Contents Introduction What is Authentication Manager? ............ 1-1 General setup operation..............1-2 1.2.1 Server settings ................1-2 1.2.2 Setting up the device ..............1-2 Basic operations Logging on to Enterprise Suite ............2-1 Basic operations ................2-2 2.2.1 Top Menu page ................2-2 2.2.2 Pages for the functions ..............
Page 3
3.1.15 Importing from an external server ..........3-23 Selecting an external server ............3-23 Specifying user search conditions and acquired information ..3-24 Selecting a user ................3-25 3.1.16 Checking the import result ............3-28 3.1.17 Deleting a user according to the external server ......3-29 Selecting an external server ............
Page 4
3.5.1 Registering and editing function permission templates ....3-59 Registering templates..............3-59 Editing templates................3-61 3.5.2 Deleting function permission templates ........3-61 Specifying a function permission ........... 3-63 3.6.1 Basic Settings (By User) ............... 3-63 3.6.2 Advanced settings (By Device) ............. 3-65 3.6.3 Function permission operations ...........
Page 5
3.11.3 SSFC Authentication Settings ............ 3-105 3.11.4 Specifying a list (User name) ............3-106 Displaying a user template on the device panel......3-107 Displaying login history on the device panel ......3-108 3.11.5 Specifying a list (Account name) ..........3-108 Displaying an account track template on the device panel ..
Page 6
3.18 Specifying an administrator ............3-133 3.18.1 Specifying the administrator ............3-133 3.18.2 Adding an administrator ............. 3-134 3.18.3 Deleting an administrator ............3-135 3.19 Specifying a group manager ............3-136 3.19.1 Adding a group manager ............3-137 3.19.2 Deleting a group manager ............3-138 3.20 Version ....................
Page 7
Setting by Purpose Performing device authentication using Authentication Manager ..............4-1 Performing device authentication........... 4-1 Restricting available device functions by user group or user ..4-2 Restricting device functions ............4-2 Switching available functions between devices in the account track to which a user belongs and devices in other account tracks ..............
About this product Authentication Manager is a utility for centrally managing devices, such as multifunctional peripherals, on the network. When used in a Web browser, Authentication Manager can manage accounts, users and external servers used by the network devices, total copies and prints, and apply specified function limitations.
Page 9
Manager KONICA MINOLTA PageScope Authentication Man- Authentication Manager ager KONICA MINOLTA PageScope Account Manager Account Manager KONICA MINOLTA Registration Tool for User Au- Registration Tool for User Authen- thentication tication KONICA MINOLTA Gateway for Biometric Authenti- Gateway for Biometric Authenti-...
Trademarks and registered trademarks Trademark acknowledgements KONICA MINOLTA and KONICA MINOLTA logo are registered trademarks or trademarks of KONICA MINOLTA HOLDINGS, INC. PageScope and bizhub are registered trademarks or trademarks of KONICA MINOLTA BUSINESS TECHNOLOGIES, INC. Microsoft, Windows, Active Directory and Excel are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Introduction Introduction What is Authentication Manager? Accounts, users and external servers used by the network devices can be managed, and copies and printouts can be totaled. In addition, permissions can be applied to the functions available to users by registering function permission templates and configuring settings.
Introduction General setup operation In order to use Authentication Manager, configure settings in the following order. 1.2.1 Server settings Log on to Enterprise Suite as a system administrator, and then specify settings for the following. The following settings are necessary to enable Authentication Manager.
Basic operations Basic operations This chapter provides details on logging on to Enterprise Suite. Logging on to Enterprise Suite For details on logging on to the Enterprise Suite server, refer to the "Device Manager User's Guide". Authentication Manager...
Basic operations Basic operations The basic operation of Authentication Manager is described below. 2.2.1 Top Menu page Function Description Device List Register and manage devices. For details, refer to the "De- vice Manager User's Guide". Authentication Manager Manage accounts, users, and external servers used by the network devices, and add up values on copies and print- outs.
Basic operations 2.2.2 Pages for the functions Function Description Login user name Displays the name of the user who has logged in. Logout Click this button to log off of Enterprise Suite server and display the Login page. Go to Top Menu Click this button to display the top page of Enterprise Suite.
Page 16
Basic operations Function Description Click this button to display the page for the item one level higher in the menu. Note The "Back" button of the Web browser cannot be used. Click this button to update the information on the current page.
Authentication Manager Authentication Manager User List 3.1.1 Available operations in the User List page From the User List page, settings can be specified with the following. Function Details [Register User] button Click this button to register a new user. [Edit User] button Click this button to edit the information for a registered us- [Delete User] button Click this button to delete a registered user.
Authentication Manager 3.1.2 Viewing the user list The list of registered users can be viewed. From the [User Group] drop-down list, select the user group to be displayed. – To display all users, select "All Users". – If master and subordinate relationships are specified in the group, select the [All subgroups] check box of [Display Details] to display all users, including those in subordinate groups.
Authentication Manager Function Description The user is deleted via an external server. User Name Displays the user name. User Group Name Displays the name of the group to belong to. Description Displays the description of the user. External Server Name Displays the name of the registered external server.
Authentication Manager - External Server Name - Account Name - E-mail Address - Home - Maximum Number of Box - Apply Level - Biometric Unit No. Reminder - The user name must be displayed. - "Biometric Unit No." is displayed when the license for Gateway for Biometric Authentication Manager is registered.
Page 21
Authentication Manager Function Details External Server Name If user authentication is performed by using an external server, select the appropriate external server from the drop-down list. Password Specify the password necessary for logging on to Enter- prise Suite and the device. For confirmation, type in the password again.
