Konica Minolta bizhub 361 User Manual
  1. Manuals
  2. Brands
  3. Konica Minolta Manuals
  4. Printer Accessories
  5. bizhub 361
  6. User manual

Konica Minolta bizhub 361 User Manual

Authentication unit (ic card type)
Hide thumbs Also See for bizhub 361:
Table of Contents

Advertisement

Quick Links

See also: Service Manual , User Manual
AU-211P CAC/PIV Solution
Users Guide

Advertisement

Table of Contents
loading

Related Manuals for Konica Minolta bizhub 361

Summary of Contents for Konica Minolta bizhub 361

  • Page 1 AU-211P CAC/PIV Solution Users Guide...
  • Page 2 Introduction Introduction Thank you for choosing this device. This guide provides descriptions of the installation, operating procedures and precautions for using Authentication Unit (IC Card Type) AU-211P. Carefully read this User’s Guide before using this device. The actual screens that appear may be slightly different from the screen images used in this User’s Guide.

  • Page 3: Safety Information

    Introduction Safety Information Carefully read this information. - Before using this device, carefully read this information and follow it to operate the device correctly. Important information - The reprinting or reproduction of the content of this publication, either in part or in full, is prohibited without prior permission. - The content of this publication is subject to change without notice.
  • Page 4 Introduction Regulation notices USER INSTRUCTIONS FCC PART 15 - RADIO FREQUENCY DEVICES (For U.S.A. Users) FCC: Declaration of Conformity Product Type Authentication Unit (IC Card Type) Product Name AU-211P (This device complies with Part 15 of the FCC Rules.) Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of this device.
  • Page 5 Introduction INTERFERENCE-CAUSING EQUIPMENT STANDARD (ICES-003 ISSUE 4) (For Canada Users) (This device complies with RSS-Gen of IC Rules.) Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of this device.

  • Page 6: How To Use The Authentication Unit

    How to Use the Authentication Unit How to Use the Authentication Unit This chapter explains how to log in and autheniticate a CAC/PIV card user onto the network via the MFP. This chapter also explains how to log a user off the network/MFP.
  • Page 7 How to Use the Authentication Unit Detail If an incorrect PIN code is entered, "No. of Allowable Auth Failure" appears on the screen. After 3 consecutive authentication failures the CAC/PIV card will be locked for security reasons. For details on how to unlock the CAC/PIV card, contact your PKI card administrator.
  • Page 8 How to Use the Authentication Unit Specific MFP Functions Using CAC/PIV Card Authentication This section explains the specific MFP functions using the CAC/PIV card authentication. Basic functions Function Description Address Search Logs into the LDAP server using the Kerberos p. 72 (LDAP) authentication ticket that is obtained by Active Directory authentication with the CAC/PIV card...
  • Page 9 How to Use the Authentication Unit Ensuring a higher level of security To ensure a higher level of security, use the Scan To Me and Scan To Home functions. Note To use these functions, ask your service engineer to configure settings. For details, contact your service representative.

  • Page 10: Address Search (Ldap)

