Section 2 — Device Security
When the Access Management System has been enabled, users must log in to the device using SSO user
authentication. Access Management System supports authentication through local device authentication as
well as Active Directory using SSO-H*, which includes support for Kerberos Authentication. Once a user
logs into the device with their user name and password, the device can determine which roles are assigned
to that particular user. Restrictions are applied based on the assigned roles. If an entire function is
restricted, it will appear grayed out to the user after authentication.
Function Level Authentication
Canon imageRUNNER ADVANCE systems offer the ability to limit the use of specific functions by
authorized users by requiring authentication to use sensitive functions with Function Level Authentication.
Function Level Authentication is a part of Access Management System and works with SSO-H for
authentication. It enables administrators to choose precisely which functions are permitted by walk-up and
network users without entering credentials versus the ones that require a user to login. For example,
administrators may choose to allow all users to make black-and-white copies while prompting users to
login if they choose to output color or use the Scan and Send function.
Scan and Send Security
On devices that have Scan and Send enabled, certain information such as fax numbers and e-mail addresses
may be considered confidential and sensitive. For these devices, there are additional security features to
prevent confidential information from being accessed.
Address Book Password
Administrative and individual passwords can be set for Address Book Management functions. A
system administrator can define the specific Address Book data that can be viewed by users,
effectively masking private details. This password may be set separately so individuals other than
the System Manager can administer the Address Book.
By setting a password for an Address Book, the ability to Store, Edit, or Erase individual and
group e-mail addresses in the Address Book is restricted. Therefore, only individuals with the
correct password for an Address Book will be able to make modifications.
This same password is also used for the Address Book Import/Export function through the Remote
* Requires imageWARE Enterprise Management Console and the Access Management System Plug-In when authenticating through
Address Book Password Screen
Address Book Access Code Enable/Disable Screen
White Paper: Canon imageRUNNER ADVANCE Security