Page 22
Authentication Manager Note - The external server name must first be specified. For details, refer to "Specifying an external server" on page 3-89. - Special single-byte characters (for example, single-byte katakana characters) are treated as double-byte characters. - We do not recommend that names (such as Public, BoxAdmin or Admin), which can be used by devices, be registered as Authentication Manager users.
Authentication Manager 3.1.5 Editing user information The information for registered users can be viewed and edited. Specify the settings for the user information to be edited, and then click the [Apply] button. – To clear the entered information, click the [Clear] button. –...
Authentication Manager Function Details Home Specify the address of the SMB server that is normally used by the user. Max. No. of Use Boxes Specify the maximum number of use boxes that can be created by the user. • To manage the upper limit on the number of boxes, se- lect [ON] from the drop-down list, and then type in the upper limit (0 to 3000) in the text box.
Authentication Manager Check the message that appears, and then click the [OK] button to delete the template. The user is deleted. 3.1.8 Importing data Click this button to import user information. Data can be imported using one of the following options. Function Details Import from file...
Authentication Manager 3.1.9 Importing from a file Select this option to import user information or user group data already saved in a file and register user information. Specify settings for the following parameters when importing. Note - To save data, set the file format to the readable one with Enterprise Suite.
Authentication Manager Note Specifying incorrect information in "Password"" may import incorrect information. Reminder Clicking the [Start Import] button displays a confirmation message. If a deletion file has been imported, the corresponding users are deleted. Because deleted users cannot be restored, check the contents to be deleted carefully and click the [OK] button.
Page 28
Authentication Manager Reminder The following shows the file formats that are available for importing data. - Excel 97 to Excel 2003 book formats (.xls) - Excel book format (Office Excel 2007 or later) (.xlsx) - XML spreadsheet format (XML format importable with Excel) (.xml) - Text (tab-delimited) format (.txt) - CSV (comma-delimited) format (.csv) - Binary format (system file) (.bin)
Page 29
Authentication Manager Function Details quir ##DispName Enter item titles to be displayed in a page. Type in "## Dis- pName", "User Group Name", "User Name", "Description", "External Server Name", "Password", "Synchronize or not when Account Name is being authenticated", "Account Name", "E-mail Address", "Home", "Maximum Number of Box", "Apply Levels to Destinations", "Card Type 1", "Card ID 1", "Card Type 2", "Card ID 2", "Card Type 3", "Card ID...
Page 30
Authentication Manager Function Details quir Synchronize or not Type in "1" to synchronize the user and account when when Account managing the account. Type in "0" when you do not syn- Name is being au- chronize them. thenticated Account Name Type in the account name to synchronize with the user.
Authentication Manager 3.1.11 Creating a deletion file A user deletion file can be created in a spreadsheet application. Open the data in a spreadsheet application. Create data, and then save it as a new file. – To save data, set the file format to the readable one with Enterprise Suite.
Authentication Manager 3.1.12 Checking the import result The results of the import operation can be viewed. Check the details, and then click the [OK] button. <Import Result [User]> Function Details Result Displays whether the registration operation was success- fully completed from importing. The result is indicated as follows.
Page 33
Authentication Manager Function Details Account Name Displays the account track information of the user. If you do not synchronize the user and account when managing the account, "Do Not Synchronize" is displayed. When you synchronize them, the account name is displayed if the name of the account that the user belongs to is specified.
Authentication Manager <Import Result [Delete User]> Function Details Result Displays the deletion result. "Deletion has completed.": Ap- pears when the deletion was normally completed. "Error": Appears when the entered data is inappropriate and cannot be deleted. User Name Displays the user name. 3.1.13 Importing from a device Select this option to import user information from a specified device.
Page 35
Authentication Manager Click the [Display] button. A list of devices registered in the selected group appears. Select a device to be imported, and then click the [Execute] button. Try to connect to the device. If the connection is established successfully, the Select User page appears. Reminder If the connection fails, check the following again.
Authentication Manager Selecting a user to be imported A list of user information registered in the specified devices appears. Select the user to be imported to start importing. Specify settings for the following parameters when importing. Function Details Search Condition Specify the condition to narrow down users to be displayed in the list.
Authentication Manager Reminder - To select all users in the list, click the [Select All] button. - For details on the result page, refer to "Checking the import result" on page 3-21. 3.1.14 Checking the import result The results of the import operation can be viewed. Check the details, and then click the [OK] button.
Page 38
Authentication Manager Function Details Password Displays the password. The password is indicated using eight * (asterisks). Account Name Displays the account track information of the user. If you do not synchronize the user and account when managing the account, "Do Not Synchronize" is displayed. When you synchronize them, the account name is displayed if the name of the account that the user belongs to is specified.
Authentication Manager 3.1.15 Importing from an external server Selecting an external server Select an external server, and then click the [Next] button. Note User information cannot be imported from NTLM or the Novell NDS server. The following items are displayed in the external server list. Function Details External Server Name...
Authentication Manager Specifying user search conditions and acquired information Specify settings for the following parameters when importing. Available settings vary depending on the type of external server selected. Function Details Search base Displays the search base specified for "External Server Settings".
Authentication Manager Function Details Distinguished Name Type in the attribute to obtain the distinguished name of the user from the external server. Reminder The value typed in for "Distinguished Name" is used for obtaining the default value for the user group when importing.
Page 42
Authentication Manager From the user list, select the check box for the user to be imported. From the [User Group Name] drop-down list, select the user group to which the user is registered. – The drop-down list displays the configuration name obtained from the external server and the user group registered in Authentication Manager.