    How to Use the Authentication Unit Address Search (LDAP) 5.3.1 Overview This function will allow a CAC/PIV card user to log in to an LDAP server and perform an address name search. The process utilizes a Kerberos authentication ticket that is obtained by Active Directory and authenticates with the card when searching for a destination via the LDAP server.
  • Page 11 How to Use the Authentication Unit 5.3.2 LDAP Related Settings This section explains how to configure the address search (LDAP) settings on the MFP that supports this system. Enabling LDAP Configure settings to use the LDAP server. On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [Network Settings] - [LDAP Settings] - [Enabling LDAP].
  • Page 12 How to Use the Authentication Unit Item Description LDAP Server Name Specify the LDAP server name (up to 32 characters). Max. Search Results Enter the maximum number of items that can be received as address search (LDAP) results. Timeout Specify the timeout period for address search (LDAP). Initial Setting for Search Specify address search (LDAP) conditions.
  • Page 13 How to Use the Authentication Unit When a single LDAP server is registered Press [Begin Authentication] to perform authentication with the Kerberos authentication ticket and connect to the LDAP server. After connecting to the LDAP server, select the desired method to search for the destination.
  • Page 14 How to Use the Authentication Unit Scan to SMB (Network Share) 5.4.1 Overview This function allows a user to scan a document into the destination computer via SMB using a Kerberos authentication ticket that is obtained by Active Directory and authenticates with the CAC/PIV. Active Directory CAC/PIV Card Scanned data...
  • Page 15 How to Use the Authentication Unit 5.4.2 Scan to SMB Related Settings This section explains how to configure the Scan to SMB settings on the MFP. Client Settings Configure the setting to perform SMB TX. On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [Network Settings] - [SMB Settings] - [Client Settings].
  • Page 16 How to Use the Authentication Unit 5.4.3 Performing Scan to SMB at the MFP Use the Fax/Scan screen on the MFP control panel to specify the target SMB address. When SMB TX starts, you can use the Kerberos authentication ticket to log into the destination computer and save scanned data in a shared holder.
  • Page 17 How to Use the Authentication Unit Scan to E-mail (S/MIME) 5.5.1 Overview This function allows a CAC/PIV card user to authenticate and Scan to Email from the MFP. A user will be able to add a digital signature when sending an e-mail.
  • Page 18 How to Use the Authentication Unit 5.5.2 Scan to Email Related Settings This section explains how to configure settings to encrypt an e-mail or add a digital signature on the MFP. S/MIME Communication Settings Configure settings to encrypt an e-mail and add a digital signature. On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [Network Settings] - [E-Mail Settings] - [S/MIME Communication Settings].
  • Page 19 How to Use the Authentication Unit 5.5.3 Encrypting an E-Mail and Adding a Digital Signature Display the Fax/Scan screen on the MFP control panel, and press [Communication Settings]. - To encrypt an e-mail, press [E-Mail Encryption], and specify the e- mail address with the certificate registered.

  • Page 20: Pki Card Print

    How to Use the Authentication Unit PKI Card Print 5.6.1 Overview This function encrypts print data using the CAC/PIV card before sending the data from the printer driver to the MFP. The print data is saved in the PKI Encrypted Document User Box of the MFP, when the user authenticates at the MFP using their CAC/PIV card the print data is decrypted and print is outputted.

  • Page 21: Installing The Printer Driver

    How to Use the Authentication Unit 5.6.2 Installing the Printer Driver To use PKI Card Print, install a printer driver compatible with this system in the computer. Required System Environment The printer drivers are available in the following environment. Type Page Supported Operating System description...
  • Page 22 How to Use the Authentication Unit Installing the printer driver Install the printer driver using Add Printer Wizard of the Windows printer. <Windows XP or Server 2003> Click the Start Menu, and then [Printers and Faxes]. - For Windows XP, click [Add a printer] under the [Printer Tasks] menu. - For Windows Server 2003, double-click [Add Printer].
  • Page 23 How to Use the Authentication Unit 5.6.3 Specifying the Print Data Deletion Time The data encrypted with the card is deleted from the PKI Encrypted CAC/PIV Document User Box of the MFP after saved in the User Box and printed on the MFP.
  • Page 24 MFP. CAC/PIV Click [Print] in the menu of the application software. Select the desired printer ("KONICA MINOLTA C353 Series PS" or "KONICA MINOLTA C353 Series PCL"). Click [Properties] or [Preferences]. The Basic tab appears.
  • Page 25 How to Use the Authentication Unit – If Account Track is enabled, enter the "Department Name" and "Password" under "Account Track". To enable Account Track, con- figure the printer driver setting separately. For details on setting, re- fer to the User's Guide [Printer Operations] supplied together with the MFP.
  • Page 26 How to Use the Authentication Unit MFP printing The following explains how to print data on the MFP. The MFP provides two printing methods: (1) printing data simultaneously with authentication and (2) selecting and printing data in the PKI Encrypted Document User Box after authentication.
  • Page 27 How to Use the Authentication Unit Detail If necessary, this function also prints data in the ID & Print User Box. For details on ID & Print, refer to the User's Guide [Printer Operations] supplied together with the MFP. <Selecting and printing data in the PKI Encrypted Document User Box > Press [Access], and insert the card into the authentication unit CAC/PIV...
  • Page 28 How to Use the Authentication Unit Scan To Me Note To use this function, ask your service engineer to configure appropiate settings. For details, contact your service representative. 5.7.1 Overview Scan To Me is a function where, after the CAC/PIV user has successfully authenticated, via the MFP, to the network, the users own email address is automaticvally populated in the ‘To’...
  • Page 29 How to Use the Authentication Unit Active Directory CAC/PIV Card CAC/PIV Card E-mail Send to the user’s address (1) Insert the card into the MFP to perform Active Directory CAC/PIV authentication. (2) Obtain the user's e-mail address. (3) Send the e-mail to the user's e-mail address. If necessary, the user can use the card to encrypt an e-mail or add a digital signature.
  • Page 30 How to Use the Authentication Unit 5.7.2 Before Using Scan To Me Restrictions Enabling Scan To Me provides a higher level of security by applying the following restrictions. - The user cannot directly enter the address using e-mail TX, FTP TX, SMB TX, WebDAV TX, or Save in User Box.
  • Page 31 How to Use the Authentication Unit 5.7.4 Performing Scan To Me The following explains how to perform Scan To Me on the MFP. Detail If the correct settings are configured to use Scan To Me, [E-Mail] appears on the Fax/Scan screen to send data to the user's e-mail address. Press the [Fax/Scan] key on the control panel.
  • Page 32 How to Use the Authentication Unit Note For details on scan conditions, refer to the User's Guide [Network Scan/ Fax/Network Fax Operations] supplied together with the MFP. AU-211P...

