Contents Introduction What is Authentication Manager? ............ 1-1 General setup operation..............1-2 1.2.1 Server settings ................1-2 1.2.2 Setting up the device ..............1-2 Basic operations Logging on to Enterprise Suite ............2-1 Basic operations ................2-2 2.2.1 Top Menu page ................2-2 2.2.2 Pages for the functions ..............
Page 3
3.1.15 Importing from an external server ..........3-23 Selecting an external server ............3-23 Specifying user search conditions and acquired information ..3-24 Selecting a user ................3-26 3.1.16 Checking the import result ............3-28 3.1.17 Deleting a user according to the external server ......3-29 Selecting an external server ............
Page 4
Specifying a function permission template ........3-58 3.5.1 Registering and editing function permission templates ....3-59 Registering templates..............3-59 Editing templates................3-61 3.5.2 Deleting function permission templates ........3-62 Specifying a function permission ........... 3-63 3.6.1 Setting by User ................3-63 Setting by User page..............
Page 5
3.10 Specifying an external server ............3-94 3.10.1 Registering a new server .............. 3-95 3.10.2 Editing a server ................3-102 3.10.3 Deleting a server ................. 3-102 3.11 Managing a specific device............3-103 3.11.1 Editing device settings ............... 3-104 3.11.2 Function Permission Setting for Public User ......3-110 3.11.3 SSFC Authentication Settings ............
Page 6
3.14.2 Deleting an IC card information template ........3-132 3.15 Biometric information..............3-133 3.15.1 Displaying a user list ..............3-134 3.15.2 Changing the biometric unit No..........3-135 3.15.3 Deleting biometric information ........... 3-135 3.16 Bio Auth Setting ................3-136 3.16.1 Biometric information self-registration setting ......
Page 7
3.25 Operation for authentication............3-153 3.25.1 Internal authentication and external authentication ....3-153 3.25.2 Handling a user for authentication ..........3-153 Handling regardless of internal authentication or external authentication................3-153 Handling regardless of the external server to perform authentication in the external authentication.... 3-154 3.25.3 Account track authentication .............
Page 8
4.11 Performing counter management by job or work besides user................4-11 Troubleshooting Problems on Device Management ........... 5-1 Problems on User Import ..............5-2 Problems on Authentication ............. 5-3 Authentication Manager...
About this product Authentication Manager is a utility for centrally managing devices, such as multifunctional peripherals, on the network. When used in a Web browser, Authentication Manager can manage accounts, users and external servers used by the network devices, total copies and prints, and apply specified function limitations.
Page 10
Manager KONICA MINOLTA PageScope Authentication Man- Authentication Manager ager KONICA MINOLTA PageScope Account Manager Account Manager KONICA MINOLTA Registration Tool for User Au- Registration Tool for User Authen- thentication tication KONICA MINOLTA Gateway for Biometric Authenti- Gateway for Biometric Authenti-...
Trademarks and registered trademarks Trademark acknowledgements KONICA MINOLTA and KONICA MINOLTA logo are registered trademarks or trademarks of KONICA MINOLTA HOLDINGS, INC. PageScope is a registered trademark or trademark of KONICA MINOLTA BUSINESS TECHNOLOGIES, INC. Microsoft, Active Directory, Excel, SQL Server and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Introduction Introduction What is Authentication Manager? Accounts, users and external servers used by the network devices can be managed, and copies and printouts can be totaled. In addition, permissions can be applied to the functions available to users by registering function permission templates and configuring settings.
Introduction General setup operation In order to use Authentication Manager, configure settings in the following order. 1.2.1 Server settings Log on to Enterprise Suite as a system administrator, and then specify settings for the following. The following settings are necessary to enable Authentication Manager.
Basic operations Basic operations This chapter provides details on logging on to Enterprise Suite. Logging on to Enterprise Suite For details on logging on to the Enterprise Suite server, refer to the "Device Manager User's Guide". Authentication Manager...
Basic operations Basic operations The basic operation of Authentication Manager is described below. 2.2.1 Top Menu page Function Description Device List Register and manage devices. For details, refer to the "De- vice Manager User's Guide". Authentication Manager Manage accounts, users, and external servers used by the network devices, and add up values on copies and print- outs.
Basic operations 2.2.2 Pages for the functions Function Description Login user name Displays the name of the user who has logged in. Logout Click this button to log off of Enterprise Suite server and display the Login page. Go to Top Menu Click this button to display the top page of Enterprise Suite.
Page 17
Basic operations Function Description Click this button to display the page for the item one level higher in the menu. Note The "Back" button of the Web browser cannot be used. Click this button to update the information on the current page.
Authentication Manager Authentication Manager User List 3.1.1 Available operations in the User List page From the User List page, settings can be specified with the following. Function Details [Register User] button Click this button to register a new user. [Edit User] button Click this button to edit the information for a registered us- [Delete User] button Click this button to delete a registered user.
Authentication Manager 3.1.2 Viewing the user list The list of registered users can be viewed. From the [User Group] drop-down list, select the user group to be displayed. – To display all users, select "All Users". – If master and subordinate relationships are specified in the group, select the [All subgroups] check box of [Display Details] to display all users, including those in subordinate groups.
Authentication Manager Function Description The user is deleted via an external server. User Name Displays the user name. User Group Name Displays the name of the group to belong to. Description Displays the description of the user. External Server Name Displays the name of the registered external server.
Authentication Manager - External Server Name - Account Name - E-mail Address - Home - Maximum Number of Box - Apply Level - Biometric Unit No. Reminder - The user name must be displayed. - "Biometric Unit No." is displayed when the license for Gateway for Biometric Authentication Manager is registered.
Page 22
Authentication Manager Function Details External Server Name If user authentication is performed by using an external server, select the appropriate external server from the drop-down list. Password Specify the password necessary for logging on to Enter- prise Suite and the device. For confirmation, type in the password again.
