Table of Contents
Advertisement
2
Technology > MEAP > Login Service > Authentication methods
■ SSO-H (Single Sign-On-H) overview
This is a merger of the existing SDL and SSO login services and has the following features.
• Both the domain authentication and local device authentication login services can be used.
• There is no need to have a separate SA server.
• Login is not via SA, so SSO-H refers directly to DNS for authentication.
• Kerberos and NTML protocols are supported.
• The following three authentication methods may be selected from.
Domain authentication
Local device authentication
Domain authentication + local authentication
CAUTION:
• The system configuration is different from previous SSO, so individual management
is required.
• If MEAP is supported, installation into devices prior to SSO-H release is possible.
• Data porting of user information that was being used with the earlier SSO local
device authentication and SDL can be done by exporting/ importing. However,
application settings information cannot be ported.
■ SSO overview
This is a login service that can be operated on the Active Directory environment network
domain and on iR devices. The following user authentication methods can be selected from.
Domain authentication
Local device authentication
Domain authentication + local device authentication
CAUTION:
SSO was pre-installed in earlier released devices, but from iR3245 onward it will only
be provided with the Administrator's CD.
2
Technology > MEAP > Login Service > Authentication methods
■ Authentication methods
Both SSO-H and SSO can use multiple authentication methods, and the user can toggle
between them from a Web browser. (Refer to the MEAP Authentication System Settings
Guide 'User Authentication Method Settings'.)
CAUTION:
The factory shipment setting is 'Domain authentication + local device authentication'.
In order to provide increased security, as soon as SSO is used, it is recommended that
the administrator's user name and password in local device authentication be changed
from the factory shipment settings as soon as possible.
Domain authentication
This is a form of user authentication which operates in collaboration with the domain controller
on the Active Directory environment network and, as soon as the iR device is logged into,
carries out authentication of the domain on the network. In addition to users belonging to
the domain that includes the iR device, users belonging to domains that have a reliable
relationship with the domain (multi-domain) can also be authenticated. The domain name of
the login destination can be selected by the users themselves upon login.
The function makes use of options Net Spot Accountant/ iW Accounting Manager/ iW EMC
Accounting Management Plig-in to enable analysis and management of the iR device usage
status.
Depending on the login service, different protocols are used.
• SSO-H
• Kerberos:LLS/RLS/ILS
• NTLMV2:WLS(Web Service Login Service. WLS can only be used in collaboration
with iW AMS Ver2 AMS printer driver add-in and iWEMC user management plug-in.)
• SSO
• NTLM only
User information acquisition is done by LADP, so the Active Directory LDAP port needs to be
made accessible. If LDAP connection fails, the authentication will end in error.
No. of supported domains: 200 (unchanged from SSO) Site access supported.
2-167
2-167
- Quick Links:
- Error Code
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