  • Page 33: Scan To Home

    How to Use the Authentication Unit Scan To Home Note To use this function, ask your service engineer to configure settings. For details, contact your service representative. 5.8.1 Overview The Scan To Home function is similar to Scan to Me in that the Home folder information (UNC) is obtained automatically from Active Directory and automatically populated in the MFP after the user has successfully authenticated to the network via the MFP.
  • Page 34 How to Use the Authentication Unit Note This function is not available when you log in to the MFP as a public user or as a User Box administrator. 5.8.2 Before Using Scan To Home Restrictions Enabling Scan To Home provides the following restrictions to ensure higher level security.
  • Page 35 How to Use the Authentication Unit 5.8.3 Scan to Home Related Settings The following explains the settings required to use the Scan To Home function. Obtaining the Home folder position Configure the setting to enable the user to obtain the position of the user's Home folder from Active Directory.
  • Page 36 How to Use the Authentication Unit Press [OK]. Specify scan conditions in [Scan Settings], [Original Settings], and [Communication Settings]. Load the original and press the [Start] key on the control panel. This scans the original and sends data to the user's Home folder. Note For details on scan conditions, refer to the User's Guide [Network Scan/ Fax/Network Fax Operations] supplied together with the MFP.

  • Page 37: Added Or Changed Setting Information

    Added or Changed Setting Information Added or Changed Setting Information The MFP that supports this system provides some settings added or changed from an ordinary MFP model. This chapter shows a list of the added or changed setting items for each category. Note For the settings of an ordinary MFP model, refer to the User's Guide supplied together with the MFP.

  • Page 38: Administrator Settings

    Added or Changed Setting Information Administrator Settings 6.2.1 System Settings User Box Settings Item Description PKI Encrypted Document Allows the user to specify the time required to delete a Delete Time Setting PKI encrypted document. For details, refer to "Specifying the Print Data Deletion Time"...

  • Page 39: Network Settings

    Added or Changed Setting Information 6.2.3 Network Settings TCP/IP Settings Item Description IPv4 Settings This item has been renamed from "IP Settings". For details, refer to "IPv4 Settings" (page 10). IPv6 Settings "DHCPv6 Setting" has been added. For details, refer to "IPv6 Settings"...