Page 23
Authentication Manager Note - The external server name must first be specified. For details, refer to "Specifying an external server" on page 3-94. - Special single-byte characters (for example, single-byte katakana characters) are treated as double-byte characters. - We do not recommend that names (such as Public, BoxAdmin or Admin), which can be used by devices, be registered as Authentication Manager users.
Authentication Manager 3.1.5 Editing user information The information for registered users can be viewed and edited. Specify the settings for the user information to be edited, and then click the [Apply] button. – To clear the entered information, click the [Clear] button. –...
Authentication Manager Function Details Home Specify the address of the SMB server that is normally used by the user. Max. No. of Use Boxes Specify the maximum number of use boxes that can be created by the user. • To manage the upper limit on the number of boxes, se- lect [ON] from the drop-down list, and then type in the upper limit (0 to 3000) in the text box.
Authentication Manager Check the message that appears, and then click the [OK] button to delete the template. The user is deleted. 3.1.8 Importing data Click this button to import user information. Data can be imported using one of the following options. Function Details Import from file...
Authentication Manager 3.1.9 Importing from a file Select this option to import user information or user group data already saved in a file and register user information. Specify settings for the following parameters when importing. Note - To save data, set the file format to the readable one with Enterprise Suite.
Authentication Manager Note Specifying incorrect information in "Password" may import incorrect information. Reminder Clicking the [Start Import] button displays a confirmation message. If a deletion file has been imported, the corresponding users are deleted. Because deleted users cannot be restored, check the contents to be deleted carefully and click the [OK] button.
Page 29
Authentication Manager Reminder The following shows the file formats that are available for importing data. - Excel 97 to Excel 2003 book formats (.xls) - Excel book format (Office Excel 2007 or later) (.xlsx) - XML spreadsheet format (XML format importable with Excel) (.xml) - Text (tab-delimited) format (.txt) - CSV (comma-delimited) format (.csv) - Binary format (system file) (.bin)
Page 30
Authentication Manager Function Details quir ##DispName Enter item titles to be displayed in a page. Type in "## Dis- pName", "User Group Name", "User Name", "Description", "External Server Name", "Password", "Synchronize or not when Account Name is being authenticated", "Account Name", "E-mail Address", "Home", "Maximum Number of Box", "Apply Levels to Destinations", "Card Type 1", "Card ID 1", "Card Type 2", "Card ID 2", "Card Type 3", "Card ID...
Page 31
Authentication Manager Function Details quir Synchronize or not Type in "1" to synchronize the user and account when when Account managing the account. Type in "0" when you do not syn- Name is being au- chronize them. thenticated Account Name Type in the account name to synchronize with the user.
Authentication Manager 3.1.11 Creating a deletion file A user deletion file can be created in a spreadsheet application. Open the data in a spreadsheet application. Create data, and then save it as a new file. – To save data, set the file format to the readable one with Enterprise Suite.
Authentication Manager 3.1.12 Checking the import result The results of the import operation can be viewed. Check the details, and then click the [OK] button. <Import Result [User]> Function Details Result Displays whether the registration operation was success- fully completed from importing. The result is indicated as follows.
Page 34
Authentication Manager Function Details Account Name Displays the account track information of the user. If you do not synchronize the user and account when managing the account, "Do Not Synchronize" is displayed. When you synchronize them, the account name is displayed if the name of the account that the user belongs to is specified.
Authentication Manager <Import Result [Delete User]> Function Details Result Displays the deletion result. "Deletion has completed.": Ap- pears when the deletion was normally completed. "Error": Appears when the entered data is inappropriate and cannot be deleted. User Name Displays the user name. 3.1.13 Importing from a device Select this option to import user information from a specified device.
Page 36
Authentication Manager Click the [Display] button. A list of devices registered in the selected group appears. Select a device to be imported, and then click the [Execute] button. Try to connect to the device. If the connection is established successfully, the Select User page appears. Reminder If the connection fails, check the following again.
Authentication Manager Selecting a user to be imported A list of user information registered in the specified devices appears. Select the user to be imported to start importing. Specify settings for the following parameters when importing. Function Details Search Condition Specify the condition to narrow down users to be displayed in the list.
Authentication Manager Reminder - To select all users in the list, click the [Select All] button. - For details on the result page, refer to "Checking the import result" on page 3-21. 3.1.14 Checking the import result The results of the import operation can be viewed. Check the details, and then click the [OK] button.
Page 39
Authentication Manager Function Details Password Displays the password. The password is indicated using eight * (asterisks). Account Name Displays the account track information of the user. If you do not synchronize the user and account when managing the account, "Do Not Synchronize" is displayed. When you synchronize them, the account name is displayed if the name of the account that the user belongs to is specified.
Authentication Manager 3.1.15 Importing from an external server Selecting an external server Select an external server, and then click the [Next] button. Note User information cannot be imported from NTLM or the Novell NDS server. The following items are displayed in the external server list. Function Details External Server Name...
Authentication Manager Specifying user search conditions and acquired information Specify settings for the following parameters when importing. Available settings vary depending on the type of external server selected. Function Details Search base Displays the search base specified for "External Server Settings".
Page 42
Authentication Manager Function Details Distinguished Name Type in the attribute to obtain the distinguished name of the user from the external server. Reminder The value typed in for "Distinguished Name" is used for obtaining the default value for the user group when importing.
Authentication Manager Selecting a user The user to be imported can be selected. Specify settings for the following parameter when selecting. Function Details Operation for Already Existing Us- If the imported user name already exists, specify whether or not to overwrite the data in "Description", "E-mail Ad- dress"...
Page 44
Authentication Manager Click the [Apply] button. The result of the import operation appears. Reminder - To select all users in the list, click the [Select All] button. Reminder <When "Do not import." is selected in Organization Unit (OU)> - When "Distinguished Name" is typed in for "Specifying user search conditions and acquired information"...
Authentication Manager 3.1.16 Checking the import result The results of the import operation can be viewed. Check the details, and then click the [OK] button. <Import Result [User]> Function Details Result Displays whether the registration operation was success- fully completed from importing. User Name Displays the user name.