Page 43
Authentication Manager Reminder - To select all users in the list, click the [Select All] button. Reminder <When "Do not import." is selected in Organization Unit (OU)> - When "Distinguished Name" is typed in for "Specifying user search conditions and acquired information" on page 3-24, the configuration name one level higher where the user information is saved is displayed.
Authentication Manager 3.1.16 Checking the import result The results of the import operation can be viewed. Check the details, and then click the [OK] button. <Import Result [User]> Function Details Result Displays whether the registration operation was success- fully completed from importing. User Name Displays the user name.
Authentication Manager 3.1.17 Deleting a user according to the external server Select this option to check for users deleted from the external server, and delete the relevant user information from the user list. Users cannot be deleted from NTLM or the Novell NDS server according to the external server.
Authentication Manager Check the message that appears, and then click the [OK] button to delete the template. Reminder To select all users in the list, click the [Select All] button. 3.1.18 Exporting data The user information and user group information can be exported to a file. Information can also be registered by temporarily saving the registered information or adding user information in the correct format, then importing Specify settings for the following parameters when exporting.
Page 47
Authentication Manager – To clear the entered information, click the [Clear] button. Click the [Start Export] button. In the File Download dialog box, click the [Save] button. Specify the location where the file is to be saved, and then click the [Save] button.
Authentication Manager 3.1.19 Editing an exported file Editing an exported file The exported file can be edited and saved in a spreadsheet application. Reminder To edit and save an XML file in a spreadsheet application, specify the file type to "XML Spreadsheet", and then save it. For the procedure to edit a tab-delimited text file (.txt) or a comma- delimited CSV file (.csv) in a spreadsheet application, see "Editing a text or CSV file".
Page 49
Authentication Manager Specify a data format of the column after data is delimited, and then click the [Finish] button. – Click on the column displayed on the previewed data, and then change the data format of the column to "Character String". –...
Authentication Manager User Counter The counter totals for each user can be displayed. Reminder When logged on as a group manager, only information for users registered in the managed groups can be totaled. For details on group manager settings, refer to "Specifying a group manager" on page 3-136. 3.2.1 Displaying the device list From the [Device Group] drop-down list, select the device group to be...
Authentication Manager 3.2.2 Selecting a specific device Select the device whose data is to be totaled, and then click the [Go to the User Counter Result dialog.] button. 3.2.3 Displaying counter totals Click this button to display the counter totals. Settings for the following parameters can be specified.
Authentication Manager Click the [Counter Display] button. – A list of counter totals appears for the users registered in the selected group. Reminder For details on the items that can be displayed in the counter totals, refer to "Specifying display settings for the counter list" on page 3-36. 3.2.4 Specifying display settings for the counter list Select the items to be displayed in the counter totals.
Page 53
Authentication Manager Select the check box for the items to be displayed in the counter totals, and then click the [Apply] button. – To clear the selected information, click the [Clear] button. Authentication Manager 3-37...
Authentication Manager Account Track List 3.3.1 Available operations in the Account Track List page From the Account Track List page, settings can be specified with the following. Function Details Search Condition Specify the condition to narrow down account tracks to be displayed in the list.
Authentication Manager 3.3.2 Displaying the account track list The list of registered account tracks can be viewed. From the [Account Group] drop-down list, select the account group to be displayed. – To display all account tracks, select "All Accounts". – If master/subordinate relationships are specified in the group, select the [All subgroups] check box in [Display Details] to display all account tracks, including those in subordinate groups.
Authentication Manager 3.3.3 Registering a new account A new account can be registered. The following information is required for registration. Function Details Account Group Name Select the account group to belong to. Account Name Type in an account name. Description Type in a description of the account.
Authentication Manager 3.3.5 Deleting an account The selected account track information can be deleted. In the Account Track List page, select an account track to be deleted, and then click the [Delete] button. Check the message that appears, and then click the [OK] button to delete the template.
Page 58
Authentication Manager Reminder The following shows the file formats that are available for importing data. - Excel 97 to Excel 2003 book formats (.xls) - Excel book format (Office Excel 2007 or later) (.xlsx) - XML spreadsheet format (XML format importable with Excel) (.xml) - Text (tab-delimited) format (.txt) - CSV (comma-delimited) format (.csv) - Binary format (system file) (.bin)
Authentication Manager Note - Specifying incorrect information in "Password" may import incorrect information. - Clicking the [Start Import] button displays a confirmation message. - When a deletion file has been imported, the corresponding account tracks are deleted. Because deleted users cannot be restored, check the contents to be deleted carefully and click the [OK] button.
Page 60
Authentication Manager Reminder The following shows the file formats that are available for importing data. - Excel 97 to Excel 2003 book formats (.xls) - Excel book format (Office Excel 2007 or later) (.xlsx) - XML spreadsheet format (XML format importable with Excel) (.xml) - Text (tab-delimited) format (.txt) - CSV (comma-delimited) format (.csv) - Binary format (system file) (.bin)
Page 61
Authentication Manager Function Details quir ##TableName Indicates the account track data. Type in "##TableName" and "AccountTrackList" to the right of the first column of the first row. ##DispName Enter item titles to be displayed in a page. Type in "##Dis- pName", "Account Group Name", "Account Name", "De- scription", and "Password"...
Page 62
Authentication Manager Function Details quir Password Type in the password for the account. Note All passwords for the file exported using the [Export] button will be shown by "+" (single- byte). To change the password, delete "+", and then type in a new password. If you do not change the password, "+"...
Authentication Manager 3.3.9 Creating a deletion file A file to delete account tracks can be created in a spreadsheet application. Open the data in a spreadsheet application. Create data, and then save it as a new file. – To save data, set the file format to the readable one with Enterprise Suite.
