Download  Print this page

Xerox AltaLink B8045 Installation And Configuration Manual

Xerox altalink series smart card
Hide thumbs

Advertisement

Version A
February 2018
702P06264
®
®
Xerox
AltaLink
Series
Smart Card Installation and
Configuration Guide

Advertisement

Table of Contents
loading

  Also See for Xerox AltaLink B8045

  Summary of Contents for Xerox AltaLink B8045

  • Page 1 Version A February 2018 702P06264 ® ® Xerox AltaLink Series Smart Card Installation and Configuration Guide...
  • Page 2 ©2018 Xerox Corporation. All rights reserved. Xerox ® and Xerox and Design ® are trademarks of Xerox Corporation in the United States and/or other countries.
  • Page 3: Table Of Contents

    Configure Acquiring Logged-In Email Addresses for Users..........3-26 Configure SMTP Email Settings..................3-30 Configure General Email Settings..................3-36 Printing Features..............................3-44 Configure Hold All Jobs........................3-44 Configure Secure Print Driver Defaults..................3-45 Configure the Print Driver.........................3-47 Confirm the Installation..........................3-49 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 4 Table of Contents Using Smart Card..............................3-50 4 Troubleshooting........................4-1 Fault Clearance..............................4-1 Locating the Serial Number.......................4-1 Troubleshooting Tips............................4-2 During Installation..........................4-2 After Installation............................4-2 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 5: Introduction

    The Smart Card solution brings an advanced level of security to sensitive information. Organizations ® can restrict access to the walk-up features of a Xerox device. This practice ensures that only authorized users are able to print, copy, scan, email, and fax information.
  • Page 6: Supported Printers

    Hold All Jobs Xerox offers a feature called Hold All Jobs. This feature ensures that jobs are held securely at the MFD and only are available for release after you authenticate at the MFD. The MFD holds the jobs for a specified period and releases them only when you release them at the MFD.
  • Page 7: Supported Card Readers

    After it is in your inbox, you can decrypt the email with your private key, making the payload readable again. Supported Card Readers ® The customer is responsible for providing a card reader for each Xerox device. The following card readers are compatible with the solution: • Gemplus GemPC USB SL •...
  • Page 8: Minimum Software Levels

    • User Guide provides detailed information about all the features and functions on the device. This guide is intended for general users. Most answers to your questions are provided by the support documentation supplied for your product. Alternatively you can contact the Xerox Support Center or access the Xerox website at www.xerox.com. Xerox ®...
  • Page 9: Preparation

    8. Install any required certificates and configure validation settings. Refer to Configure a Security Certificate. 9. Configure the MFD LDAP settings. Refer to Configure Acquiring Logged-In User's Email Address. Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 10 Preparation 10.Configure the MFD SMTP email and Signing/Encryption settings. Refer to Configure SMTP (Email) Settings. 11. Configure the Hold All Jobs/Secure Print policy, if necessary. Refer to Printing Features. Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 11: Installation

    • Configuring the Smart Card: Enable the Smart Card function, then customize the settings. • Using Smart Card: For instructions on how to use the card reader to access the device functions, refer to Using Smart Card, in this guide. Xerox ® AltaLink ®...
  • Page 12: Hardware Installation

    2. Locate the card reader device to install. • There are four types of card reader available, one upright model, or three slimline models. • Locate the device to install and ensure it is configured. Xerox ® AltaLink ®...
  • Page 13 Installation Note The System Administrator configures the cards before the card reader is installed on the printer. 3. Attach the ferrite bead to the reader cable. Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 14 Clip the ferrite bead onto the cable directly behind the connector. 4. Attach the fasteners to the card reader device. ® Fasteners are provided to secure the card reader to the Xerox device. a. Peel back the fastener backing strip.
  • Page 15 Installation c. Repeat these steps for each of the fasteners supplied. 5. Remove the fastener backing strips. Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 16 When all the fasteners are attached to the card reader, remove the backing strips on each of the fasteners. ® 6. Place the card reader on the Xerox device. a. Gently place the card reader on the device. Do not fix the card reader in place at this time.
  • Page 17: Software Configuration