Authentication Manager 3.1.17 Deleting a user according to the external server Select this option to check for users deleted from the external server, and delete the relevant user information from the user list. Users cannot be deleted from NTLM or the Novell NDS server according to the external server.
Authentication Manager Check the message that appears, and then click the [OK] button to delete the template. Reminder To select all users in the list, click the [Select All] button. 3.1.18 Exporting data The user information and user group information can be exported to a file. Information can also be registered by temporarily saving the registered information or adding user information in the correct format, then importing Specify settings for the following parameters when exporting.
Page 48
Authentication Manager – To clear the entered information, click the [Clear] button. Click the [Start Export] button. In the File Download dialog box, click the [Save] button. Specify the location where the file is to be saved, and then click the [Save] button.
Authentication Manager 3.1.19 Editing an exported file Editing an exported file The exported file can be edited and saved in a spreadsheet application. Reminder To edit and save an XML file in a spreadsheet application, specify the file type to "XML Spreadsheet", and then save it. For the procedure to edit a tab-delimited text file (.txt) or a comma- delimited CSV file (.csv) in a spreadsheet application, see "Editing a text or CSV file".
Page 50
Authentication Manager Specify a data format of the column after data is delimited, and then click the [Finish] button. – Click on the column displayed on the previewed data, and then change the data format of the column to "Character String". –...
Authentication Manager User Counter The counter totals for each user can be displayed. Reminder When logged on as a group manager, only information for users registered in the managed groups can be totaled. For details on group manager settings, refer to "Specifying a group manager" on page 3-145. 3.2.1 Displaying the device list From the [Device Group] drop-down list, select the device group to be...
Authentication Manager 3.2.2 Selecting a specific device Select the device whose data is to be totaled, and then click the [Go to the User Counter Result dialog.] button. 3.2.3 Displaying counter totals Click this button to display the counter totals. Settings for the following parameters can be specified.
Authentication Manager Click the [Counter Display] button. – A list of counter totals appears for the users registered in the selected group. Reminder For details on the items that can be displayed in the counter totals, refer to "Specifying display settings for the counter list" on page 3-36. 3.2.4 Specifying display settings for the counter list Select the items to be displayed in the counter totals.
Page 54
Authentication Manager Select the check box for the items to be displayed in the counter totals, and then click the [Apply] button. – To clear the selected information, click the [Clear] button. Authentication Manager 3-37...
Authentication Manager Account Track List 3.3.1 Available operations in the Account Track List page From the Account Track List page, settings can be specified with the following. Function Details Search Condition Specify the condition to narrow down account tracks to be displayed in the list.
Authentication Manager 3.3.2 Displaying the account track list The list of registered account tracks can be viewed. From the [Account Group] drop-down list, select the account group to be displayed. – To display all account tracks, select "All Accounts". – If master/subordinate relationships are specified in the group, select the [All subgroups] check box in [Display Details] to display all account tracks, including those in subordinate groups.
Authentication Manager 3.3.3 Registering a new account A new account can be registered. The following information is required for registration. Function Details Account Group Name Select the account group to belong to. Account Name Type in an account name. Description Type in a description of the account.
Authentication Manager 3.3.5 Deleting an account The selected account track information can be deleted. In the Account Track List page, select an account track to be deleted, and then click the [Delete] button. Check the message that appears, and then click the [OK] button to delete the template.
Page 59
Authentication Manager Reminder The following shows the file formats that are available for importing data. - Excel 97 to Excel 2003 book formats (.xls) - Excel book format (Office Excel 2007 or later) (.xlsx) - XML spreadsheet format (XML format importable with Excel) (.xml) - Text (tab-delimited) format (.txt) - CSV (comma-delimited) format (.csv) - Binary format (system file) (.bin)
Authentication Manager Note - Specifying incorrect information in "Password" may import incorrect information. - Clicking the [Start Import] button displays a confirmation message. - When a deletion file has been imported, the corresponding account tracks are deleted. Because deleted users cannot be restored, check the contents to be deleted carefully and click the [OK] button.
Page 61
Authentication Manager Reminder The following shows the file formats that are available for importing data. - Excel 97 to Excel 2003 book formats (.xls) - Excel book format (Office Excel 2007 or later) (.xlsx) - XML spreadsheet format (XML format importable with Excel) (.xml) - Text (tab-delimited) format (.txt) - CSV (comma-delimited) format (.csv) - Binary format (system file) (.bin)
Page 62
Authentication Manager Function Details quir ##TableName Indicates the account track data. Type in "##TableName" and "AccountTrackList" to the right of the first column of the first row. ##DispName Enter item titles to be displayed in a page. Type in "##Dis- pName", "Account Group Name", "Account Name", "De- scription", and "Password"...
Page 63
Authentication Manager Function Details quir Password Type in the password for the account. Note All passwords for the file exported using the [Export] button will be shown by "+" (single- byte). To change the password, delete "+", and then type in a new password. If you do not change the password, "+"...
Authentication Manager 3.3.9 Creating a deletion file A file to delete account tracks can be created in a spreadsheet application. Open the data in a spreadsheet application. Create data, and then save it as a new file. – To save data, set the file format to the readable one with Enterprise Suite.
Authentication Manager 3.3.10 Checking the import result The results of the import operation can be viewed. Check the details, and then click the [OK] button. <Import Result [Account Track]> Function Details Result Displays whether the registration operation was success- fully completed from importing. The result is indicated as follows.
Page 66
Authentication Manager <Import Result [Account Group]> Function Details Result Displays whether the registration operation was success- fully completed from importing. The result is shown as follows. • "Registration Completed": Appears when a new regis- tration was normally completed. • "Update": Appears when "Overwrite" is specified for "Operation for Already Existing Account Tracks"...
Authentication Manager <Import Result [Delete Account Track]> Function Details Result Displays the deletion result. "Deletion has completed.": Appears when the deletion was normally completed. "Error": Appears when the entered data is inappropriate and cannot be deleted. Account Name Displays the account name. 3.3.11 Importing from a device Account track information can be imported from a specified device.
