To specify an Active Directory, Microsoft Entra ID or LDAP server as an additional authentication device, you must register the information ofthe server used for authentication. Conduct a connection test as necessary. |
1 | Select the check box for [Use Active Directory] and select [Set Manually] for [Set Domain List:]. |
2 | Click [Active Directory Management...] [OK]. |
3 | Click [Add Domain...]. |
4 | Enter the necessary information. [Domain Name:] Enter the domain name of the Active Directory that is the login destination (Example: company.domain.com). [NetBIOS Name] Enter the NetBIOS domain name (Example: company). [Primary Host Name or IP Address:] / [Secondary Host Name or IP Address:] Enter the host name of the Active Directory server or the IPv4 address. When using a secondary server, specify the name in [Secondary Host Name or IP Address:]. Example: Using a host name: ad-server1 Using an IPv4 address: 192.168.18.138 [User Name:] / [Password:] Enter the user name and password to use for accessing and searching the Active Directory server. [Starting Point for Search:] Specify the location to access and search in the Active Directory Server. [Login Name:] / [Displayed As] / [E-Mail Address:] Specify the data fields (attribute names) for the login name, display name, and e-mail address of each user account on the Active Directory server (Example: sAMAccountName, cn, mail). |
5 | Click [Test Connection] to confirm that connection is possible, and then click [Add]. To edit server information Click [Edit] for the server information that you want to edit, make the necessary changes, and click [Update]. |
1 | Select the check box for [Use LDAP server] and click [LDAP Server Management...] [OK]. |
2 | Click [Add Server...]. |
3 | Enter the LDAP server information. [Server Name] Enter the name for the LDAP server. The name "localhost" cannot be used. The server name may not include spaces. [Primary Address] Enter the IP address or host name of the LDAP server (Example: ldap.example.com). The loopback address (127.0.0.1) cannot be used. [Port:] Enter the port number used for communicating with the LDAP server. Use the same setting that is configured on the server. If you do not enter a number, it is automatically set to "636" when the check box is selected for [Use TLS], or it is set to "389" when the check box is cleared. [Secondary Address:] / [Port:] When using a secondary server in your environment, enter the IP address and the port number. [Comments] Enter a description or note as necessary. [Use TLS] Select the check box when using TLS encryption for communications with the LDAP server. [Use authentication information] Clear the check box to allow anonymous access to the LDAP server, only if the LDAP server is set to allow anonymous access. When using the user name and password for authentication, select the check box and enter values for [User Name:] and [Password:]. [Starting Point for Search:] Specify the location (level) to search for user information when LDAP server authentication is performed. |
4 | Specify how to set the attribute names and domain name. [User Name (Keyboard Authentication):] Specify the LDAP data field (attribute name) for the user name on the LDAP server (Example: uid). [Login Name:] / [Display Name:] / [E-Mail Address:] Specify the LDAP data fields (attribute names) for the login name, display name, and e-mail address of each user account on the LDAP server (Example: uid, cn, mail). [Specify the domain name] / [Specify the attribute name for domain name acquisition] Select how to set the domain name of the login destination. To specify the domain name directly, select [Specify the domain name] and enter the domain name. To specify an LDAP data field (attribute name) from which to acquire the domain name on the LDAP server, select [Specify the attribute name for domain name acquisition] and enter the attribute name (Example: dc). |
5 | Click [Test Connection] to confirm that connection is possible, and then click [Add]. |
1 | Select the [Use Microsoft Entra ID] checkbox. |
2 | Click [Domain Settings]. The [Microsoft Entra ID Domain Settings] screen is displayed. |
3 | Specify the Microsoft Entra ID information. [Login Destination Name:] Enter the name to be displayed at the login destination. * You cannot use control characters or spaces. [Domain Name:] Enter the domain name of the Microsoft Entra ID that is the login destination. [Application ID:] Enter the application (client) ID. [Secret:] Enter the secret generated by Microsoft Entra ID. You do not need to enter this when [Key and Certificate:] is used. [Key and Certificate:] Press [Key and Certificate] when you use a key and certificate. You can press [Export Certificate] to export the certificate to be registered to Microsoft Entra ID. [Microsoft Entra ID Authentication URL:] and [Microsoft Entra ID API URL:] Enter the URLs. Depending on your cloud environment, you may need to change the settings. |
4 | Specify the attributes. Enter the attributes for the login name, display name, and e-mail address of each user account on the server. [Login Name:] From the pulldown menu, select the attribute for the login name of each user account on the server. * To specify an attribute not displayed in the pulldown menu, you can enter it directly. [WindowsLogonName]: displayName is obtained from Microsoft Entra ID. displayName is changed as follows to create the login name: Spaces and the following characters are deleted from displayName: * + , . / : ; < > = ? \ [ ] |. "@" and any subsequent characters are deleted. Character strings exceeding 20 characters are shortened to 20 characters or less. Example: When displayName is "user.001@example.com," the login name becomes "user001." [displayName]: displayName obtained from Microsoft Entra ID becomes the login name. [userPrincipalName]: userPrincipalName obtained from Microsoft Entra ID becomes the login name. [userPrincipalName-Prefix]: The portion before "@" in userPrincipalName obtained from Microsoft Entra ID becomes the login name. Example: When userPrincipalName is "user.002@mail.test," the login name becomes "user.002." [Display Name:] / [E-Mail Address:] Enter the attributes for the display name and e-mail address of each user account on the server. |
5 | Specify the domain name of the login destination in [Domain Name:] under [Domain Name to Set for Login Account]. |
6 | Specify the settings in [Autocomplete for Entering User Name When Using Keyboard Authentication] under [Domain Name to Autocomplete:]. Enter the name of the domain for which to perform autocomplete. Normally, set the same name as entered in [Domain Name:]. |
7 | Click [Test Connection] to test the connection. |
8 | Click [Update]. The screen returns to the [Edit Server Settings] screen. |
[Search Criteria] | Select the search criteria for [Character String]. |
[Character String] | Enter the character string that is registered to the attribute specified in [User Attribute to Browse:]. To set the privileges based on the group that user belongs to, enter the group name. |
[Role] | Select the privileges that apply to users who match the criteria. |
DNS SettingsThe following settings are required if the port number used for Kerberos on the Active Directory side is changed. Information for the Kerberos service of Active Directory must be registered as an SRV record as follows: Service: "_kerberos" Protocol: "_udp" Port number: The port number used by the Kerberos service of the Active Directory domain (zone) Host offering this service: Host name of the domain controller that is actually providing the Kerberos service of the Active Directory domain (zone) Batch importing/batch exportingThis setting can be imported/exported with models that support batch importing of this setting. Importing/Exporting the Setting Data This setting is included in [Settings/Registration Basic Information] when batch exporting. Importing/Exporting All Settings |