This is the log-in service that can be operated on the domain of Active Directory environment network or at iR device. The following are the user authentication

systems.

- Domain Authentication

- Local Device Authentication

- Domain Authentication + Local Device Authentication

- The three user authentication systems can be changed at Web browser (See 'Setting the User Authentication System' on MEAP Administrator Guide).

- The default setting is 'Domain Authentication + Local Device Authentication'. To increase security, set 'Domain Authentication' as user authentication system

or change the user name and password of the administrator of Local Device Authentication from the default ones, just after starting to use SSO.

Domain Anthentication

This is the authentication of the domains on network simultaneously with log-in to iR device, in combination with the domain controller on Active Directory envi-

ronment network. It authenticates up to four domain users (multi domain) with trusts as well as the domain with iR device installed. Users select the domain name

of log-in destination when they log in.

Optional NetSpot Accountant or imageWARE Accounting Manager enables analysis / management of the usage of iR device.

Local Device Anthentication

This is the user authentication used for only iR device itself. The users to be authenticated is registered / managed by the database of iR device. The method of

registration / management is the same as the one for SDL. The log-in destination is [this device].

Domain Authentication + Local Device Anthentication

This is the user authentication system with the functions of both 'Domain Authentication' and 'Local Device Authentication'. Domain Authentication is useful to

authenticate the users registered / managed by Active Directory, and Local Device Authentication is for authentication of the temporary users being not able to be

added to Active Directory. In the case that any trouble of domain controller or Security Agent occurs, using Local Device Authentication enables emergency action

until recovery.

In the following example, Domain A user with iR installed and Domain B having trusts with Domain A, and also the users registered in iR device itself can be

authenticated. Users select the login destination (domain name or [This Device]) when they log in.

- Optional NetSpot Accountant or imageWARE Accounting Manager is necessary to use Domain Authentication and department ID management

simultaneously. When Domain Authentication is set without combination with NetSpot Accountant or imageWARE Accounting Manager, log-in is impossible.

Therefore, department ID management should not be 'ON'. If department ID management is set to 'ON' while using Domain Authentication and log-in becomes

impossible, change the log-in service to Default Authentication and turn department ID management to [OFF].

- For combination with NSA / iWAM, it is necessary to set the user with administrative privilege of the domain on the SA service account.

- When the print count and scan count for each department ID needs to be managed in conjunction with Local Device Authentication and department ID

management, turn department ID management to [ON]. To use simultaneously Local Device Authentication and department ID management, the information

registered with Local Device Authentication should be matched with the user information of department ID management (department ID and password).

- The user information registered by SDL and the one by Local Device Authentication are managed separately in the iR device. The user information registered

in one system is not reflected to the other.

- The card reader for optional control card cannot be used for Local Device Authentication. When using the card reader for control card, set SDL.

- Security Agent is necessary only for Domain Authentication.

- Security Agent should be installed on the computer in the domain with iR device installed.

- Installation of Security Agent is included in MEAP Administrator CD-ROM.

Operating Environment

The operation is guaranteed for SDL or SSO if the system environment is in keeping with the following requirements:

SDL (registering/editing user information)

11-34

Domain A

Domain

NetSpot