Authentication Manager 3.3.10 Checking the import result The results of the import operation can be viewed. Check the details, and then click the [OK] button. <Import Result [Account Track]> Function Details Result Displays whether the registration operation was success- fully completed from importing. The result is indicated as follows.
Page 65
Authentication Manager <Import Result [Account Group]> Function Details Result Displays whether the registration operation was success- fully completed from importing. The result is shown as follows. • "Registration Completed": Appears when a new regis- tration was normally completed. • "Update": Appears when "Overwrite" is specified for "Operation for Already Existing Account Tracks"...
Authentication Manager <Import Result [Delete Account Track]> Function Details Result Displays the deletion result. "Deletion has completed.": Appears when the deletion was normally completed. "Error": Appears when the entered data is inappropriate and cannot be deleted. Account Name Displays the account name. 3.3.11 Importing from a device Account track information can be imported from a specified device.
Page 67
Authentication Manager Click the [Display] button. A list of devices registered in the selected group appears. Select the import method, and then click the [Execute] button. Try to connect to the device. If the connection is established successfully, the Select Account Track page appears. Reminder If the connection fails, check the following again.
Authentication Manager Selecting the account to be imported A list of account track information registered in the specified devices appears. Select the account track to be imported to start importing. Specify settings for the following parameters when importing. Function Details Operation for Already Existing Ac- If the imported account name already exists, specify count Tracks...
Authentication Manager Reminder To select all accounts in the list, click the [Select All] button. For details on the result page, refer to "Checking the import result" on page 3-53. 3.3.12 Checking the import result The results of the import operation can be viewed. Check the details, and then click the [OK] button.
Authentication Manager Function Details Password Displays the password. The password is indicated using eight * (asterisks). 3.3.13 Exporting data The information for account tracks and account groups can be exported to a file. Information can also be registered by temporarily saving the registered information or adding account track information in the correct format, then importing it.
Page 71
Authentication Manager – To clear the entered information, click the [Clear] button. Click the [Start Export] button. In the File Download dialog box, click the [Save] button. Specify the location where the file is to be saved, and then click the [Save] button.
Authentication Manager Account Track Counter The counter totals for each account can be displayed. Reminder For details on the items that can be displayed in the counter totals, refer to "Specifying display settings for the counter list" on page 3-36. 3.4.1 Displaying counter totals In order to display the counter totals, the following parameters can be...
Page 73
Authentication Manager – To narrow account tracks to be displayed in the list, specify the search condition. Type in the text to be searched for in the text box. Click the [Counter Display] button. A counter totals list of account tracks registered in the selected group appears.
Authentication Manager Specifying a function permission template By using function permission templates, the functions available to users can be permitted. The procedures for registering, editing and deleting function permission templates are described below. For details on assigning function permission templates, refer to "Specifying a function permission" on page 3-63.
Authentication Manager Settings for function permission templates can be specified with the following. Function Details [Register Template] button Click this button to register a function permission template. [Edit Template] button Click this button to edit the information for a registered function permission template.
Page 76
Authentication Manager – To clear the entered information, click the [Clear] button. Reminder The function permissions available below "Function Permission" differ depending on the items selected below "Output Permission". Select the appropriate function permissions below "Function Permission" according to the items selected below "Output Permission". The configuration you set for Web Browser, Print from Bluetooth or USB to User Box will only be applied if the device you are using supports these features.
Authentication Manager Editing templates The information for registered function permission templates can be viewed and edited. Specify the settings for the template information to be edited, and then click the [Apply] button. – To clear the entered information, click the [Clear] button. Reminder - For details on the settings, refer to "Registering templates"...
Page 78
Authentication Manager Reminder A function permission template cannot be deleted if it has been assigned to a user or user group. Authentication Manager 3-62...
Authentication Manager Specifying a function permission The procedure for assigning function permission templates is described below. 3.6.1 Basic Settings (By User) Select a function permission template to be assigned from the template drop-down list. Select a user or user group that is to be configured with the basic settings for function permission from the user or user group list.
Page 80
Authentication Manager Function Details Select (check box) Select the check box of the user or user group to be as- signed the function permission template. Availability Displays the status for assigning a function permission template. If one is assigned, an icon appears. User Group Name/User Name Displays the name of the user group or user.
Authentication Manager Function Details (Manual Destination Input) Allow all entries (Manual Destination Input) Allow entries only for Fax/SIP Fax. Web browser Print from Bluetooth USB to User Box 3.6.2 Advanced settings (By Device) From the user/user group list, select the user or user group to be assigned the function permission template.
Page 82
Authentication Manager Function Details Select (check box) Select the check box of the user or user group to be as- signed the function permission template. Availability Displays the status for assigning a function permission template. If one is assigned, an icon appears. User Group Name/User Name Displays the name of the user group or user.
Page 83
Authentication Manager Function Details Print/Color Print/Black Send/Color Copy Printer Scan User Box Print Scan/Fax TX Save to External Memory (Manual Destination Input) Allow all entries (Manual Destination Input) Allow entries only for Fax/SIP Fax. Web browser Print from Bluetooth USB to User Box Authentication Manager 3-67...
Page 84
Authentication Manager Reminder - "Applied state of permission" displays the status of the basic settings that are currently applied to the user group or user. - Select the desired check box in "Display Details" to narrow down the target to be displayed. - When displaying only a user group, select the "User Group"...
Page 85
Authentication Manager Reminder When logged on as a group manager, only templates registered by the user who is logged on can be selected. For details on group manager settings, refer to "Specifying a group manager" on page 3-136. Function Details Registered Name Displays the registered name for the device.
