Table of Contents
Advertisement
2
Technology > MEAP > Login Service > Authentication methods of SSO-H
■
Default Authentication overview
This login service is selected when the department ID management is enabled or no
authentication function is set. Set the department ID management to [ON] on Setting /
Registration (Additional Functions mode) of this device and register 7-digit ID and PIN by
department. This setting restricts the use of this device only to users keying the registered
ID and PIN. Department IDs/ and PINs can be registered on the touch panel of this device or
Remote UI.
■
SSO-H (Single Sign-On-H) overview
This is a merger of the existing SDL and SSO login services and has the following features.
•
Both the domain authentication and local device authentication login services can be used.
•
There is no need to have a separate SA server.
•
Login is not via SA, so SSO-H refers directly to DNS for authentication.
•
Kerberos and NTML protocols are supported.
•
The following three authentication methods may be selected from.
•
Domain authentication
•
Local device authentication
•
Domain authentication + local authentication
CAUTION:
The system configuration is different from previous SSO, so individual management
•
is required.
•
Data porting of user information that was being used with the earlier SSO local
device authentication and SDL can be done by exporting/ importing. However,
application settings information cannot be ported.
2
Technology > MEAP > Login Service > Authentication methods of SSO-H
■
Authentication methods of SSO-H
SSO-H can use multiple authentication methods, and the user can toggle between them
from a Web browser. (Refer to the MEAP Authentication System Settings Guide 'User
Authentication Method Settings'.)
CAUTION:
The factory shipment setting is 'Domain authentication + local device authentication'.
In order to provide increased security, as soon as SSO is used, it is recommended that
the administrator's user name and password in local device authentication be changed
from the factory shipment settings as soon as possible.
●
Local device authentication
This is an authentication method that is used for single iR devices. The authenticating
users are registered in the iR device's database. User management is performed on the
Web application provided by the device, or from the imageWARE Enterprise Management
Console/ iW Management Console. The login destination is [This device].
●
Domain authentication
This is a form of user authentication which operates in collaboration with the domain controller
on the Active Directory environment network and, as soon as the iR device is logged into,
carries out authentication of the domain on the network. In addition to users belonging to
the domain that includes the iR device, users belonging to domains that have a reliable
relationship with the domain (multi-domain) can also be authenticated. The domain name of
the login destination can be selected by the users themselves upon login.
The function makes use of options iW EMC Accounting Management Plig-in to enable
analysis and management of the iR device usage status.
The protocol used is as follows.
•
Kerberos:LLS/RLS/ILS
•
NTLMV2:WLS(Web Service Login Service)
User information acquisition is done by LADP, so the Active Directory LDAP port needs to be
made accessible. If LDAP connection fails, the authentication will end in error.
No. of supported domains: 200 (unchanged from SSO) Site access supported.
2-195
2-195
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
