Konica Minolta bizhub C220 User Manual

Au-211p authentication unit user guide for bizhub c220/c280/c360/c452/c552/c652

Hide thumbs Also See for bizhub C220:

User manual (366 pages)

Operation manual (76 pages)

Shortcut manual (28 pages)

Table Of Contents

Table of Contents

Quick Links

Need help?

Do you have a question about the bizhub C220 and is the answer not in the manual?

Questions and answers

Summary of Contents for Konica Minolta bizhub C220

Page 1 Authentication Unit AU-211P User’s Guide...
Page 2: Table Of Contents
Contents Contents Contents ................1 Introduction ............... 3 Safety Information ................4 Getting Started..............7 Product Overview ................. 7 Part names and their functions ............8 Pre-Setting .................... 9 2.3.1 Configuring Network Settings ............9 2.3.2 Registering Active Directory for Authentication ....... 11 2.3.3 Correcting the MFP Time ..............
Page 3 Contents Scan to E-mail (S/MIME) Using PKI Card ........36 3.5.1 Overview ..................36 3.5.2 Related Settings ................37 3.5.3 Encrypting an E-Mail and Adding a Digital Signature ..... 39 PKI Card Print ..................40 3.6.1 Overview ..................40 3.6.2 Installing the Printer Driver ..............
Page 4: Introduction
Introduction Introduction Thank you for choosing this device. This User’s Guide provides descriptions of the operating procedures and precautions for using Authentication Unit (IC Card Type) AU-211P. Carefully read this User’s Guide before using this device. The actual screens that appear may be slightly different from the screen images used in this User’s Guide.
Page 5: Safety Information
Introduction Safety Information Carefully read this information, and then store it in a safe place. - Before using this device, carefully read this information and follow it to operate the device correctly. - After reading this information, store it in the designated holder with the warranty.
Page 6 Introduction Regulation notices USER INSTRUCTIONS FCC PART 15 - RADIO FREQUENCY DEVICES (For U.S.A. Users) FCC: Declaration of Conformity Product Type Authentication Unit (IC Card Type) Product Name AU-211P (This device complies with Part 15 of the FCC Rules.) Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of this device.
Page 7 Introduction INTERFERENCE-CAUSING EQUIPMENT STANDARD (ICES-003 ISSUE 4) (For Canada Users) (This device complies with RSS-Gen of IC Rules.) Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of this device.
Page 8: Getting Started
Getting Started Getting Started Product Overview This product is a PKI card authentication unit that scans a PKI card (CAC or PIV card) to perform personal authentication. Connecting this unit enables you to run a PKI card authentication system (hereinafter referred to as "this system") that uses the PKI card authentication unit on the MFP.
Page 9: Part Names And Their Functions
Getting Started Part names and their functions No. Part name Description Card inlet Used to insert the PKI card. LED lamp Turns green when you log in using the PKI card. Blinks green while authentication. USB cable Used for connecting this device to the multifunctional product.
Page 10: Pre-Setting
Getting Started Pre-Setting To use this system, pre-configure the following settings on the MFP. - Configuring network settings (page 9) - Registering Active Directory for authentication (page 11) - Correcting the MFP time (page 12) - Registering the DNS server associated with Active Directory (page 13) - Specifying the PIV transitional mode (page 14) - Configuring settings for verifying the Active Directory certificate...
Page 11: Ipv6 Settings
Getting Started Item Description Subnet Mask When directly entering the IP address, specify the subnet mask for the connected network. Default Gateway When directly entering the IP address, specify the default gateway for the connected network. IPv6 Settings Note These settings are required when using the MFP in an IPv6 environment. Item Description ON/OFF...
Page 12: Registering Active Directory For Authentication
Getting Started Item Description Search Domain Name Select whether to automatically retrieve the search Auto Retrieval domain name. This item is available when using DHCPv6. Default DNS Domain Specify the domain name that the MFP is connected to Name (up to 255 bytes with the host name). DNS Search Domain Specify the DNS search domain name (up to 253 bytes).
Page 13: Correcting The Mfp Time
Getting Started 2.3.3 Correcting the MFP Time You cannot log into Active Directory if the MFP system time is extremely different between the MFP and Active Directory. Correct the MFP time so it matches the Active Directory time with the system time. Time Adjustment Setting On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [Network Settings] - [Forward] - [Detail Settings] -...
