Page 6
This User's Guide provides descriptions of the operating procedures and precautions for using Authentica- tion Unit (IC Card Type) AU-211P. Carefully read this User's Guide before using this device. The actual screens that appear may be slightly different from the screen images used in this User's Guide.
MFP compatible with PKI card authentication system PKI card available for PIV and CAC User management using Active Directory (Kerberos authentication + PKINIT) NOTICE Do not disconnect the USB cable while using this unit. Doing so may cause this system to become unstable. AU-211P...
Part Names and their Functions Part name Description Card inlet Used to insert the PKI card. LED lamp Turns green when you insert a PKI card into this unit. Blinks green during authentication. USB cable Used to connect this device to the MFP. AU-211P...
Enter the IPv6 global address when manually configuring the setting. [Prefix Length] Enter the prefix length of the IPv6 global address between 1 and 128 when manually configuring the setting. [Gateway Address] Enter the gateway address when manually configuring the setting. AU-211P...
Name1] to [DNS Search Do- (using up to 63 characters). Hyphen (-) and period (.) are available as sym- main Name3] bols. However, the name cannot be specified using only symbols, and also cannot be suffixed by a symbol. AU-211P...
(default: [24] hours). [Data Entry] Connect to the NTP server, and adjust the time. Tips Before adjusting the time, select [Utility] - [Administrator] - [Maintenance] - [Date/Time Setting] - [Manual Set- ting], and check that the time zone is set correctly. AU-211P...
When specifying the host name instead of the address, select the [Please check to enter host name.] check box. Reference For details on how to use Web Connection, refer to the User’s Guide (Web Management Tool) supplied with the MFP. AU-211P...
The authentication unit does not support ErP; therefore, set to the power saving mode. Select [Utility] - [Administrator] - [Maintenance] - [Timer Setting] - [Power Settings], and configure the follow- ing settings. Item Description [Power Key Setting] Select [Power Save] (default: [Power Save]). AU-211P...
Select [Utility] - [Administrator] - [Network] - [OpenAPI Setting] - [OpenAPI Setting], and set [External Appli- cation Connection] to OFF (default: ON). However, when TPM is installed, there will be no problems if this option is turned ON. AU-211P 2-10...
Then, tap [OK]. % You can log in as the public user if Public User Access is enabled. % When logging in to the MFP as the administrator or User Box administrator, tap [ID & PW], and enter the password. AU-211P...
To issue the caution sound, select [Sound Setting] - [Sound Setting] and set [Warning Sound] to [On] in [Accessibility Setting] screen, and also set [Simple Caution Sound (Level 1)] to [Yes] in [Sound Setting] - [Caution Sound] in advance. AU-211P...
The user can obtain the position of the user’s Home folder from Active Directory, and easily send data to the Home fold- er of the user’s computer. This function is effective when frequently sending scanned data to the user’s address. AU-211P...
LDAP search (default: [OFF]). [Initial Setting for Search De- Specify the default LDAP search conditions for each item (default: [OR]). tails] • [Search Attributes Authentication]: This setting is not available. [Search Attribute]: This setting is not available. AU-211P...
Enter the search word, and tap [Search]. % Perform authentication for the selected LDAP server using the Kerberos authentication ticket, and make a search. Reference For details on the LDAP search, refer to the User's Guide (Scan) supplied with the MFP. AU-211P...
Use the Kerberos authentication ticket to log in to the destination computer and save scanned data. Tips This function is not available when you log in to the MFP as a public user, administrator, administrative user, or User Box administrator. AU-211P...
SMB signature on the server side is disabled, it will not be possible to make a connection. Reference Configure the WINS server setting to fit your environment. For details, refer to the User’s Guide (Web Man- agement Tool) supplied with the MFP. AU-211P...
For details on the SMB TX method, refer to the User's Guide (Scan) supplied with the MFP. This function allows you to set the operation to be performed when authentication has failed using a Kerberos authentication ticket. For details, refer to "[Client Setting] (p. 3-9)". AU-211P 3-10...
When you are logging in to the MFP using a PKI card, log in to the searched computer using the Kerberos authentication ticket, and register or specify it as the destination. <SMB destination registration screen> <SMB destination specification screen in classic style (Direct Input)> AU-211P 3-11...
Scan to Me function, refer to "Scan To Me (p. 3-26)". Tapping, fabrication or spoofing PKI Card Encryption + Digital Signature Tips This function is not available when you log in to the MFP as a public user, administrator, administrative user, or User Box administrator. AU-211P 3-12...
OCSP (Online Certificate Status Protocol) service, and CRL (Certificate Revocation List). Reference For details on how to configure the settings required to send an e-mail, refer to the User’s Guide (Web Man- agement Tool) supplied with the MFP. AU-211P 3-13...
When adding a digital signature using the PIV card, enter the PIN code when sending an e-mail. If the PIV card is locked because an incorrect PIN code has been entered, the e-mail sending job will be dis- carded. AU-211P 3-14...
The optional i-Option LK-102 v3 or i-Option LK-110 v2 is required to use the PDF document encryp- tion function using the PKI card. This function is not available when you log in to the MFP as a public user, administrator, administrative user, or User Box administrator. AU-211P 3-15...
