Authentication
To apply the settings in this category to a device, Administrator Authentication Management must be enabled in the device settings. When Administrator Authentication Management is disabled, apply the template that enables Administrator Authentication Management in the [Administrator] category of the device before configuring this category.
Here are the groups of settings you can find on this node.
Authentication Type|
Setting Item |
Description |
|---|---|
|
User Authentication Settings |
Select the user authentication type: [Off], [User Code Authentication], [Basic Authentication], [Windows Authentication], [LDAP Authentication], [Integration Server Authentication] |
|
Enable External Authentication |
These settings are part of the extended item settings. Refer to List of Extended Item Setting for the complete list. Turn the setting Off or On. |
When Enable External Authentication is set to On, the following are enabled.
These settings are part of the extended item settings. Refer to List of Extended Item Setting for the complete list.
|
Setting Item |
Description |
|---|---|
| Logout When Card Removed |
The user remains logged in while the IC card is in contact with the card reader. The user is logged out when the IC card is removed from the card reader. The setting [Logout When Card Detected] cannot be enabled at the same time. If Card Authentication Package V2 is set, it is recommended that Logout When Card Removed is enabled. |
| Logout When Card Detected |
The user is logged out when the IC card is held against the card reader while the user is logged in. This is a setting for contactless IC cards. The setting [Logout When Card Removed] cannot be enabled at the same time. |
|
Exit Energy Saver Mode When Card Detected |
You can select whether to set the device to recover from Energy Saver Mode when the IC card is held against the card reader. This is a setting for contactless IC cards. |
|
Enable Character For PIN |
Enables entering alphabetical characters in addition to numbers for the password. |
|
Control Reading Card |
The cache for the IC card’s login ID and password is used for login. Use this setting when the authentication process takes time. |
|
Panel Lock For Logout Failure |
This setting prevents other users from logging in before the logout process is completed. Use this setting when the logout process takes time. |
|
Manual Password Input |
You can set whether to require the users to enter a password when they hold up their IC card against the card reader. The following are the different modes.
If Card Authentication Package V2 is set, it is recommended that Manual Password Input is set to Mode 0 or Mode 2. |
The Manual Password Input, Enable Character For PIN, and Control Reading Card settings are only available for devices released in spring 2009 or later. The Panel Lock For Logout Failure setting is only available for devices released in autumn 2012 and later (with exceptions). For details, please check your local Ricoh website for a list of supported devices or contact the Ricoh Group.
User Code Access Control
|
Setting Item |
Description |
|---|---|
|
Copier |
Specify whether to enable access control for the copier function for each user. Select the color settings that can be used when making copies from the following: [Black & White], [Single Color], [Two-color], [Full Color], or [Off]. |
|
Printer |
Specify whether to enable access control for the printer function for each user. Select the color settings that can be used when making prints from the following: [Black & White], [Color], or [Disable].
|
|
Fax |
Specify whether to enable the access control for the fax function for each user. |
|
Scanner |
Specify whether to enable the access control for the scanner function for each user. |
|
Document Server |
Specify whether to enable the access control for the Document Server for each user. |
Copier
These settings are part of the extended item settings. Refer to List of Extended Item Setting for the complete list.
|
Setting Item |
Description |
|---|---|
| Restrict Copier usage |
When checked, you must set the following:
|
| Require key counter for copy |
Select which color will require a key when copying.
|
| Disable authentication: copy | Sets whether user authentication is performed(On) or not(Off). |
Document Server
These settings are part of the extended item settings. Refer to List of Extended Item Setting for the complete list.
|
Setting Item |
Description |
|---|---|
| Restrict document server usage |
When checked, you must set the following:
|
| Require key counter for DS |
Sets whether to require key counter for DS(On) or not(Off). |
| Disable authentication: DS | Sets whether user authentication is performed(On) or not(Off). |
| DS access control |
Refer to DS Access Control. These function will become effective after the device reboots. |
| Default Document ACL |
Refer to Default Document ACL. This function is not available for devices that are not equipped with a Document Server. |
|
Setting Item |
Description |
|---|---|
| Deny all WIM Access |
The administrator and all users are not permitted to access the Document Server on WIM. The “Document Server” menu and the various logs for “Document Server” on the “Job” screen will not be displayed. |
|
Deny user WIM access but allow admin access |
All users except the administrator are not permitted to access the Document Server on WIM. The “Document Server” menu and the various logs for “Document Server” on the “Job” screen will not be displayed. |
| Hide print icon and print job history | The “Print” button is not displayed in the Document Server document list screen for the administrator and all users. Also, “Print Job History” for “Document Server” is not displayed on the “Job” screen. |
|
Hide fax remote send history |
“Fax Remote Send History” for “Document Server” on the “Job” screen is not displayed for the administrator and all users. When the device’s fax transmission function is disabled or the device is not equipped with a fax, the “Send” button will not appear in the Document Server document list. |
| Hide scanner remote send history |
“Scanner Remote Send History” for “Document Server” on the “Job” screen is not displayed for the administrator and all users. When the device’s scan transmission function is disabled or the device is not equipped with a scanner, the “Send” button will not appear in the Document Server document list. |
|
Hide download in document list and in file details |
The “Download” button is not displayed in the Document Server document list screen or the File Details screen for the administrator and all users. |
|
Hide delete icon |
The “Delete” button is not displayed in the Document Server document list screen for the administrator and all users. |
|
Disallow guest access |
Unauthenticated users (GUEST) cannot access the Document Server on WIM. The “Document Server” menu and the various logs for “Document Server” on the “Job” screen will not be displayed. |
The Document Server information displayed on the "Job" screen depends on combination of settings configured.