Authentication Manager Function Details Printer Scan User Box Print Scan/Fax TX Save to External Memory (Manual Destination Input) Allow all entries (Manual Destination Input) Allow entries only for Fax/SIP Fax. Web browser Print from Bluetooth USB to User Box Reminder Advanced settings displays the status that is currently applied to the specified user group or user.
Page 87
Authentication Manager Advanced Settings set to Advanced Settings set to Function permission ap- higher-level group of login login user plied to login user user Template A Template A Template B Template B Template A Template B Templates A and B When based on the basic settings, the following function permissions are assigned to the login user.
Authentication Manager Specifying a user group Groups of registered users can be created. Master/subordinate relationships can be created in the group according to the configuration. Settings for the following parameters can be specified. Function Details [Register Group] button Click this button to register user groups. [Edit Group] button Click this button to edit a registered group.
Page 89
Authentication Manager Function Details Change Parent Group To create master/subordinate relationships in the group, select the parent group. If master/subordinate relationships are not to be created, select "(Root)". To register a new group, click the [Register Group] button. – To edit a group, select the group, and then click the [Edit Group] button.
Authentication Manager Specifying display settings for the group list The items to be displayed or hidden in the group list can be selected. Settings can be specified for the following parameters. - User Group Name - Description - Number of Users Reminder The user group name must be displayed.
Authentication Manager Account Group Settings A group of the registered accounts can be created. The master/subordinate relationships can be created in a group according to organizations. Settings for the following parameters can be specified. Function Details Register Group Click this button to register account groups. Edit Group Click this button to edit a registered group.
Page 92
Authentication Manager To register a new group, click the [Register Group] button. – To edit a group, select the group, and then click the [Edit Group] button. Configure the necessary settings, and then click the [Apply] button. – To clear the entered information, click the [Clear] button. –...
Authentication Manager Specifying display settings for the group list The items to be displayed or hidden in the group list can be selected. Settings can be specified for the following parameters. - Account Group Name - Description - Number of Accounts Reminder The account group name must be displayed.
Authentication Manager Specifying a template User/account track/external server templates can be registered and assigned to a device. Assigning a template displays the list on the device panel, reducing troublesome tasks when logging on to the device. The procedures for registering, editing and deleting the templates are described below.
Authentication Manager 3.9.1 Registering and editing user templates When registering and editing user templates, settings for the following parameters can be specified. Function Details [Register Template] button Click this button to register a user template. [Edit Template] button Click this button to edit a registered user template. [Delete Template] button Click this button to delete a user template.
Authentication Manager – To clear the entered information, click the [Clear] button. Editing user templates The information of the registered user templates can be edited. Settings for the following parameters can be specified. Function Details User Template Name Type in a user template name. Description Type in a description for the user template.
Page 97
Authentication Manager – To clear the entered information, click the [Clear] button. Authentication Manager 3-81...
Authentication Manager 3.9.2 Deleting user templates Click this button to delete a user template. In the User Template List page, select the template to be deleted, and then click the [Delete Template] button. Check the message that appears, and then click the [OK] button to delete the template.
Authentication Manager Registering account track templates A new account track template can be registered. Settings for the following parameters can be specified. Function Details Account Track Template Name Type in the name of the account track template. Description Type in the description of the account track template. Originator Displays the name of the user who is creating the account track template.
Authentication Manager Editing account track templates The information of the registered account track templates can be edited. Settings for the following parameters can be specified. Function Details Account Track Template Name Type in the name of the account track template. Description Type in the description of the account track template.
Authentication Manager 3.9.4 Deleting account track templates An account track template can be deleted. In the Account Track Template List page, select the template to be deleted, and then click the [Delete Template] button. Check the message that appears, and then click the [OK] button to delete the template.
Authentication Manager Registering external server templates Click this button to register a new external server template. Settings for the following parameters can be specified. Function Details External Server Template Name Type in an external server template name. Description Type in a description for the external server template. Originator Displays the name of the user who is creating the external server template.
Authentication Manager Editing external server templates The information registered with an external server template can be edited. Settings for the following parameters can be specified. Function Details External Server Template Name Type in an external server template name. Description Type in a description for the external server template. Originator Displays the name of the user who is creating the external server template.
Authentication Manager 3.9.6 Deleting external server templates An external server template can be deleted. In the External Server Template List page, select the template to be deleted, and then click the [Delete Template] button. Check the message that appears, and then click the [OK] button to delete the template.
Authentication Manager 3.10 Specifying an external server If an external server is used for user authentication, specify the server that will perform the authentication. The registered external servers appear in the external server list. Reminder These settings can be specified by the system administrator or the administrator.
Authentication Manager Function Details Domain Name Displays the domain name of the external server. It is displayed when "Microsoft Active Directory" or "NTLM" is selected for "Server Type". Default NDS Tree Name Displays the name of the NDS tree. It is displayed when "Novell NDS" is selected for "Server Type".
Page 107
Authentication Manager - Automatically synchronizing external server and user information Note - Supported search-related functions are only Microsoft Active Directory and LDAP. - The "User automatic registration" settings are different from the search base settings of "User search condition". If authentication succeeds, users are automatically registered even when they are outside the range specified in Search Base.
Page 108
Authentication Manager – To clear the entered information, click the [Clear] button. <Active Directory Detail Settings> If the "Microsoft Active Directory" is selected for [Server Type], register the following information. Function Details Domain Name Type in the domain name of the external server. Authentication Manager 3-92...
Page 109
Authentication Manager <LDAP Detail Settings> If the "LDAP" is selected for [Server Type], register the following information. Function Details Server Address Type in the address of the external server. Authentication Type Select the authentication type of the external server. realm value Type a realm value required for Digest-MD5.