Page 14: Registering The Dns Server Associated With Active Directory
Getting Started 2.3.4 Registering the DNS Server Associated with Active Directory Register the DNS server associated with Active Directory in the MFP. DNS Server Settings (IPv4) On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [Network Settings] - [TCP/IP Settings] - [DNS Server Settings (IPv4)].
Page 15: Specifying The Piv Transitional Mode
Getting Started Item Description DNS Server Auto Obtain Select whether to automatically obtain the DNS server address. This item is available when using DHCPv6. Priority DNS Server Specify the IPv6 address of the priority DNS server associated with Active Directory. Secondary DNS Server 1 Specify the IPv6 address of the secondary DNS server and 2...
Page 16: Configuring Settings For Verifying The Active Directory Certificate
Getting Started Item Description PIV Transitional Mode Select PIV or CAC as the PIV transitional mode. 2.3.6 Configuring Settings for Verifying the Active Directory Certificate Configure the certificate verification settings to verify the Active Directory certificate when communicating with Active Directory. Certificate Verification Setting On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [User Authentication/Account Track] - [Certificate...
Page 17 Getting Started Certificate Verification Settings In the PageScope Web Connection administrator mode, select [Security], and then [Certificate Verification Settings]. Note For details on how to use PageScope Web Connection, refer to the User's Guide [Network Administrator] supplied together with the MFP. Item Description Certificate Verification...
Page 18 Getting Started Item Description Proxy Server Port Enter the port number for the proxy server. Number User Name Enter the user name to log in to the proxy server (up to 63 characters). Password Enter the password to log in to the proxy server (up to 63 characters).
Page 19 Getting Started External Certificate Setting In the PageScope Web Connection administrator mode, select Security and then PKI Settings External Certificate Setting Detail • To check the root signature in Certificate Verification, register the external certificate you want to view when checking the root signature as necessary.
Page 20 Getting Started <New Registration> Item Description File Click [Browse] in the Import Certificates (PEM/DER) screen, and specify a new external certificate to be registered. • If [Trusted CA Root Certificate] is selected, register the root certificate from the CA (Certificate Authority). •...
Page 21: Operation Settings
Getting Started Operation Settings When operating this system, configure the following settings to ensure a higher level of security. Disabling the OpenAPI function To associate the MFP with PageScope Authentication Manager, register the MFP in the initial setting of PageScope Authentication Manager, and disable the OpenAPI function of the MFP in the disable state.
Page 22: How To Use The Authentication Unit
How to Use the Authentication Unit How to Use the Authentication Unit This chapter explains how to log in and log out using this unit and also describes the functions for use with this system. Note The following explains the procedures applicable in the normal display mode.
Page 23 How to Use the Authentication Unit Detail • If you insert a PKI card into the unit while logged in as a public user, you will be logged out as a public user and the PIN code entry screen appears. However, even if logged in as a public user, you will not be logged out by inserting a PKI card during operations, when warnings occur, or when a screen that you cannot log out by pressing the [ID] key on the control panel is displayed.
Page 24: Logout
How to Use the Authentication Unit Detail When Account Track is enabled, use the PKI card to perform user authentication before account authentication. When Account Track is enabled on the MFP that supports this system, user authentication is forcibly associated with account authentication.(No entry is required for account track authentication after the first time.) 3.1.2 Logout...
Page 25: Functions Using The Pki Card Authentication System
How to Use the Authentication Unit Functions Using the PKI Card Authentication System This section explains the functions using the PKI card authentication system. Function Description Address Search Logs into the LDAP server using the Kerberos p. 25 (LDAP) using PKI authentication ticket that is obtained by Active card Directory authentication with the PKI card when...