  • Page 40: System Connection

    Added or Changed Setting Information E-Mail Settings Item Description S/MIME Communication "Digital Signature Type" has been added. For details, Settings refer to "S/MIME Communication Settings" (page 34). Web Service Settings Item Description Web Service Common "Publication Service" has been added. Settings Publication Service, which is one of the Web service functions, detects a connection destination using the...
  • Page 41 Added or Changed Setting Information 6.2.6 License Settings Description Not displayed on the MFP that supports this system. AU-211P...
  • Page 42 Added or Changed Setting Information Registering a Device Certificate The user can register the MFP certificate (device certificate) using PageScope Web Connection. The method for registering a device certificate on an MFP with PKI card authentication is different from an ordinary MFP model.
  • Page 43 Added or Changed Setting Information In the PageScope Web Connection administrator mode, select the Security tab, and then "PKI Settings" - "Device Certificate Setting". Item Description [New Registration] Register a new device certificate. Default Specify a default device certificate for all protocols. Specify a default device certificate when not using protocol specific device certificates.
  • Page 44 Added or Changed Setting Information 6.3.2 Create and install a self-signed Certificate In the PageScope Web Connection administrator mode, select the Security tab, and then "PKI Settings" - "Device Certificate Setting" - [New Registration] - "Create and install a self-signed Certificate". Item Description Common Name...

  • Page 45: Request A Certificate

    Added or Changed Setting Information Item Description Validity Start Date Displays the validity period starting date. This item displays the date and time of the MFP when this screen appears. Validity Period Enter the certificate's the validity period (in days). Encryption Key Type Select the type of encryption key.
  • Page 46 Added or Changed Setting Information Item Description State/Province Enter the state or province name (up to 127 characters). Country Enter the country name with the country code defined in ISO03166 (2 characters). United States: US, Great Britain: GB, Italy: IT, Australia: AU, The Netherlands: NL, Canada: CA, Spain: ES, Czech Republic: CZ, China: CN, Denmark: DK, Germany: DE, Japan: JP, France: FR, Belgium: BE,...
  • Page 47 Added or Changed Setting Information 6.3.4 Install a Certificate In the PageScope Web Connection administrator mode, select the Security tab, and then- "PKI Settings" - "Device Certificate Setting" - [Setting] - "Install a Certificate". Ask the CA to issue a certificate, and install the certificate sent from the CA in the MFP.
  • Page 48 Added or Changed Setting Information 6.3.5 SSL Setting In the PageScope Web Connection administrator mode, select the Security tab, and then "PKI Settings" - "SSL Setting". Item Description Mode using SSL/TLS Select the PageScope Web Connection mode to apply SSL. Select "None"...
  • Page 49 Added or Changed Setting Information Using Device Certificates per Protocol The MFP that supports this system enables you to use different device certificates per protocol. Configure settings according to fit your environment. On the MFP, you can specify the device certificate to be used for each of the following protocols.
  • Page 50 Added or Changed Setting Information Protocol1 Protocol2 Description Web Service When the MFP acts as a Web service server: • This protocol is used to encrypt communications from Windows Vista to the MFP when Windows Vista accesses the MFP over HTTPS. S/MIME This protocol is used to attach a device certificate when sending an S/MIME e-mail.
  • Page 51 Added or Changed Setting Information Item Description [Create] Select the protocol and click [Create]. The device certificate registration page appears, and you can specify the target device certificate. If the device certificate is already registered, [Edit] appears. If [Edit] is clicked, the target device certificate details can be viewed or modified.

  • Page 52: Product Specifications

    Appendix Appendix Product Specifications Product name Authentication unit (PKI-IC card type) AU-211P Dimensions 70 mm (L) × 70 mm (W) × 10 mm (H) Weight 60 g Power supply USB bus power Range of 0 to 50°C operatingtemperature Interface Full speed USB (12 Mbps) Connector shape USB A type connector Compatible card...

  • Page 53: Troubleshooting

    Appendix Troubleshooting If an error occurs during running, refer to the following. Status Point to be checked Action Failed to Did you enter the correct PIN Check the PIN code, and enter the login. code? correct one. Cannot login. Is the PKI card locked? If the number of authentication failures reaches a specific limit, the PKI card will be locked to prevent...

This manual is also suitable for:

Bizhub 421Bizhub 501Bizhub 601Bizhub 751Au-211p

Table of Contents