware updates and backup/restoration of the MEAP application, etc. |
Authentication Print Log | 8207 | This log contains information and the operation history related to the forced hold print jobs. |
Setting Synchronization Log | 8208 | This log contains information related to the synchronization of machine settings. Synchronizing Settings for Multiple Canon Multifunction Printers |
Log for Audit Log Management | 3001 | This log contains information related to the starting and ending of this function (the Audit Log Management function), as well as the exporting of logs, etc. |
|
Logs can contain up to 40,000 records. When the number of records exceeds 40,000, they are deleted, with the oldest records first. |
Import/Export of the Setting Data
Data Backup/Restoration
To back up or restore data, you can use an external storage device that meets the following requirements.
Interface: | USB 2.0/USB 3.0 |
File system: | FAT32/exFAT |
Partition size: | more than 32 GB (Must not be divided into multiple partitions) |
Power supply: | must supply power from an external power source |
Number of machines and users supported by synchronization of custom settings (server)
Number of synchronizable machines in a group: 10
Number of synchronizable users for personalized setting values: 1,000
Maximum number of users whose setting information can be saved in the machine
Users: 500
Groups: 50
Max. Users Displayed for Picture Login
Up to 200 users
Max. Buttons Registered on the <Home> Screen
Max. number of Personal buttons: 60 per user (total of 12,000 for all users)
Max. number of Shared buttons: 60
Max. Destinations Registered to Address Book
Address Lists 1 to 10/ Address List for Administrator: 1,600
One-Touch Address List: 200
Personal Address List: 25
Group Address List: 4,000*1 (10 groups*2 x 400 destinations*3)
*1 Total 20,000 for all groups
*2 Max. number of groups per user (a total of 50 groups can be registered in a device)
*3 Max. number of destinations per group
Images That Can Be Imported for Login Screen Background
File Size: 1,024 KB
File Extension: jpg, jpeg, or png
Image Size: 800 pixels x 486 pixels or smaller
Visual Message Specifications
File Format | JPEG, PNG, BMP, GIF, Animated GIF, and HTML (on the intranet/internet) |
Communication Protocol | SMB, WebDAV, HTTP |
Maximum size of the contents | Max. 10 MB |
Image Size | Other than HTML: 799 pixels x 509 pixels* * If the image is larger than the above size, it is displayed in a reduced size without changing its aspect ratio. If the image is smaller than the above size, it is displayed without changing the size. HTML: over 799 pixels x 509 pixels can be used (by scrolling through them) |
SCEP Server Support
Only the Network Device Enrollment Service (NDES) of Windows Server 2008 R2/2012 R2/2016 is supported.