Access Mode In Sites; Linkage With Department Id Management When Using Sso-H; System Manager Linkage (Automatic Id Allocation To System Managers) - Canon imageRUNNER ADVANCE C5045 Series Service Manual

2
To run domain authentication and Department ID management at the same time, the
•
options Net Spot Accountant, iW Accounting Manager or iW EMC Accounting Man-
agement Plug-in are required. If domain authentication is selected as the authenti-
cation method without linkage to these systems, login will be disabled and Depart-
ment ID management will not come ON. If Department ID management cannot be
turned ON when using domain authentication and login is disabled, switch the login
service to Default Authentication and turn Department ID management OFF.
•
In order to link local device authentication and Department ID management
and manage print pages and scan pages per department ID, Department ID
manage-ment must be set ON. To run local device authentication and Department
ID management at the same time, the information registered in local device
authentication must match the De-partment ID management user information
(department ID and password).
• In local device authentication the card reader for the option control card cannot be
used.

Linkage with Department ID management when using SSO-H

SSO-H has collaborative linkage with imageWARE/iW Enterprise Management Console
Access Managemnet Plug-in, imageWARE/iW Enterprise Management Console Accounting
Managemnet Plug-in. Only when used with 'Local device authentication', can department ID/
passwords be allocated to users.
In the event that these are allocated, authentication can be performed even when the main
unit's department management is ON. Department ID and department passwords are not
allocated to domain users.
When the main unit's department management function is ON, domain users cannot be
authenticated.
MEMO:
With SSO, linkage with imageWARE/iW Enterprise Management Console Accounting
Managemnet Plug-in was assumed and department management linkage was enabled
even in domain authentication, but with SSO-H, this is now unsupported.

System Manager Linkage (automatic ID allocation to System Managers)

SSO provided the automated function conventionally on Security Agent (hereinafter "SA") to
authenticate System Manager by allocating IDs set on SA to domain authentication managers
(users belonging to Canon Peripheral Admins group). However, SSO-H does not support this
function.
2

Access Mode in Sites

With SSO-H, access to Active Directory within site can be prioritized or restricted, so there
is a setting called 'Access Mode in Sites'. Sites programmed in Active Directory comprise
multiple subnets. In this mode, SSO-H uses site information to access the same site as the
device, or the subnet Active Directory.
The SSO-H default setting is with the site internal access mode OFF.
•
Access Active Directory within same site only.
•
If there is no Active Directory within the same site, or if connection fails, there will be an
•
authentication error.
Access another site if Active Directory within the same site cannot be located.
•
If there is no Active Directory within the same site, or if connection fails, an Active Directory
•
external to the site will be accessed.
If all attempts to access Active Directory fail, there will be an authentication error.
•
The operating specifications of the site internal access mode are as described below.
When first logging in to the login service after booting iR, the domain controller (DC) is
obtained from the site list.
However, upon the first login, even if the site functionality is active, connection to DC is
random. (This is because, if connection to DC should fail, the site to which the device belongs
cannot be ascertained.)
If the device IP address or the domain name are changed, the site settings are acquired once
more.
In this mode, at the first login (first authentication of domain to which the device belongs)
LDAP-Bind is performed directly to DC and site information acquired by LDAP from DC.
From the acquired site list, the site to which the device subnet belongs is extracted and this
becomes the site to which device belongs. Active Directory address is acquired (retrieved
from DNS)
2-133
2-133