Page 68
Authentication Manager Click the [Display] button. A list of devices registered in the selected group appears. Select the import method, and then click the [Execute] button. Try to connect to the device. If the connection is established successfully, the Select Account Track page appears. Reminder If the connection fails, check the following again.
Authentication Manager Selecting the account to be imported A list of account track information registered in the specified devices appears. Select the account track to be imported to start importing. Specify settings for the following parameters when importing. Function Details Operation for Already Existing Ac- If the imported account name already exists, specify count Tracks...
Authentication Manager Reminder To select all accounts in the list, click the [Select All] button. For details on the result page, refer to "Checking the import result" on page 3-53. 3.3.12 Checking the import result The results of the import operation can be viewed. Check the details, and then click the [OK] button.
Authentication Manager Function Details Password Displays the password. The password is indicated using eight * (asterisks). 3.3.13 Exporting data The information for account tracks and account groups can be exported to a file. Information can also be registered by temporarily saving the registered information or adding account track information in the correct format, then importing it.
Page 72
Authentication Manager – To clear the entered information, click the [Clear] button. Click the [Start Export] button. In the File Download dialog box, click the [Save] button. Specify the location where the file is to be saved, and then click the [Save] button.
Authentication Manager Account Track Counter The counter totals for each account can be displayed. Reminder For details on the items that can be displayed in the counter totals, refer to "Specifying display settings for the counter list" on page 3-36. 3.4.1 Displaying counter totals In order to display the counter totals, the following parameters can be...
Page 74
Authentication Manager – To narrow account tracks to be displayed in the list, specify the search condition. Type in the text to be searched for in the text box. Click the [Counter Display] button. A counter totals list of account tracks registered in the selected group appears.
Authentication Manager Specifying a function permission template By using function permission templates, the functions available to users can be permitted. The procedures for registering, editing and deleting function permission templates are described below. For details on assigning function permission templates, refer to "Specifying a function permission" on page 3-63.
Authentication Manager Settings for function permission templates can be specified with the following. Function Details [Register Template] button Click this button to register a function permission template. [Edit Template] button Click this button to edit the information for a registered function permission template.
Page 77
Authentication Manager Specify the necessary settings, and then click the [Apply] button. – To clear the entered information, click the [Clear] button. Reminder The configuration you set for Web Browser, Print from Bluetooth or USB to User Box will only be applied if the device you are using supports these features.
Authentication Manager Editing templates The information for registered function permission templates can be viewed and edited. Specify the settings for the template information to be edited, and then click the [Apply] button. – To clear the entered information, click the [Clear] button. Reminder - For details on the settings, refer to "Registering templates"...
Authentication Manager 3.5.2 Deleting function permission templates A function permission template can be deleted. In the Function Permission Template List page, select the template to be deleted, and then click the [Delete Template] button. Check the message that appears, and then click the [OK] button to delete the template.
Authentication Manager Specifying a function permission The procedure for assigning function permission templates is described below. 3.6.1 Setting by User Setting by User page Assign a function permission template to a user or user group. Select a function permission template to be assigned from the [Template] drop-down list.
Page 81
Authentication Manager Reminder If a different template is assigned to a user group and a user who belongs to that group, that user can only use the functions permitted for both templates. Reminder Clicking the "Availability" icon displays the Setting by User (by Device) page for the relevant user group or user.
Page 82
Authentication Manager Function Details Select (check box) Select the check box of the user or user group to be as- signed the function permission template. Availability Displays the status for assigning a function permission template. If one is assigned, an icon appears. User Group Name/User Name Displays the name of the user group or user.
Authentication Manager Function Details (Print Scan/Fax TX) Allow Color/Black (Print Scan/Fax TX) Allow Black Only Save to External Memory (Manual Destination Input) Allow all entries (Manual Destination Input) Allow entries only for Fax/SIP Fax. Web Browser Print from Bluetooth USB to User Box Setting by User (by Device) page Assign a function permission template to the device used by the selected user or user group.
Page 84
Authentication Manager Reminder When logged on as a group manager, only templates registered by the user who is logged on can be selected. For details on group manager settings, refer to "Specifying a group manager" on page 3-145. Function Details Select (check box) Select the check box for the device to assign a function permission template to.
Page 85
Authentication Manager Function Details (Copy) Allow Color/Black (Copy) Allow Black Only (Print) Allow Color/Black (Print) Allow Black Only (Fax) Allow Color/Black (Fax) Allow Black Only (Scan) Allow Color/Black (Scan) Allow Black Only User Box (Print Scan/Fax TX) Allow Color/Black (Print Scan/Fax TX) Allow Black Only Save to External Memory (Manual Destination Input) Allow all entries (Manual Destination Input) Allow entries only for Fax/SIP...
Authentication Manager Reminder "Status of Restriction" displays the status that is currently applied to the device. This is not a status that is selected in "Template" on the page. 3.6.2 Setting by Account Track Setting by Account Track page Assign a function permission template to an account track or account group. Select a function permission template to be assigned from the [Template] drop-down list.
Page 87
Authentication Manager Reminder If a different template is assigned to an account group and an account track which belongs to that group, that account track can only use functions permitted for both templates. Reminder Clicking the "Availability" icon displays the Setting by Account Track (by Device) page for the relevant account group or account track.
Page 88
Authentication Manager Function Details Select (check box) Select the check box of the account track or account group to assign a function permission template to. Availability Displays whether a function permission template is as- signed. If one is assigned, an icon appears. Account Group Name/Account Displays the account group name or account track name.
Authentication Manager Function Details (Print Scan/Fax TX) Allow Color/Black (Print Scan/Fax TX) Allow Black Only Save to External Memory (Manual Destination Input) Allow all entries (Manual Destination Input) Allow entries only for Fax/SIP Fax. Web Browser Print from Bluetooth USB to User Box Setting by Account Track (by Device) page Assign a function permission template to the device used by an account track or account group.
Page 90
Authentication Manager Reminder If the device is using Enterprise Suite Terminal, you cannot use a function permission template that is assigned to an account track or account group. Reminder "Status of Restriction" displays the status that is currently applied to the device.