Page 110
Authentication Manager Function Details Port Number (SSL) Specify the port number to be used for connecting to the external server (SSL/TLS connection). Use Authentication Search Base Specify whether to use authentication search base and dis- and Discovery Attribute for au- covery attribute for authentication account.
Page 111
Authentication Manager <NTLM Detail Settings> If the "NTLM" is selected for [Server Type], register the following information. Function Details Domain Name Type in the domain name of the external server. <Novell NDS Detail Settings> If the "Novell NDS" is selected for [Server Type], register the following information.
Page 112
Authentication Manager <User search conditions> Function Details Account Type in the name of the user connecting to the external server. Password Type in the password of the user connecting to the external server. Search base Type in the search base of the external server. Scope Select a range within which search is performed on the ex- ternal server.
Authentication Manager 3.10.2 Editing a server The information for registered servers can be viewed and edited. Specify the settings for the server information to be edited, and then click the [Apply] button. – To clear the entered information, click the [Clear] button. Reminder For details on the settings, refer to "Registering a new server"...
Authentication Manager 3.11 Managing a specific device Specify whether Authentication Manager performs authentication from the device. If the device is registered to be managed, Authentication Manager performs authentication for the device as an extended authentication server (intermediate authentication server). The settings are as follows. Function Details The number of licenses...
Authentication Manager Reminder - These settings can be specified by the system administrator or the administrator. For details on the administrator settings, refer to "Specifying an administrator" on page 3-133. - Authentication Manager is a non-free application. You need to purchase a license and register it on Enterprise Suite before using.
Page 116
Authentication Manager Function Details IC Card Template Select an IC card information template to be assigned to a device. Default External Server Specify the external server name to be displayed on the de- vice panel as the default when you log on. SSFC Authentication Settings Click [Change Setting] to display the SSFC Authentication Settings screen.
Page 117
Authentication Manager Function Details External Server Name Displays the type of the external server list to be displayed on the device panel. Click the [Configuration (External Server Name)] button to display the List Settings (External Server Name) page. On this page, the device panel display procedure can be spec- ified.
Page 118
Authentication Manager Click the [Display] button. A list of devices registered in the selected group appears. From the device list, select the check box of the device whose setting is to be edited. Click the [Edit] button. The Object Device Setting page appears. Specify the necessary settings, and then click the [Apply] button.
Page 119
Authentication Manager – To clear the entered information, click the [Clear] button. Reminder "Default biometric unit number" and "Biometric System" are displayed when the license for Gateway for Biometric Authentication Manager is registered. A maximum of five languages can be registered with the device. "English" must be selected.
Authentication Manager Note If a personal box is used, a setting that specifies whether or not to allow use by public users should be specified on the device. If this setting is changed using Authentication Manager, all personal boxes will be shared regardless.
Authentication Manager Reminder To select all the functions in the list, click [Select All]. The "Save to External Memory" check box is cleared by default. Select this check box, if necessary. Note This setting applies only to devices that support public users. On devices that do not support public users, you cannot configure the function permission for public users using Authentication Manager.
Authentication Manager Note To confirm the settings specified in the SSFC Authentication Settings screen, click the [Apply] button in the Object Device Setting screen. 3.11.4 Specifying a list (User name) A list of user names to be displayed on the device panel can be specified. The list can be displayed by selecting it from a registered user template or the history of logging on to the device panel can be displayed on the device panel.
Authentication Manager Function Details Sort by Login Displays the user names in order of logging on to the de- vice. Sort by Name Displays the sorted user names. Template Select this item to display the selected user template as a user name list.
Authentication Manager Displaying login history on the device panel Select [History]. Select the order of displaying the history. 3.11.5 Specifying a list (Account name) A list of account names to be displayed on the device panel can be specified. The list can be displayed by selecting it from a registered account track template or the login history to the device panel can be displayed on the device panel.
Authentication Manager Function Details Sort by Login Displays the account names in order of logging on to the device. Sort by Name Displays the sorted account names. Template Select this item to display the selected account track tem- plate as an account name list. Template list Select an account track template to be displayed on the device panel.
Authentication Manager Displaying login history on the device panel Select [History]. Select the order of displaying the history. 3.11.6 Specifying a list (External server name) A list of external server names to be displayed on the device panel can be specified.
Authentication Manager Function Details Sort by Login Displays the external server names in order of logging on to the device. Sort by Name Displays the sorted external server names. Template Select this item to display the selected external server tem- plate as an external server name list.
Authentication Manager Displaying login history on the device panel Select "History" as a list type. Under [History], select the order of displaying the history. 3.11.7 Registering a specific device Specify that authentication from the device is performed with Authentication Manager. Note To register a device to be managed by Authentication Manager, license registration is required.
Page 129
Authentication Manager – Specifying the search condition can narrow down devices to be displayed in the list. Select a column to search from the drop-down list, and then type in the text to be searched for in the text box. Click the [Display] button.
Authentication Manager Function Details Registered Name Displays the registered name for the device. Model Name Displays the model name for the device. Account Track Displays whether or not the account track is managed. Account Password Displays whether or not the account track password is used.
Authentication Manager Click the [Display] button. A list of devices registered in the selected group appears. From the device list, select the check box for the device for which authentication from the device is not performed with Authentication Manager. Click the [Do not manage] button. Reminder For details on the result page after unregistering a specific device, refer to "Checking the result of registering or unregistering a specific device"...
Page 132
Authentication Manager Function Details Result Displays whether the registration or unregistration opera- tion was successfully completed. • "Success": Appears when the registration or unregistra- tion operation was normally completed. • "Error": Appears when the specific device was not suc- cessfully registered or unregistered due to an error in communication with the device.
