Management Functions

Information Registered in User Authentication

Up to 5,001 users can be registered.

Registering Department IDs

Up to 1,000 Department IDs can be registered.

Authentication Functions

When an Active Directory server is specified as an authentication server, the following system environment is required.
Software (operating system):
Windows Server 2016*1/Windows Server 2019*1/Windows Server 2022*1
*1 Users cannot log in with Active Directory authentication if Kerberos Armoring is enabled for KDCrelated policies (group policies). Make sure to disable Kerberos Armoring.
Kerberos encryption methods for the Active Directory authentication supported by the current version of User Authentication are as follows.
Encryption method
128-bit AES (Advanced Encryption Standard)
256-bit AES (Advanced Encryption Standard)
DES (Data Encryption Standard)
RC4
The available encryption methods may vary, depending on the Active Directory settings.
Of the available encryption methods, the one with the highest cipher strength is automatically selected.
When specifying an Active Directory server as an authentication server, use the following ports*1 on the server.
To communicate with a DNS server:
port number 53
To communicate with a KDC (Key Distribution Center):
port number 88
To communicate with a server for LDAP directory service (can be changed to an arbitrary port number for the LDAP service):
port number 389
*1 The above port numbers are default values. These numbers may vary depending on the selected settings.
When specifying an LDAP server as an authentication server, the following system environment is required.
Software:
OpenLDAP
Operating system:
Requirements are pursuant to the product specifications of the LDAP server.
When specifying an LDAP server as an authentication server, use the following ports*1 on the server.
To communicate with the LDAP server using LDAP (when TLS is enabled):
port number 636
To communicate with the LDAP server using LDAP (when TLS is disabled):
port number 389
*1 The port numbers can be changed according to the LDAP server settings.

Firewall Settings

When specifying IP addresses in firewall settings, up to 16 IP addresses (or ranges of IP addresses) can be specified for both IPv4 and IPv6.
When specifying MAC addresses in firewall settings, up to 100 MAC addresses can be specified.
The exception addresses and exception port numbers that can be used for communication using the sub line and are registered by default are indicated below.
Exception addresses:
0.0.0.1 to 255.255.255.255
Exception port numbers:
53, 67, 68, 80, 161, 443, 515*, 631*, 3702, 5353, 5357, 5358, 8000*, 8080, 8443*, 9013, 9100*, 10443*, 20010*, 47545
* Inbound filter only

Registration of Keys and Certificates

If you install a key or CA certificate from a computer, make sure that they meet the following requirements:
Format
Key: PKCS#12*1
CA certificate: X.509 DER/PEM
File extension
Key: ".p12" or ".pfx"
CA certificate: ".cer" or ".pem"
Public key algorithm
(and key length)
RSA (512-bit, 1024-bit, 2048-bit, 4096-bit)
DSA (1024-bit, 2048-bit, 3072-bit)
ECDSA (P256, P384, P521)
Certificate signature algorithm
RSA: SHA-1, SHA-256, SHA-384*2, SHA-512*2, MD2, MD5
DSA: SHA-1
ECDSA: SHA-1, SHA-256, SHA-384, SHA-512
Certificate thumbprint algorithm
SHA-1
*1 Requirements for the certificate contained in a key are pursuant to CA certificates.
*2 SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024-bit or more.

Registration of Certificate Revocation Lists (CRL)

Up to 50 certificate revocation lists (CRL) can be registered. Note, however, that CRL cannot be registered in the following cases.
The data size of the CRL exceeds 1 MB.
An unsupported signature algorithm is being used.
The number of revoked certificates registered in one CRL file exceeds 10,000.

Definition of "Weak Encryption"

When [Prohibit Use of Weak Encryption] is selected, the use of the following algorithms is prohibited.
Hash:
MD4, MD5, SHA-1
HMAC:
HMAC-MD5
Common key cryptosystem:
RC2, RC4, DES
Public key cryptosystem:
RSA encryption (512-bit/1024-bit), RSA signature (512-bit/1024-bit), DSA signature (512-bit/1024-bit), DH (512-bit/1024 bit)
Even when [Prohibit Use of Key/Certificate with Weak Encryption] is selected, the hash algorithm SHA-1, which is used for signing a root certificate, can be used.

FIPS 140-2 Standard Algorithm

When [Format Encryption Method to FIPS 140-2] is selected, the following algorithms are prohibited from use.
Hash:
MD4, MD5, SHA-1 (for a purpose other than TLS)
Common key cryptosystem:
RC2, RC4, DES, PBE
Public key cryptosystem:
RSA encryption (512-bit/1024-bit), RSA signature (512-bit/1024-bit), DSA signature (512-bit/1024-bit), DH (512-bit/1024-bit)

Log Management

The following types of logs can be managed on the machine. Collected logs can be exported in the CSV file format.
Log Type
Number Indicated as "Log Type" in the CSV File
Description
User Authentication
Log
4098
This log contains information related to the authentication status of user authentication (login/logout and user authentication success/failure), the registering/changing/deleting of user information managed with User Authentication.
Job Log
1001
This log contains information related to the completion of print jobs.
Receive Log
8193
This log contains information related to reception.
Machine Management Log
8198
This log contains information related to the starting/shutting down of the machine and changes made to the settings using <Set>. The Machine Management Log also records changes in user information or security-related settings when the machine is inspected or repaired by your dealer or service representative.
Network Authentication Log
8200
This log is recorded when IPSec communication fails.
Export/Import All Log
8202
This log contains information related to the importing/exporting of the settings by using the Export All/Import All function.
Application/Software Management Screen Operation Log
3101
This is an operation log for software registration/updates, and MEAP application installers, etc.
Security Policy Log
8204
This log contains information related to the setting status of the security policy settings.
System Maintenance Log
8206
This log contains information related to firmware updates and backup/restoration of the MEAP application, etc.
Authentication Print Log
8207
This log contains information and the operation history related to the forced hold print jobs.
Log for Audit Log Management
3001
This log contains information related to the starting and ending of this function (the Audit Log Management function), as well as the exporting of logs, etc.
Logs can contain up to 40,000 records. When the number of records exceeds 40,000, they are deleted, with the oldest records first.

Import/Export of the Setting Data

See Settings/Registration.

SCEP Server Support

Only the Network Device Enrollment Service (NDES) of Windows Server 2016 is supported.
A3Y3-0C8