Page 91
Authentication Manager Function Details Status of Restriction (Icon) Displays the state of applied function permission. Allow: Icon indicated Restrict: Icon not indicated Permit/prohibit is indicated by the Icon in the following or- der. Reminder For "Manual Destination Input" the icon for "Al- low all entries"...
Authentication Manager Function Details Print from Bluetooth USB to User Box 3.6.3 Function permission operations If the account track management is enabled in the device, you can select the function permission setting to be given priority to when assigning a function permission to a user.
Authentication Manager Setting by Ac- Setting by Ac- Setting by User Setting by User Function per- count Track (by count Track (by Device) mission tem- Device) plate Setting by Ac- count Track (by Device) ON/OFF ON/OFF Setting by User ON/OFF ON/OFF Setting by User (by Device)
Authentication Manager Specifying a user group Groups of registered users can be created. Master/subordinate relationships can be created in the group according to the configuration. Settings for the following parameters can be specified. Function Details [Register Group] button Click this button to register user groups. [Edit Group] button Click this button to edit a registered group.
Page 95
Authentication Manager Function Details Change Parent Group To create master/subordinate relationships in the group, select the parent group. If master/subordinate relationships are not to be created, select "(Root)". To register a new group, click the [Register Group] button. – To edit a group, select the group, and then click the [Edit Group] button.
Authentication Manager Specifying display settings for the group list The items to be displayed or hidden in the group list can be selected. Settings can be specified for the following parameters. - User Group Name - Description - Number of Users Reminder The user group name must be displayed.
Authentication Manager Account Group Settings A group of the registered accounts can be created. The master/subordinate relationships can be created in a group according to organizations. Settings for the following parameters can be specified. Function Details Register Group Click this button to register account groups. Edit Group Click this button to edit a registered group.
Page 98
Authentication Manager To register a new group, click the [Register Group] button. – To edit a group, select the group, and then click the [Edit Group] button. Configure the necessary settings, and then click the [Apply] button. – To clear the entered information, click the [Clear] button. –...
Authentication Manager Specifying display settings for the group list The items to be displayed or hidden in the group list can be selected. Settings can be specified for the following parameters. - Account Group Name - Description - Number of Accounts Reminder The account group name must be displayed.
Authentication Manager Specifying a template User/account track/external server templates can be registered and assigned to a device. Assigning a template displays the list on the device panel, reducing troublesome tasks when logging on to the device. The procedures for registering, editing and deleting the templates are described below.
Authentication Manager 3.9.1 Registering and editing user templates When registering and editing user templates, settings for the following parameters can be specified. Function Details [Register Template] button Click this button to register a user template. [Edit Template] button Click this button to edit a registered user template. [Delete Template] button Click this button to delete a user template.
Authentication Manager – To clear the entered information, click the [Clear] button. Editing user templates The information of the registered user templates can be edited. Settings for the following parameters can be specified. Function Details User Template Name Type in a user template name. Description Type in a description for the user template.
Page 103
Authentication Manager – To clear the entered information, click the [Clear] button. Authentication Manager 3-86...
Authentication Manager 3.9.2 Deleting user templates Click this button to delete a user template. In the User Template List page, select the template to be deleted, and then click the [Delete Template] button. Check the message that appears, and then click the [OK] button to delete the template.
Authentication Manager Registering account track templates A new account track template can be registered. Settings for the following parameters can be specified. Function Details Account Track Template Name Type in the name of the account track template. Description Type in the description of the account track template. Originator Displays the name of the user who is creating the account track template.
Authentication Manager Editing account track templates The information of the registered account track templates can be edited. Settings for the following parameters can be specified. Function Details Account Track Template Name Type in the name of the account track template. Description Type in the description of the account track template.
Authentication Manager 3.9.4 Deleting account track templates An account track template can be deleted. In the Account Track Template List page, select the template to be deleted, and then click the [Delete Template] button. Check the message that appears, and then click the [OK] button to delete the template.
Authentication Manager Registering external server templates Click this button to register a new external server template. Settings for the following parameters can be specified. Function Details External Server Template Name Type in an external server template name. Description Type in a description for the external server template. Originator Displays the name of the user who is creating the external server template.
Authentication Manager Editing external server templates The information registered with an external server template can be edited. Settings for the following parameters can be specified. Function Details External Server Template Name Type in an external server template name. Description Type in a description for the external server template. Originator Displays the name of the user who is creating the external server template.
Authentication Manager 3.9.6 Deleting external server templates An external server template can be deleted. In the External Server Template List page, select the template to be deleted, and then click the [Delete Template] button. Check the message that appears, and then click the [OK] button to delete the template.
Authentication Manager 3.10 Specifying an external server If an external server is used for user authentication, specify the server that will perform the authentication. The registered external servers appear in the external server list. Reminder These settings can be specified by the system administrator or the administrator.
Authentication Manager Function Details Domain Name Displays the domain name of the external server. It is displayed when "Microsoft Active Directory" or "NTLM" is selected for "Server Type". Default NDS Tree Name Displays the name of the NDS tree. It is displayed when "Novell NDS" is selected for "Server Type".
Page 113
Authentication Manager - Automatically synchronizing external server and user information Note - Supported search-related functions are only Microsoft Active Directory and LDAP. - The "User automatic registration" settings are different from the search base settings of "User search condition". If authentication succeeds, users are automatically registered even when they are outside the range specified in Search Base.
Page 114
Authentication Manager – To clear the entered information, click the [Clear] button. <Active Directory Detail Settings> If the "Microsoft Active Directory" is selected for [Server Type], register the following information. Function Details Domain Name Type in the domain name of the external server. Authentication Manager 3-97...
Page 115
Authentication Manager <LDAP Detail Settings> If the "LDAP" is selected for [Server Type], register the following information. Function Details Server Address Type in the address of the external server. Authentication Type Select the authentication type of the external server. realm value Type a realm value required for Digest-MD5.