Authentication Manager 3.12 IC card information This function allows you to enable or disable IC card information registered for a user or edit card information. The name of an IC card can be specified. Settings for the following parameters can be specified. Function Details Search Condition...
Authentication Manager After importing the information, be sure to check the Enable/Disable setting for the IC card. When logged on as a group manager, only information for managed groups and users can be edited or deleted. For details on the group administrator, refer to "Specifying a group manager"...
Authentication Manager 3.12.2 Checking or modifying card information From the [User Group Name] drop-down list, select the user group to be displayed. – To display all users, select "All Users". – If master and subordinate relationships are specified in the group, select the [All subgroups] check box of [Display Details].
Authentication Manager 3.12.3 Specifying an IC card name In the IC Card Information page, click the [IC Card Name Setting] button. Type in each IC card name (IC card 1, IC card 2, or IC card 3), and then click the [Apply] button. –...
Authentication Manager 3.13 IC Card Authentication Setting The IC card self-registration function is a secure and safe method to reduce the administrator's load when registering card information using Authentication Manager. Using this function, a newly distributed IC card or a card used to manage entering or leaving a room can easily be associated with the Authentication Manager user account when applying an IC card in Authentication Manager.
Authentication Manager 3.13.2 IC card self-registration The self-registration function becomes available when a user logs on while satisfying the following conditions. - Self Registration is set to "Allow" in IC Card Authentication Setting. - The target device is registered while an IC card reader is connected to the device.
Authentication Manager 3.14 IC Card Information Template Settings Use of an IC card information template allows you to perform the correct authentication even when a third-party authentication device is used. This section explains how to register and edit an IC card information template.
Authentication Manager 3.14.1 Registering and editing an IC card information template Registering templates A new IC card information template can be registered. Information required for registration varies depending on the type of IC card. Click the [Register] button. The Create/Edit IC Card Template page appears. Type in a template name for [Template Name].
Authentication Manager Editing a template The information of a registered IC card information template can be viewed and changed. Specify the settings for the template information to be changed, and then click the [Apply] button. – The detailed settings vary depending on the type of the data specified in a template.
Authentication Manager Registering IC card information (when the data type is "Byte") If the type of the data specified in a template is "Byte", configure the following settings. Template Name Type in the template name. Data Type Select the data type of an IC card. Start Position (Byte) Specify the card ID starting position.
Authentication Manager 3.15 Biometric information Settings for the following parameters can be specified on the Biometric Information page. Reminder This page is displayed when the license for Gateway for Biometric Authentication Manager is registered. Create biometric information using Registration Tool, and then register it using the import function of Authentication Manager.
Authentication Manager When both AU-101 and AU-102 are connected, register data of both AU- 101 and AU-102 using Registration Tool. 3.15.1 Displaying a user list A list of users registered in the biometric unit can be displayed. From the [Biometric Unit No.] drop-down list, select a biometric unit –...
Authentication Manager 3.15.2 Changing the biometric unit No. Select the check box for the user to be changed from the biometric unit user list, and then click the [Change Biometric Unit No.] button. The Change Biometric Unit No. page appears. Type in a biometric unit No.
Authentication Manager 3.16 Biometric Authentication Server Setting To perform biometric authentication, biometric authentication server information must be registered with Authentication Manager. Settings for the following parameters can be specified. Reminder This page is displayed when the license for Gateway for Biometric Authentication Manager is registered.
Page 147
Authentication Manager Reminder Normally, specify as follows. - "Biometric Auth Server URL": http://(IP address or domain of the installed computer)/ - "Server Certification URL": URL specified in step 6 of "Installing Gateway for Biometric Authentication Manager" in Enterprise Suite Installation Guide - "Server Admin.
Authentication Manager 3.17 Changing the password Specify the password or PIN code necessary for logging on to Enterprise Suite and devices. Type in the password. Type in the password again for confirmation. Change the PIN code as necessary. – Clicking the [Auto-Generate] button creates a new PIN code. Click the [Apply] button.
Authentication Manager 3.18 Specifying an administrator Reminder These settings can be specified only by the system administrator. 3.18.1 Specifying the administrator Users who can use the Authentication Manager with Administrator privileges can be selected. Settings can be specified for the following parameters. Function Details Search Condition...
Authentication Manager 3.18.2 Adding an administrator From the [User Group] drop-down list, select the user group to be displayed. From the user list, select the check box for the user to be added. – To display all users, select "All Users". –...
Authentication Manager 3.18.3 Deleting an administrator In the Administrator Settings page, select the check box for the user to be deleted. Click the [Delete] button. Check the message that appears, and then click the [OK] button to delete the template. The selected user is deleted from the list of administrators.
Authentication Manager 3.19 Specifying a group manager Users with user group manager privileges can be selected. Settings for the following parameters can be specified. Reminder These settings can be specified by the system administrator or the administrator. For details on the administrator settings, refer to "Specifying an administrator"...
Authentication Manager 3.19.1 Adding a group manager From the [Managed User Group] drop-down list, select a group to be managed. From the [Select User Group] drop-down list, select a user group to be displayed. – To display all users, select "All Users". –...
Authentication Manager Click the [Apply] button. The selected user is registered as a group manager. 3.19.2 Deleting a group manager In the User Group Manager Setting page, select the check box for the user to be deleted. Click the [Delete] button. Check the message that appears, and then click the [OK] button.
Authentication Manager 3.21 Using with Account Manager If Account Manager is installed separately, it can be used together with Authentication Manager. When Authentication Manager is used together with Account Manager, the number of printed pages is compared with the maximum limit in real time, and further output can be restricted when the maximum limit is reached.
