Access Mode In Sites - Canon imageRUNNER ADVANCE 6075 Series Service Manual

2
Technology > MEAP > Login Service > Access Mode in Sites
CAUTION:
• To run domain authentication and Department ID management at the same time,
the options Net Spot Accountant, iW Accounting Manager or iW EMC Accounting
Management Plug-in are required. If domain authentication is selected as the
authentication method without linkage to these systems, login will be disabled and
Department ID management will not come ON. If Department ID management
cannot be turned ON when using domain authentication and login is disabled, switch
the login service to Default Authentication and turn Department ID management
OFF.
• In order to link local device authentication and Department ID management and
manage print pages and scan pages per department ID, Department ID management
must be set ON. To run local device authentication and Department ID management
at the same time, the information registered in local device authentication must
match the Department ID management user information (department ID and
password).
• In local device authentication the card reader for the option control card cannot be
used.
● Linkage with Department ID management when using SSO-H
SSO-H has collaborative linkage with imageWARE/iW Enterprise Management Console
Access Management Plug-in, imageWARE/iW Enterprise Management Console Accounting
Management Plug-in. Only when used with 'Local device authentication', can department ID/
passwords be allocated to users.
In the event that these are allocated, authentication can be performed even when the main
unit's department management is ON. Department ID and department passwords are not
allocated to domain users.
When the main unit's department management function is ON, domain users cannot be
authenticated.
Note:
With SSO, linkage with imageWARE/iW Enterprise Management Console Accounting
Management Plug-in was assumed and department management linkage was enabled
even in domain authentication, but with SSO-H, this is now unsupported.
2 Technology > MEAP > Login Service > Access Mode in Sites
● System Manager Linkage (automatic ID allocation to System
Managers)
SSO provided the automated function conventionally on Security Agent (hereinafter "SA") to
authenticate System Manager by allocating IDs set on SA to domain authentication managers
(users belonging to Canon Peripheral Admins group). However, SSO-H does not support this
function.

■ Access Mode in Sites

With SSO-H, access to Active Directory within site can be prioritized or restricted, so there
is a setting called 'Access Mode in Sites'. Sites programmed in Active Directory comprise
multiple subnets. In this mode, SSO-H uses site information to access the same site as the
device, or the subnet Active Directory.
• The SSO-H default setting is with the site internal access mode OFF.
• Access Active Directory within same site only.
• If there is no Active Directory within the same site, or if connection fails, there will be an
authentication error.
• Access another site if Active Directory within the same site cannot be located.
• If there is no Active Directory within the same site, or if connection fails, an Active Directory
external to the site will be accessed.
• If all attempts to access Active Directory fail, there will be an authentication error.
The operating specifications of the site internal access mode are as described below.
When first logging in to the login service after booting iR, the domain controller (DC) is
obtained from the site list.
However, upon the first login, even if the site functionality is active, connection to DC is
random. (This is because, if connection to DC should fail, the site to which the device belongs
cannot be ascertained.)
If the device IP address or the domain name are changed, the site settings are acquired once
more.
In this mode, at the first login (first authentication of domain to which the device belongs)
LDAP-Bind is performed directly to DC and site information acquired by LDAP from DC.
From the acquired site list, the site to which the device subnet belongs is extracted and this
becomes the site to which device belongs. Active Directory address is acquired (retrieved
from DNS)
2-196
2-196