Page 116
Authentication Manager Function Details Port Number (SSL) Specify the port number to be used for connecting to the external server (SSL/TLS connection). Use Authentication Search Base Specify whether to use authentication search base and dis- and Discovery Attribute for au- covery attribute for authentication account.
Page 117
Authentication Manager <NTLM Detail Settings> If the "NTLM" is selected for [Server Type], register the following information. Function Details Domain Name Type in the domain name of the external server. <Novell NDS Detail Settings> If the "Novell NDS" is selected for [Server Type], register the following information.
Page 118
Authentication Manager <User search conditions> Function Details Account Type in the name of the user connecting to the external server. Password Type in the password of the user connecting to the external server. Search base Type in the search base of the external server. Scope Select a range within which search is performed on the ex- ternal server.
Authentication Manager 3.10.2 Editing a server The information for registered servers can be viewed and edited. Specify the settings for the server information to be edited, and then click the [Apply] button. – To clear the entered information, click the [Clear] button. Reminder For details on the settings, refer to "Registering a new server"...
Authentication Manager 3.11 Managing a specific device Configure settings to manage the device using Authentication Manager. Function Details The number of licenses Displays the number of licenses that can use Authentica- tion Manager. The number of unused licenses Displays the number of unused licenses that can use Au- thentication Manager.
Authentication Manager Reminder - These settings can be specified by the system administrator or the administrator. For details on the administrator settings, refer to "Specifying an administrator" on page 3-142. - Authentication Manager is a non-free application. You need to purchase a license and register it on Enterprise Suite before using.
Page 122
Authentication Manager Function Details Function Permission Setting for When you click on [Change Setting], the Function Permis- Public User sion Setting for Public User screen appears. This screen al- lows you to configure the functional restrictions for Public User. For details, refer to "Function Permission Setting for Public User"...
Page 123
Authentication Manager Function Details Timeout Type in the connection timeout for communicating with the device. Timeout (Secondary) Specify the communication timeout period with the device when the secondary server is used. Automatic BOX deletion setting Select the method for deleting boxes registered on a device when a user is deleted.
Page 124
Authentication Manager Note When editing multiple devices that do not support "ON (Without Login)", you can select "ON (Without Login)" for public users and "Change Setting" for function permission setting for public users. However, because the device does not support this setting, public users are required to log in.
Page 125
Authentication Manager From the device list, select the check box of the device whose setting is to be edited. Click the [Edit] button. The Object Device Setting page appears. Specify the necessary settings, and then click the [Apply] button. – To clear the entered information, click the [Clear] button.
Page 126
Authentication Manager Reminder "Default biometric unit number" and "Biometric System" are displayed when the license for Gateway for Biometric Authentication Manager is registered. A maximum of five languages can be registered with the device. "English" must be selected. To authenticate the device by Authentication Manager, the device must be registered to be managed by Authentication Manager.
Authentication Manager 3.11.2 Function Permission Setting for Public User Various settings for function permissions for public users can be specified. Settings for the following parameters can be specified. Function Details Function limitation Select the check boxes for the functions to be permitted for public users.
Authentication Manager Reminder To select all the functions in the list, click [Select All]. The "Save to external memory" check box is cleared by default. Select this check box, if necessary. Note This setting applies only to devices that support public users. On devices that do not support public users, you cannot configure the function permission for public users using Authentication Manager.
Authentication Manager Note To confirm the settings specified in the SSFC Authentication Settings screen, click the [Apply] button in the Object Device Setting screen. 3.11.4 Specifying a list (User name) A list of user names to be displayed on the device panel can be specified. The list can be displayed by selecting it from a registered user template or the history of logging on to the device panel can be displayed on the device panel.
Authentication Manager Function Details Sort by Login Displays the user names in order of logging on to the de- vice. Sort by Name Displays the sorted user names. Template Select this item to display the selected user template as a user name list.
Authentication Manager Displaying login history on the device panel Select [History]. Select the order of displaying the history. 3.11.5 Specifying a list (Account name) A list of account names to be displayed on the device panel can be specified. The list can be displayed by selecting it from a registered account track template or the login history to the device panel can be displayed on the device panel.
Authentication Manager Function Details Sort by Login Displays the account names in order of logging on to the device. Sort by Name Displays the sorted account names. Template Select this item to display the selected account track tem- plate as an account name list. Template list Select an account track template to be displayed on the device panel.
Authentication Manager Displaying login history on the device panel Select [History]. Select the order of displaying the history. 3.11.6 Specifying a list (External server name) A list of external server names to be displayed on the device panel can be specified.
Authentication Manager Function Details Sort by Login Displays the external server names in order of logging on to the device. Sort by Name Displays the sorted external server names. Template Select this item to display the selected external server tem- plate as an external server name list.
Authentication Manager Displaying login history on the device panel Select "History" as a list type. Under [History], select the order of displaying the history. 3.11.7 Registering a specific device Specify that authentication from the device is performed with Authentication Manager. Note To register a device to be managed by Authentication Manager, license registration is required.
Page 136
Authentication Manager – Specifying the search condition can narrow down devices to be displayed in the list. Select a column to search from the drop-down list, and then type in the text to be searched for in the text box. Click the [Display] button.
Authentication Manager Function Details Registered Name Displays the registered name for the device. Model Name Displays the model name for the device. User authentication Displays whether to use a relay server or external server for user authentication. Account Track Displays whether or not the account track is managed. Account Password Displays whether or not the account track password is used.
Authentication Manager – To display all devices, select "All Devices". – If master and subordinate relationships are specified in the group, select the [All subgroups] check box of [Display Details]. – Specifying the search condition can narrow down devices to be displayed in the list.
Page 139
Authentication Manager Function Details Result Displays whether the registration or unregistration opera- tion was successfully completed. • "Success": Appears when the registration or unregistra- tion operation was normally completed. • "Error": Appears when the specific device was not suc- cessfully registered or unregistered due to an error in communication with the device.
Authentication Manager 3.12 IC card information This function allows you to enable or disable IC card information registered for a user or edit card information. The name of an IC card can be specified. Settings for the following parameters can be specified. Function Details Search Condition...