Select [PDF] or [Compact PDF] on the scan/fax screen of classic style, set [PDF Detail Setting] - [Encryption] to [ON], and configure the following setting. In [Encryption Type], select [Digital ID], and tap the detail icon of [Select Digital ID]. To encrypt a document using the digital ID of the PKI card, tap [PKI Card]. AU-211P 3-16...
Select [PDF] or [Compact PDF] on the Scan/Fax screen of classic style., set [PDF Detail Setting] - [Digital Sig- nature] to [ON], and select the signature encryption level from [SHA1] or [SHA256]. Tips The PDF document encryption setting is required to use this function. For details, refer to "Encrypting a PDF Document (p. 3-16)". AU-211P 3-17...
Encrypt print data using the PKI card to send it from the printer driver to the MFP. Move to the MFP while holding the PKI card. Insert the PKI card into the MFP to perform Active Directory authentication. Decode print data using the PKI card, and print it. AU-211P 3-18...
Windows Server 2012 R2 Standard Windows 10 Home * Windows 10 Pro * Windows 10 Enterprise * Windows 10 Education * Windows Server 2016 Standard Windows Server 2016 Datacenter * Available in 32-bit (x86) or 64-bit (x64) environment. AU-211P 3-19...
The PKI Encrypted Document User Box can contain up to 200 documents. [PKI Encryption Document Delete Time Setting] Tap [Utility] - [Administrator] - [System Settings] - [User Box Setting] - [PKI Encryption Document Delete Time Setting]. Specify the period from the document saving time to the automatic deletion time. AU-211P 3-20...
This section describes the printer driver setting to encrypt print data using the PKI card and send it to the MFP. Click [Print] in the menu of the application software. Select the printer used for printing. Click [Properties] (or [Preferences]). Click the [Basic] tab. Click [Authentication/Account Track]. AU-211P 3-21...
Page 38
Active Direction registered in No. 2, set the [Realm(Domain)] value to [2]. % PKI Card Print uses authentication information of the PKI card; therefore, it disables the authentica- tion information specified in [User Authentication]. Select [PKI Card Print] in [Output Method], and click [OK]. AU-211P 3-22...
The documents stored in the PKI Encrypted Document User Box are deleted automatically after the specified period has lapsed. For details on how to specify the deletion time, "Specifying the Print Data Deletion Time (p. 3-20)". The printed data is deleted from the PKI Encrypted Document User Box after printing. AU-211P 3-23...
Page 40
PIN code, the system prints all the relevant user’s data and logs into the MFP. Tips When printing is performed simultaneously with authentication, data in the ID & Print User Box is also printed. For details on ID & Print, refer to the User's Guide (Print) supplied with the MFP. AU-211P 3-24...
Page 41
Tap [User Box] - [System] - [PKI Encrypted Document]. A login user's print data list is displayed. Select the desired data, and tap [Print]. % To delete data, select the target data, and tap [Delete]. % Tap [Details] to view detailed information on the selected data. AU-211P 3-25...
Receive an e-mail. After you have encrypted an e-mail or added a digital signature when sending the e-mail, decrypt the e-mail and check the signature using the PKI card. Tips This function is not available when you log in to the MFP as a public user, administrator, administrative user, or User Box administrator. AU-211P 3-26...
Tap [Scan to Email] on the home screen. Tap [Me]. Configure Scan option settings as necessary. Use the Start key to start transmission. Tips For details on the scan condition settings, refer to the User's Guide (Scan) supplied with the MFP. AU-211P 3-27...
For details on how to handle SMB TX using the PKI card and configure the setting, refer to "SMB TX using PKI card (p. 3-8)". Reference Configure the WINS server setting to fit your environment. For details, refer to the User’s Guide (Web Man- agement Tool) supplied with the MFP. AU-211P 3-28...
Tap [Scan/Fax] on the main menu of classic style. Tap [Home]. Configure Scan option settings as necessary. Use the Start key to start transmission. Tips For details on the scan condition settings, refer to the User's Guide (Scan) supplied with the MFP. AU-211P 3-29...
Description [PKI Card Authentications] To operate in the PIV Transitional specifications, select PIV Transitional Mode from PIV or CAC. [Certificate Verification Setting] Description Sets the method to verify a certificate. For details, refer to "[Certificate Verification Setting] (p. 2-8)". AU-211P...
[SNMP Setting] Item Description [SNMP v1/v2c Setting] The default of [Write Community Name] is OFF. [SNMP v3 (IP)] OFF is specified by default. Tips We recommend that this function is set to the disable state when this system is operated. AU-211P...
Method] [Job Log Settings] Item Description [Job Log Usage Set.] The default setting of [Audit Log] is OFF. When setting to ON, we recom- mend that you install i-Option LK-115 v2 (TPM option) to ensure a more safe use. AU-211P...
Page 51
Product Specifications Appendix Product Specifications Item Specifications Product name Authentication unit (PKI-IC card type) AU-211P 70 mm (L) e 70 mm (W) e 10 mm (H) Dimensions Weight 60 g Power supply USB bus power Range of operating temper- 0 to 50°C...