    Enter the Smart Card Enablement Key Before you configure the Smart Card solution, use Internet Services to enable the Smart Card feature on your Xerox ® device. The Feature Enablement Key is printed on the inside cover of the Enablement guide provided within the Smart Card kit.
  • Page 18 If users need an alternate method of authentication, select User Name/Password from the Alternate Control Panel Login menu. g. If the device uses the email address registered to the authenticated user, select the Personalized User Profile check box. Xerox ® AltaLink ®...
  • Page 19 Click Next. A confirmation message appears. k. Click Next. The Smart Card settings are now ready to configure. Note No services are restricted until the Smart Card is configured fully through Internet Services. Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 20: Configuring The Smart Card

    Initially the Domain Controllers are empty and the NTP server is not set. b. Click Add Domain Controller. c. Select the Windows Based Domain Controller check box. Or, to select the Linux-Based Domain Controller, clear the check box. 3-10 Xerox ® AltaLink ® Series...
  • Page 21 Select either the IP Address or the fully qualified Host Name, then enter the Domain Controller details. e. Unless your Kerberos Port is different, ensure that Port 88 is selected. f. Enter the fully qualified Domain Name. Xerox ® AltaLink ®...
  • Page 22: Enable Ntp Service

    Installation g. Click Save. Enable NTP Service Configure the Date and Time to update automatically. a. Click Network Time Protocol - Edit. 3-12 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 23 Select the Enabled check box to enable NTP. c. Enter the IP address or Host Name of the Primary and Alternate Time Server. Often this address is the same address as the Domain Controller. d. Click Save. Xerox ® AltaLink ®...
  • Page 24: Configure Alternate Authentication

    Certificate. If Alternate Authentication is enabled, to configure the server, click Authentication Servers / Control Panel (Alternate) - Edit in the Configuration Settings list. a. Select Authentication Type as Kerberos from the menu. 3-14 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 25: Configure A Security Certificate

    Create a Device Certificate • Import a Certificate Authority Certificate • Install a Domain Controller Certificate If certificate validation is not required, refer to Configure Smart Card Inactivity Timer. Xerox ® AltaLink ® Series 3-15 Smart Card Installation and Configuration Guide...
  • Page 26: Create A Device Certificate

    To create a device certificate: a. In the Properties tab, click Security. b. Click Certificates > Security Certificates. c. Click the Xerox Device Certificate tab. d. Click Create New Xerox Device Certificate. e. Complete the Self Signed Certificate fields. 3-16 Xerox ®...
  • Page 27: Import A Certificate Authority Certificate

    SSL. Import a Certificate Authority Certificate To import a certificate from the Certificate Authority: a. In the Properties tab, click Security. b. Click Certificates > Security Certificates. c. Click the Root/Intermediate Trusted Certificates tab. Xerox ® AltaLink ® Series 3-17...
  • Page 28 Click Install Certificate. e. Click Browse and navigate your Certificate Authority certificates. f. Click Next. g. If the certificate is encrypted, enter the password on the Password Required screen. 3-18 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 29: Install A Domain Controller Certificate

    SSL. Install a Domain Controller Certificate To install a Domain Controller Certificate: a. In the Properties tab, click Security. b. Click Certificates > Security Certificates. c. Click the Domain Controller Certificates tab. Xerox ® AltaLink ® Series 3-19 Smart Card Installation and Configuration Guide...
  • Page 30 Installation d. Click Install Certificate. e. Click Browse and navigate to your Domain Controller certificates. f. If the certificate is encrypted, enter the password on the Password Required screen. 3-20 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 31: Configure Secure Sockets Layer (Ssl)

    SSL, proceed to Configure Certificate Validation. a. In the Properties tab, click Connectivity. b. Click Setup. c. In the Protocol list, click HTTP - Edit. Xerox ® AltaLink ® Series 3-21 Smart Card Installation and Configuration Guide...
  • Page 32: Configure Certificate Validation