Page 26: Address Search (Ldap) Using Pki Card
How to Use the Authentication Unit Address Search (LDAP) Using PKI Card 3.3.1 Overview This function logs in to the LDAP server using the Kerberos authentication ticket that is obtained by Active Directory authentication with the PKI card when searching for the destination via the LDAP server. If a Kerberos authentication ticket is used to authenticate the LDAP server, the user can use the LDAP server securely without making the password public on the network.
Page 27: Related Settings
How to Use the Authentication Unit 3.3.2 Related Settings This section explains how to configure the address search (LDAP) settings on the MFP that supports this system. Enabling LDAP Configure settings to use the LDAP server. On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [Network Settings] - [LDAP Settings] - [Enabling LDAP].
Page 28 How to Use the Authentication Unit Item Description LDAP Server Name Specify the LDAP server name (up to 32 characters). Max. Search Results Enter the maximum number of items that can be received as address search (LDAP) results. Timeout Specify the timeout period for address search (LDAP). Initial Setting for Search Specify address search (LDAP) conditions.
Page 29: Handling Address Search (Ldap)
How to Use the Authentication Unit Item Description Authentication Type Select the authentication method to connect to the LDAP server. When connecting to the LDAP server using the Kerberos authentication method, select [GSS- SPNEGO]. Then specify the domain name of the Active Directory in [Domain Name].
Page 30 How to Use the Authentication Unit When multiple LDAP servers are registered Select the LDAP server to be the target for LDAP search. – Multiple LDAP servers can be selected. Press [OK]. Perform authentication using the Kerberos authentication ticket, and connect to the LDAP server.
Page 31 How to Use the Authentication Unit Note For details on the address search (LDAP) function, refer to the User's Guide [Network Scan/Fax/Network Fax Operations] supplied together with the MFP. AU-211P...
Page 32: Smb Tx Using Pki Card
How to Use the Authentication Unit SMB TX Using PKI Card 3.4.1 Overview This function logs into the destination computer using the Kerberos authentication ticket that is obtained by Active Directory authentication with the PKI card when sending scanned data via SMB. If the Kerberos authentication ticket is used for authentication in the destination computer, the user can carry out SMB TX securely without making the password public on the network.
Page 33: Related Settings
How to Use the Authentication Unit 3.4.2 Related Settings This section explains how to configure the SMB TX settings on the MFP that supports this system. Client Settings Configure the setting to perform SMB TX. On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [Network Settings] - [SMB Settings] - [Client Settings].
Page 34 How to Use the Authentication Unit Item Description Password Authentication For authentication with the PKI card, this system uses Restriction the Kerberos authentication ticket that is obtained from Active Directory with the Kerberos authentication when performing SMB TX. In this item, select the operation required when authentication has failed using the Kerberos authentication ticket.
Page 35: Using Smb Tx
How to Use the Authentication Unit 3.4.3 Using SMB TX SMB TX Use the Fax/Scan screen on the MFP control panel to specify the target SMB address. When SMB TX starts, you can use the Kerberos authentication ticket to log into the destination computer and save scanned data in a shared holder.
Page 36 How to Use the Authentication Unit Searching for SMB address If [Reference] is pressed to register or specify the SMB address, the system searches for computers on the Windows network to enable you to register or specify the desired one as a destination. If a PKI card is used to log in to the MFP, log in to the searched computer using the Kerberos authentication ticket to register or specify it as a destination.
Page 37: Scan To E-Mail (S/Mime) Using Pki Card
How to Use the Authentication Unit Scan to E-mail (S/MIME) Using PKI Card 3.5.1 Overview This function uses the PKI card to add a digital signature when sending an e-mail. Sending an e-mail with a digital signature enables you to prove you are the e-mail sender.
Page 38: Related Settings
How to Use the Authentication Unit 3.5.2 Related Settings This section explains how to configure settings to encrypt an e-mail or add a digital signature on the MFP that supports this system. S/MIME Communication Settings Configure settings to encrypt an e-mail and add a digital signature. On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [Network Settings] - [E-Mail Settings] - [S/MIME Communication Settings].