Authentication Manager For details, refer to "IC card self-registration" on page 3-128, "Checking or modifying card information" on page 3-125, Registration Tool help, and "Importing from a file" on page 3-41. After importing the information, be sure to check the Enable/Disable setting for the IC card.
Authentication Manager 3.12.2 Checking or modifying card information From the [User Group Name] drop-down list, select the user group to be displayed. – To display all users, select "All Users". – If master and subordinate relationships are specified in the group, select the [All subgroups] check box of [Display Details].
Authentication Manager 3.12.3 Specifying an IC card name In the IC Card Information page, click the [IC Card Name Setting] button. Type in each IC card name (IC card 1, IC card 2, or IC card 3), and then click the [Apply] button. –...
Authentication Manager 3.13 IC Card Authentication Setting The IC card self-registration function is a secure and safe method to reduce the administrator's load when registering card information using Authentication Manager. Using this function, a newly distributed IC card or a card used to manage entering or leaving a room can easily be associated with the Authentication Manager user account when applying an IC card in Authentication Manager.
Authentication Manager 3.13.2 IC card self-registration The self-registration function becomes available when a user logs on while satisfying the following conditions. - Self Registration is set to "Allow" in IC Card Authentication Setting. - The target device is registered while an IC card reader is connected to the device.
Authentication Manager 3.14 IC Card Information Template Settings Use of an IC card information template allows you to perform the correct authentication even when a third-party authentication device is used. This section explains how to register and edit an IC card information template.
Authentication Manager 3.14.1 Registering and editing an IC card information template Registering templates A new IC card information template can be registered. Information required for registration varies depending on the type of IC card. Click the [Register] button. The Create/Edit IC Card Template page appears. Type in a template name for [Template Name].
Authentication Manager Editing a template The information of a registered IC card information template can be viewed and changed. Specify the settings for the template information to be changed, and then click the [Apply] button. – The detailed settings vary depending on the type of the data specified in a template.
Authentication Manager Registering IC card information (when the data type is "Byte") If the type of the data specified in a template is "Byte", configure the following settings. Template Name Type in the template name. Data Type Select the data type of an IC card. Scanning Start Position (Byte) Specify the card ID starting position.
Authentication Manager 3.15 Biometric information Settings for the following parameters can be specified on the Biometric Information page. Reminder This page is displayed when the license for Gateway for Biometric Authentication Manager is registered. Create biometric information using Registration Tool, and then register it using the import function of Authentication Manager.
Authentication Manager When both AU-101 and AU-102 are connected, register data of both AU- 101 and AU-102 using Registration Tool. 3.15.1 Displaying a user list A list of users registered in the biometric unit can be displayed. From the [Biometric Unit No.] drop-down list, select a biometric unit –...
Authentication Manager Reminder When biometric information self-registration is completed, "Biometric Registration" is displayed for [Biometric Information 1] or [Biometric Information 2]. For details on biometric information self-registration, refer to "Bio Auth Setting" on page 3-136. 3.15.2 Changing the biometric unit No. Select the check box for the user to be changed from the biometric unit user list, and then click the [Change Biometric Unit No.] button.
Authentication Manager 3.16 Bio Auth Setting The biometric information self-registration function reduces the administrator’s load and enables biometric information to be registered safely and securely in Authentication Manager. Note Biometric information self-registration cannot be performed in a device that is using Enterprise Suite Terminal. 3.16.1 Biometric information self-registration setting Function Details...
Authentication Manager 3.16.2 Biometric information self-registration The self-registration function becomes available when a user logs on while the following conditions are satisfied. - Self Registration is set to "Allow" for Bio Auth Setting. - The target device is registered while an authentication device is connected to the device.
Authentication Manager 3.17 Biometric Authentication Server Setting To perform biometric authentication, biometric authentication server information must be registered with Authentication Manager. Settings for the following parameters can be specified. Reminder This page is displayed when the license for Gateway for Biometric Authentication Manager is registered.
Page 156
Authentication Manager Reminder Normally, specify as follows. - "Biometric Auth Server URL": http://(IP address or domain of the installed computer)/ - "Server Certification URL": URL specified in step 9 of "Installing Gateway for Biometric Authentication Manager" in Enterprise Suite Installation Guide - "Server Admin.
Authentication Manager 3.18 Changing the password Specify the password or PIN code necessary for logging on to Enterprise Suite and devices. Type in the password. Type in the password again for confirmation. Change the PIN code as necessary. – Clicking the [Auto-Generate] button creates a new PIN code. Click the [Apply] button.
Authentication Manager 3.19 Checking the Biometric Unit No. Check the biometric unit number required to log onto the device before attempting biometric authentication. Authentication Manager 3-141...
Authentication Manager 3.20 Specifying an administrator Reminder These settings can be specified only by the system administrator. 3.20.1 Specifying the administrator Users who can use the Authentication Manager with Administrator privileges can be selected. Settings can be specified for the following parameters. Function Details Search Condition...
Authentication Manager 3.20.2 Adding an administrator From the [User Group] drop-down list, select the user group to be displayed. From the user list, select the check box for the user to be added. – To display all users, select "All Users". –...
Authentication Manager 3.20.3 Deleting an administrator In the Administrator Settings page, select the check box for the user to be deleted. Click the [Delete] button. Check the message that appears, and then click the [OK] button to delete the template. The selected user is deleted from the list of administrators.
Authentication Manager 3.21 Specifying a group manager Users with user group manager privileges can be selected. Settings for the following parameters can be specified. Reminder These settings can be specified by the system administrator or the administrator. For details on the administrator settings, refer to "Specifying an administrator"...
Authentication Manager 3.21.1 Adding a group manager From the [Managed User Group] drop-down list, select a group to be managed. From the [Select User Group] drop-down list, select a user group to be displayed. – To display all users, select "All Users". –...
Authentication Manager Click the [Apply] button. The selected user is registered as a group manager. 3.21.2 Deleting a group manager In the User Group Manager Setting page, select the check box for the user to be deleted. Click the [Delete] button. Check the message that appears, and then click the [OK] button.