    Configure Certificate Validation If you do not require certificate validation, proceed to Configure Smart Card Inactivity Timer. a. In the Properties tab, click the Login/Permissions/Accounting link. b. Click Login Methods. 3-22 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 33 Click Certificate Validation - Edit in the Configuration Settings menu. d. Select the required Validation Options. e. If you have selected one or more options, to configure further settings, click Next. f. If prompted, enter the OCSP Server URL to use for certificate validation. Xerox ® AltaLink ®...
  • Page 34 If prompted, to enter the proxy server information, select Proxy Server - Configure. If the OCSP server is outside the firewall, a proxy server can be required to access the server. h. Select the Domain Controller Certificates to validate each domain controller. 3-24 Xerox ® AltaLink ®...
  • Page 35: Configure Smart Card Inactivity Timer

    If you do not require inactivity settings for Smart Card authentication, proceed to Configure Acquiring Logged-In User Email Address. a. In the Properties tab, click Login/Permissions/Accounting. b. Click Login Methods. c. Click Smart Card Inactivity Timer-Edit. Xerox ® AltaLink ® Series...
  • Page 36: Configure Acquiring Logged-In Email Addresses For Users

    Configure Acquiring Logged-In Email Addresses for Users settings, proceed to Confirm the Installation. a. In the Properties tab, click the Login/Permissions/Accounting link. b. Click Login Methods. c. Click Acquiring Logged-In Email Addresses for Users - Edit. 3-26 Xerox ® AltaLink ® Series...
  • Page 37 Select the required option for Acquire Logged-In Email Addresses for Users. e. If you select Auto or Only Network Address Book (LDAP), click Network Address Book (LDAP) - Edit to configure LDAP server settings. f. Click Add New. Xerox ® AltaLink ®...
  • Page 38 For example, if the Fully Qualified Domain Name for the server is "Hostname.Example.Search.Root", the search directory root is "dc=Example,dc=Search,dc=Root". k. Enter the required Login Credentials to Access LDAP Server. l. Click Apply. m. Click Close. 3-28 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 39 Select LDAP Policies. o. Select Enable SASL Binds to LDAP. Note Smart Cards use a ticket-based authentication to LDAP and require SASL for authentication. p. Click Save. q. Click Close. Xerox ® AltaLink ® Series 3-29 Smart Card Installation and Configuration Guide...
  • Page 40: Configure Smtp Email Settings

    Click Apps > Email > Setup. In the Email Setup screen, click the Required Settings tab. a. Click SMTP - Edit. b. To configure the server address, click Use DNS to identify SMTP Server. Or, click IP Address or Host Name, then enter the SMTP server address. 3-30 Xerox ® AltaLink ® Series...
  • Page 41 Installation c. Enter the required Device Email Address. d. Click Save. Xerox ® AltaLink ® Series 3-31 Smart Card Installation and Configuration Guide...
  • Page 42 Logged-in User. Note The credentials for the logged-in user typically provide authentication for the SMTP server when you enable Smart Card authentication. c. Click Always Use Kerberos Tickets. 3-32 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 43 Click None for automated emails. e. Click Save. Configure Connection Encryption Click SMTP - Edit. a. Click the Connection Encryption tab. b. Select the required encryption setting. c. Click Save. Xerox ® AltaLink ® Series 3-33 Smart Card Installation and Configuration Guide...
  • Page 44 Click the File Size Management tab. Note This screen defines how to manage large email payloads. b. Select the required settings. c. Click Save. Test Configuration Click SMTP - Edit. 3-34 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 45 Enter a valid email address in the To Address field. c. Click Send Email. Note If the SMTP settings are correct, a success message appears and an email is received at the address. Xerox ® AltaLink ® Series 3-35...
  • Page 46: Configure General Email Settings