Authentication Manager 3.21.1 Real-time Upper Limit Settings The following information is applicable when Account Manager module license is registered. To manage the maximum limit in real time, register the device as the device to be managed using Authentication Manager, and make sure the device is configured as follows using Account Manager.
Authentication Manager 3.21.3 Device panel display when logging on If the device manages the maximum limit in real time, when a user logs on, the Counter Remaining and the maximum limit count are displayed on the device panel. The Counter Remaining indicates the number of printable pages for the user. The maximum limit count indicates the number of printable pages reserved for the user when they use the device.
Authentication Manager If the residual number of pages by a user is smaller than the reserved number of printable pages when a user uses the device: If the residual number of printable pages by the user is smaller than the number of printable pages reserved when a user uses the device, the residual number of pages when a user uses the device is displayed as the maximum limit count.
Authentication Manager 3.22 Precautions on using Gateway for Biometric Authentication Manager When using Gateway for Biometric Authentication Manager, be careful with the following. - Set up so that Authentication Manager and Gateway for Biometric Authentication Manager in pair. If a single Gateway for Biometric Authentication Manager is specified by multiple Authentication Managers, they do not operate correctly.
Authentication Manager 3.23 Operation for authentication The authentication operation of Authentication Manager is described below. 3.23.1 Internal authentication and external authentication As user authentication performed by Authentication Manager, the following two types of authentication are available: internal authentication and external authentication.
Authentication Manager authenticated successfully by the internal authentication are considered that the user "A" is logging on. Handling regardless of the external server to perform authentication in the external authentication For example, assume that a user with the same name "B" exists in multiple external servers.
Authentication Manager 3.23.4 Default external server - When the default external server is specified for the device in Authentication Manager, "External Server" on the device panel displays the name of the specified default external server. - When the default external server is not specified for the device, "External Server"...
Page 163
Authentication Manager The device forcibly excluded from the target devices displays the Login page for Authentication Manager. However, you can no longer log on to the device. On the Administrator Settings page of the device, change the user authentication method to a mode other than the extended authentication server (intermediate authentication server).
Setting by Purpose Setting by Purpose Performing device authentication using Authentication Manager Performing device authentication On the top menu, select [Server Settings], and in the License Management page, register Authentication Manager licenses. Register the devices to be managed, referring to the Device Manager User's Guide.
Setting by Purpose Restricting available device functions by user group or user Restricting device functions On the top menu, select [Authentication Manager] - [Permission Template Setting], and in the Register Template page, create a function permission template. – Here, specify the available functions. On the top menu, select [Authentication Manager], and in the Basic Settings (By User) page, assign the template created in step 1 to the user group or user to be restricted.
Setting by Purpose Switching available functions between devices in the account track to which a user belongs and devices in other account tracks Function permissions can be restricted by switching a template, for example, when permitting faxing only for devices in the account track to which the user belongs.
Setting by Purpose Linking with an existing Active Directory for authentication Linking with Active Directory On the top menu, select [Authentication Manager], and in the External Server Settings page, register an external server from "Register". If Authentication Manager is already operated, register the device again.
Setting by Purpose Simplifying authentication with IC card Registering a card Register card information, referring to "Registering Card Information" in "3.1 IC Card Information". On the top menu, select [Authentication Manager], and in the Device Management page, connect the IC card to the device and register the target device again from "Manage".
Setting by Purpose Easily registering new card information for a user who lost an IC card Easily registering card information On the top menu, select [Authentication Manager], and in the IC Card Authentication Setting page, set the "Allow Self Registration" option to the following value.
Setting by Purpose Easily registering a card already registered as one of other user This function can be used when, for example, easily assigning a card of a specific user to another user while user information such as counter totals is still stored but the user account is not used.
Setting by Purpose Using biometric authentication to enhance security level Performing biometric authentication Purchase the biometric authentication license. – For details, contact your sales company. Install Gateway for Biometric Authentication Manager, referring to the installation guide. Install Plugin for Biometric Authentication Manager in the same machine as for Authentication Manager, referring to the installation guide.
Setting by Purpose Using Public User Configuring Public User Settings On the top menu, select [Authentication Manager] - [Device Management] - "Edit", and in the Object Device Setting page, change the Public User settings. – If necessary, you can apply the function permission for Public User ("Function Permission Setting for Public User").
Setting by Purpose 4.10 Changing your password Changing a password Log on to Enterprise Suite. On the top menu, select [Authentication Manager] - [Change Password], and in the Change Password page, enter a new password and click the [Apply] button. Authentication Manager 4-10...
Setting by Purpose 4.11 Performing counter management by job or work besides user Use the following steps to configure settings. On the top menu, select [Authentication Manager] - [Account Track List], and in the Register page, create an account track. On the top menu, select [Authentication Manager] - [Device Management] - "Edit", and in the Object Device Setting page, configure the account track authentication settings.
Troubleshooting Troubleshooting Problems on Device Management Problem Action Message "Failed to establish Authentication Manager always uses SSL/TLS when having a an SSL/TLS communication communication with a device. with the device." appears. (1) Use Web Connection to import a certificate to the device. (2) In the network settings, set "Enable SSL"...
Troubleshooting Problems on User Import Problem Action An error message is dis- This error may occur when an export file has been obtained with- played when importing a file out being encrypted. that was output using the ex- If a user deletes a file after exporting it, the target user cannot im- port function for some users.
Troubleshooting Problems on Authentication Problem Action Authentication failed. Try the following method. (1) Pattern scanning is performed three times when registering biometric information. For each time, release your finger from the biometric au- thentication device, and put your finger on the device again.
Need help?
Do you have a question about the bizhub C451 and is the answer not in the manual?
Questions and answers