Authentication Manager 3.23 Using with Account Manager If Account Manager is installed separately, it can be used together with Authentication Manager. When Authentication Manager is used together with Account Manager, the number of printed pages is compared with the maximum limit in real time, and further output can be restricted when the maximum limit is reached.
Authentication Manager 3.23.1 Real-time Upper Limit Settings The following information is applicable when Account Manager module license is registered. To manage the maximum limit in real time, register the device as the device to be managed using Authentication Manager, and make sure the device is configured as follows using Account Manager.
Authentication Manager 3.23.3 Device panel display when logging on If the device manages the maximum limit in real time, when a user logs on, the Counter Remaining and the maximum limit count are displayed on the device panel. The Counter Remaining indicates the number of printable pages for the user. The maximum limit count indicates the number of printable pages reserved for the user when they use the device.
Authentication Manager If the residual number of pages by a user is smaller than the reserved number of printable pages when a user uses the device: If the residual number of printable pages by the user is smaller than the number of printable pages reserved when a user uses the device, the residual number of pages when a user uses the device is displayed as the maximum limit count.
Authentication Manager 3.24 Precautions on using Gateway for Biometric Authentication Manager When using Gateway for Biometric Authentication Manager, be careful with the following. - Set up so that Authentication Manager and Gateway for Biometric Authentication Manager in pair. If a single Gateway for Biometric Authentication Manager is specified by multiple Authentication Managers, they do not operate correctly.
Authentication Manager 3.25 Operation for authentication This section describes how to perform authentication from the device using Authentication Manager as an extended authentication server (relay authentication server). 3.25.1 Internal authentication and external authentication As user authentication performed by Authentication Manager, the following two types of authentication are available: internal authentication and external authentication.
Authentication Manager Both the case that the user "A" specifies an external server on the device panel and is authenticated successfully and the case that the user is authenticated successfully by the internal authentication are considered that the user "A" is logging on. Handling regardless of the external server to perform authentication in the external authentication For example, assume that a user with the same name "B"...
Authentication Manager 3.25.4 Default external server - When the default external server is specified for the device in Authentication Manager, "External Server" on the device panel displays the name of the specified default external server. - When the default external server is not specified for the device, "External Server"...
Page 173
Authentication Manager The device forcibly excluded from the target devices displays the Login page for Authentication Manager. However, you can no longer log on to the device. On the Administrator Settings page of the device, change the user authentication method to a mode other than the extended authentication server (intermediate authentication server).
Setting by Purpose Setting by Purpose Performing device authentication using Authentication Manager Performing device authentication On the top menu, select [Server Settings], and in the License Management page, register Authentication Manager licenses. Register the devices to be managed, referring to the Device Manager User's Guide.
Setting by Purpose Restricting available device functions by user group or user Restricting device functions On the top menu, select [Authentication Manager] - [Permission Template Setting], and in the Register Template page, create a function permission template. – Here, specify the available functions. On the top menu, select [Authentication Manager], and in the Basic Settings (By User) page, assign the template created in step 1 to the user group or user to be restricted.
Setting by Purpose Switching available functions between devices in the account track to which a user belongs and devices in other account tracks Function permissions can be restricted by switching a template, for example, when permitting faxing only for devices in the account track to which the user belongs.
Setting by Purpose Linking with an existing Active Directory for authentication Linking with Active Directory On the top menu, select [Authentication Manager], and in the External Server Settings page, register an external server from "Register". If Authentication Manager is already operated, register the device again.
Setting by Purpose Simplifying authentication with IC card Registering a card Register card information, referring to "Registering Card Information" in "3.1 IC Card Information". On the top menu, select [Authentication Manager], and in the Device Management page, connect the IC card to the device and register the target device again from "Manage".
Setting by Purpose Easily registering new card information for a user who lost an IC card Easily registering card information On the top menu, select [Authentication Manager], and in the IC Card Authentication Setting page, set the "Allow Self Registration" option to the following value.
Setting by Purpose Easily registering a card already registered as one of other user This function can be used when, for example, easily assigning a card of a specific user to another user while user information such as counter totals is still stored but the user account is not used.
Setting by Purpose Using biometric authentication to enhance security level Performing biometric authentication Purchase the biometric authentication license. – For details, contact your sales company. Install Gateway for Biometric Authentication Manager, referring to the installation guide. Install Plugin for Biometric Authentication Manager in the same machine as for Authentication Manager, referring to the installation guide.
Setting by Purpose Using Public User Configuring Public User Settings On the top menu, select [Authentication Manager] - [Device Management] - "Edit", and in the Object Device Setting page, change the Public User settings. – If necessary, you can apply the function permission for Public User ("Function Permission Setting for Public User").
Setting by Purpose 4.10 Changing your password Changing a password Log on to Enterprise Suite. On the top menu, select [Authentication Manager] - [Change Password], and in the Change Password page, enter a new password and click the [Apply] button. Authentication Manager 4-10...
Setting by Purpose 4.11 Performing counter management by job or work besides user Use the following steps to configure settings. On the top menu, select [Authentication Manager] - [Account Track List], and in the Register page, create an account track. On the top menu, select [Authentication Manager] - [Device Management] - "Edit", and in the Object Device Setting page, configure the account track authentication settings.
Troubleshooting Troubleshooting Problems on Device Management Problem Action Message "Failed to establish Authentication Manager always uses SSL/TLS when having a an SSL/TLS communication communication with a device. with the device." appears. (1) Use Web Connection to import a certificate to the device. (2) In the network settings, set "Enable SSL"...
Troubleshooting Problems on User Import Problem Action An error message is dis- This error may occur when an export file has been obtained with- played when importing a file out being encrypted. that was output using the ex- If a user deletes a file after exporting it, the target user cannot im- port function for some users.
Troubleshooting Problems on Authentication Problem Action Authentication failed. Try the following method. (1) Pattern scanning is performed three times when registering biometric information. For each time, release your finger from the biometric au- thentication device, and put your finger on the device again.