Page 39 How to Use the Authentication Unit Item Description Certificate Verification To verify the server certificate, configure settings to Level Settings verify the certificate. [Expiration Date]: Select whether to check that the server certificate is within the validity period. [Key Usage]: Select whether to check that the server certificate is used according to the purpose approved by the issuer.
Page 40: Encrypting An E-Mail And Adding A Digital Signature
How to Use the Authentication Unit 3.5.3 Encrypting an E-Mail and Adding a Digital Signature Display the Fax/Scan screen on the MFP control panel, and press [Communication Settings]. - To encrypt an e-mail, press [E-Mail Encryption]. - If [Select when sending] is selected to add a digital signature, press [Digital Signature].
Page 41: Pki Card Print
How to Use the Authentication Unit PKI Card Print 3.6.1 Overview This function encrypts print data using the PKI card before sending the data from the printer driver to the MFP. The print data is saved in the PKI Encrypted Document User Box of the MFP, and the same user can perform authentication at the MFP with the PKI card to decrypt and print the data.
Page 42: Installing The Printer Driver
How to Use the Authentication Unit 3.6.2 Installing the Printer Driver To use PKI Card Print, install a printer driver compatible with this system in the computer. Required System Environment The printer drivers are available in the following environment. Type Page Supported Operating System description...
Page 43 How to Use the Authentication Unit Type Page Supported Operating System description language PS driver PostScript 3 Windows 2000 Professional (SP4 or later) Emulation Windows XP Home Edition (SP1 or later) Windows XP Professional (SP1 or later) Windows XP Professional x64 Edition Windows Vista Home Basic * Windows Vista Home Premium * Windows Vista Business *...
Page 44 How to Use the Authentication Unit Installing the printer driver The installer enables you to easily install the printer driver by following the instructions displayed on the pages. Note Administrator authority is required to install the printer driver on your computer.
Page 45: Specifying The Print Data Deletion Time
How to Use the Authentication Unit 3.6.3 Specifying the Print Data Deletion Time The data encrypted with the PKI card is deleted from the PKI Encrypted Document User Box of the MFP after saved in the User Box and printed on the MFP.
Page 46: Handling Pki Card Print
How to Use the Authentication Unit 3.6.4 Handling PKI Card Print The following explains how to handle PKI Card Print. Sending print data (Printer driver setting) Use the following steps to configure the printer driver setting when encrypting print data using the PKI card and sending it to the MFP. Click [Print] in the menu of the application software.
Page 47 How to Use the Authentication Unit – When using Account Track, you do not need to enter department information using the printer driver. If device information is auto- matically obtained using the printer driver, Account Track is disa- bled. Under [Output Method], select [PKI Card Print], and click [OK]. Send print data.
Page 48 How to Use the Authentication Unit Detail • If the MFP is associated with PageScope Authentication Manager, and the user is not registered in PageScope Authentication Manager or the user has no print privileges, an authentication failure will occur, and the print job will be discarded.
Page 49 How to Use the Authentication Unit MFP printing The following explains how to print data on the MFP. The MFP provides two printing methods: (1) printing data simultaneously with authentication and (2) selecting and printing data in the PKI Encrypted Document User Box after authentication.
Page 50 How to Use the Authentication Unit Detail If necessary, this function also prints data in the ID & Print User Box. For details on ID & Print, refer to the User's Guide [Print Operations] supplied together with the MFP. <Selecting and printing data in the PKI Encrypted Document User Box > Press [Access], and insert the PKI card into the authentication unit attached to the MFP.
Page 51: Scan To Me
How to Use the Authentication Unit Scan To Me 3.7.1 Overview Scan To Me is a function that sends scanned data to the user's e-mail address. This function is useful when frequently sending scanned data to the user's address. Using this function, the user can obtain the authenticated user's e-mail address using the LDAP protocol to easily send data to the obtained address.