    Required Settings Configured appear to confirm that the required settings are configured. e. Click Save. Configure General Email Settings Click Apps > Email > Setup. On the Email Setup screen, click the General tab. 3-36 Xerox ® AltaLink ® Series...
  • Page 47 Select the required option for printing a Confirmation Sheet from the menu. e. If you want the MFD to add your email address to the To field automatically when you are logged in, click Enabled for Auto Add Me. f. Click Apply. Xerox ® AltaLink ®...
  • Page 48 Configure the Device Address Book. Instructions are available in the System Administration Guide. Configure Email Defaults Click the Defaults tab. a. Select the required options for email default settings. b. Save your changes. 3-38 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 49 Installation Configure Email Compression Select the Compression tab. a. Select the required Compression Settings. b. Click Save. Configure Email Security 1. Click the Security tab. Xerox ® AltaLink ® Series 3-39 Smart Card Installation and Configuration Guide...
  • Page 50 Click Encryption/Signing - Edit. b. Select the required Encryption Enablement setting: • Off - You cannot sign email. • Always On - An email signature is required. 3-40 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 51 • Editable by user - The local user settings determine whether an email signature is required. c. If you selected Editable by User, if the ability to sign is required by default, click On for Email Encryption Default. d. Select the required Encryption Algorithm. Xerox ® AltaLink ®...
  • Page 52 Installation e. Click Apply. 2. If you want to configure email domain restrictions, click Edit in the Network Policies area. a. Select the required restrictions. 3-42 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 53 Click Save. 3. If you want to configure restrictions on email recipients, click Edit in the User Policies area. a. Select the required settings for User Permissions. b. Save your changes. Xerox ® AltaLink ® Series...
  • Page 54: Printing Features

    Access Internet Services and select Properties. Refer to Access Internet Services in the Enter the Smart Card Enablement Key procedure for instructions. a. Click Apps > Printing > Hold All Jobs. b. Select the required Enablement option. 3-44 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 55: Configure Secure Print Driver Defaults

    Access Internet Services and click Properties. Refer to Access Internet Services in the Enter the Smart Card Enablement Key procedure for instructions. a. Click Apps > Printing > Secure Print. b. Click the Defaults tab. Xerox ® AltaLink ® Series 3-45...
  • Page 56 Panel. If required, enter a number from 4-10 to specify the length of the Secure Print Passcode. • User ID: requires you to log in at the Control Panel to release your Secure Print jobs. d. Click Save. 3-46 Xerox ® AltaLink ® Series...
  • Page 57: Configure The Print Driver

    Windows Operating System. To configure the print driver to pull the user name from the Smart Card certificate: ® Install your Xerox Print Driver. Instructions are available in the System Administrator Guide. a. Access the Properties for your print driver.
  • Page 58 Installation c. Select Enabled from the Access and Verification menu. 3-48 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 59: Confirm The Installation

    Configure Secure Print Driver Defaults. Confirm the Installation When you install and configure the card reader and the software, the Card Reader Detected screen appears on the Xerox ® device local user interface. The Smart Card is now ready for use.
  • Page 60: Using Smart Card

    Tips. 3. Complete the job. 4. To end the session, remove your card from the card reader. The current session is terminated and the Authentication Required window appears. 3-50 Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 61: Troubleshooting

    If a fault cannot be resolved by following the instructions provided, refer to Troubleshooting Tips on page 45. ® If the problem persists, identify whether it is related to the card reader device or the Xerox device: • For problems with the card reader device, contact the manufacturer for further assistance. ®...
  • Page 62: Troubleshooting Tips

    LDAP is not configured properly or Check the authorization method. you do not have the appropriate ac- the local user permission roles are cess to the operation you requested. not configured properly. Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 63 The card reader was disconnected. • Verify that the card reader is connected properly . • If you suspect the reader has failed, swap with a known work- ing reader. Xerox ® AltaLink ® Series Smart Card Installation and Configuration Guide...
  • Page 64 Ensure the DHCP settings match your site settings. • To print a configuration report at the Xerox ® device, select Device, then Information Pages. Select the Configuration Report from the list, then select Print. Xerox ®...