Page 52 How to Use the Authentication Unit Active Directory PKI Card PKI Card E-mail Send to the user’s address (1) Insert the PKI card into the MFP to perform Active Directory authentication. (2) Obtain the user's e-mail address. (3) Send the e-mail to the user's e-mail address. If necessary, the user can use the PKI card to encrypt an e-mail or add a digital signature.
Page 53: Before Using Scan To Me
How to Use the Authentication Unit 3.7.2 Before Using Scan To Me Restrictions The following restrictions are applied for use of the Scan to Me function. - The user cannot directly enter the address using e-mail TX, FTP TX, SMB TX, WebDAV TX, or Save in User Box. - The user cannot use Annotation User Box.
Page 54: Handling Scan To Me
How to Use the Authentication Unit 3.7.4 Handling Scan To Me The following explains how to handle Scan To Me on the MFP. Detail • If the correct settings are configured to use Scan To Me, [Me] appears on the Fax/Scan screen to send data to the user's e-mail address. •...
Page 55: Scan To Home
How to Use the Authentication Unit Scan To Home 3.8.1 Overview Scan To Home is a function that sends scanned data to the user's computer. This function is effective when frequently sending scanned data to the user's address. The user can obtain the position of the user's Home folder from Active Directory, and easily send data to the user's Home folder.
Page 56: Before Using Scan To Home
How to Use the Authentication Unit 3.8.2 Before Using Scan To Home Restrictions The following restrictions are applied for use of the Scan to Home function. - The user cannot directly enter the address using E-mail TX, FTP TX, SMB TX, WebDAV TX, or Save in User Box. - The user cannot use Annotation User Box.
Page 57: Related Settings
How to Use the Authentication Unit 3.8.3 Related Settings The following explains the settings required to use the Scan To Home function. Obtaining the Home folder position Configure the setting to enable the user to obtain the position of the user's Home folder from Active Directory.
Page 58: Using Scan To Home
How to Use the Authentication Unit 3.8.4 Using Scan To Home The following explains how to use Scan To Home on the MFP. Detail If the correct settings are configured to use Scan To Home, [Home] appears on the Fax/Scan screen to send data to the user's Home folder. Press the [Fax/Scan] key on the control panel.
Page 59: Added Or Changed Setting Information
Added or Changed Setting Information Added or Changed Setting Information The MFP that supports this system provides some settings added or changed from an ordinary MFP model. This chapter shows a list of the added or changed setting items for each category. Note For the settings of an ordinary MFP model, refer to the User's Guide supplied together with the MFP.
Page 60: Administrator Settings
Added or Changed Setting Information Administrator Settings 4.2.1 System Settings User Box Settings Item Description PKI Encrypted Document Allows the user to specify the time required to delete a Delete Time Setting PKI encrypted document. For details, refer to "Specifying the Print Data Deletion Time"...
Page 61: Network Settings
Added or Changed Setting Information 4.2.3 Network Settings FTP Settings Item Description FTP Server Settings The default is [OFF]. SMB Settings Item Description Client Settings [NTLM Settings] has been changed to [SMB Authentication Setting]. [Password Authentication Restriction] has been added. For details, refer to "Client Settings"...
Page 62: Security Settings
Added or Changed Setting Information WebDAV Settings Item Description WebDAV Server Settings This function is not supported. 4.2.4 Security Settings Security Details Item Description Password Rules This function is not supported. Prohibited Functions The default is [Mode 2]. when Authentication Error Confidential Document The default is [Mode 2].
Page 63: Appendix
Appendix Appendix Product Specifications Product name Authentication unit (PKI-IC card type) AU-211P Dimensions 70 mm (L) × 70 mm (W) × 10 mm (H) Weight 60 g Power supply USB bus power Range of 0 to 50°C operating temperature Interface Full speed USB (12 Mbps) Connector shape USB A type connector...
Page 64: Troubleshooting
Appendix Troubleshooting If an error occurs during running, refer to the following. Status Point to be checked Action Failed to Did you enter the correct PIN Check the PIN code, and enter the login. code? correct one. Cannot login. Is the PKI card locked? If the number of authentication failures reaches a specific limit, the PKI card will be locked to prevent...

This manual is also suitable for:

Bizhub c280 Bizhub c360 Bizhub c452 Bizhub c552 Bizhub c652 Au-211p

Konica Minolta bizhub C220 User Manual

Contents

1 Introduction

2 Getting Started

3 How to Use the Authentication Unit

4 Added or Changed Setting Information

5 Appendix