| DS Access Control selection | Authentication Function: DS | User(s) who can access | |
|---|---|---|---|
|
Deny user WIM access but allow admin access |
Disallow guest access | ||
| unchecked | unchecked |
Enabled |
|
| unchecked | unchecked |
Disabled |
|
| checked | unchecked |
Enabled |
Administrator |
| checked | unchecked |
Disabled |
Administrator |
| unchecked | checked |
Enabled |
|
|
unchecked |
checked |
Disabled |
|
|
checked |
checked |
Enabled |
Administrator |
|
checked |
checked |
Disabled |
Administrator |
|
Setting Item |
Description |
|---|---|
| Read-only | Users are only permitted to view the documents. |
| Edit | Users are permitted to edit the documents. However, they cannot delete documents. |
| Edit/Delete | Users are permitted to edit and delete documents. |
|
Full control |
Users are permitted to perform all operations permitted to the document owner. Users are able to perform all operations including changing the access privileges of the document. If Card Authentication Package V2 has been implemented, select Full control. |
Fax
These settings are part of the extended item settings. Refer to List of Extended Item Setting for the complete list.
|
Setting Item |
Description |
|---|---|
| Restrict fax usage |
When checked, you must set the following:
|
| Require key counter for fax |
Sets whether to require key counter for fax(On) or not(Off). |
| Disable authentication: Fax | Sets whether user authentication is performed(On) or not(Off). |
Home Screen
These settings are part of the extended item settings. Refer to List of Extended Item Setting for the complete list.
|
Setting Item |
Description |
|---|---|
| Users Home Screen: Usage Limitation | Select to allow or prohibit the display of home screen. |
| Users Home Screen: Display Login Dialog on User Home Screen | Set whether to display the login dialog when Home button is pressed. |
Please note the following:
-
Set this function to Disable if authentication is disabled for any one of the Copier, Document Server, Fax, Printer, or Scanner applications. If it is set to Enable, since the Authentication screen will be displayed when the Home screen is shown even if authentication is not performed for the application, you will not be able to view the application screen without performing authentication.
-
This function is only available for devices released in autumn 2011 or later (devices with Home screen display). For details, please check your local Ricoh website for a list of supported devices or contact the Ricoh Group.
Printer
These settings are part of the extended item settings. Refer to List of Extended Item Setting for the complete list.
|
Setting Item |
Description |
|---|---|
| Restrict printer usage |
When checked, you must set the following:
|
| Require key counter for printer |
Sets whether to require key counter for printer(On) or not(Off). |
| Disable authentication: Printer | Sets whether user authentication is performed(On) or not(Off). |
Scanner
These settings are part of the extended item settings. Refer to List of Extended Item Setting for the complete list.
|
Setting Item |
Description |
|---|---|
| Restrict scanner usage |
When checked, you must set the following:
|
| Require key counter for scanner |
Sets whether to require key counter for scanner(On) or not(Off). |
| Disable authentication: Scanner | Sets whether user authentication is performed(On) or not(Off). |
Color Settings
These settings are part of the extended item settings. Refer to List of Extended Item Setting for the complete list.
|
Setting Item |
Description |
|---|---|
| Selective Color Authentication |
Select which color will require authentication.
|
SDK Authentication Settings
These settings are part of the extended item settings. Refer to List of Extended Item Setting for the complete list.
|
Setting Item |
Description |
|---|---|
| SDK Authentication Settings |
When checked, you must set the following:
|
| Enable SDK Authentication |
Enables the use of a server that performs external authentication using an SDK application. In order to make the settings effective, select LDAP Authentication in User Authentication Settings. To use an authentication method other than LDAP authentication, disable this setting. |
| Enable Admin Login |
The server that performs external authentication using an SDK application is given the same administrative privileges as the Address Book in the device. Enabling this setting will allow operations that require administrative privileges to be performed from outside the device. |
SDK
These settings are part of the extended item settings. Refer to List of Extended Item Setting for the complete list.
|
Setting Item |
Description |
|---|---|
| User authentication SDK1 | When enabled, the SDK 1 user can be used for authentication. |
| User authentication SDK2 | When enabled, the SDK 2 user can be used for authentication. |
| User authentication SDK3 | When enabled, the SDK 3 user can be used for authentication. |
Browser
These settings are part of the extended item settings. Refer to List of Extended Item Setting for the complete list.
|
Setting Item |
Description |
|---|---|
| User Authentication: Browser | When enabled, a user authentication is required when you open a browser. |
User Limitation Detail Options
These settings are part of the extended item settings. Refer to List of Extended Item Setting for the complete list.
|
Setting Item |
Description |
|---|---|
| Enable Logout Confirmation |
A logout confirmation screen is displayed when the Logout button is pressed. If Card Authentication Package V2 is configured, it is recommended that this settings is enabled. |
|
Shortening Auto Logout Timer |
You can select the interval for retry attempts when auto logout fails. Options are:
When the specified number of seconds elapses, auto logout is attempted again. |
|
Apply ACL to both Users and Groups |
The user can log in only when authentication with the Address Book in the device and external authentication using the SDK application are completed. When this setting is disabled, login is possible if either authentication with the Address Book in the device or external authentication using the SDK application is completed. |
|
Skip Password Input |
The Password Entry screen is not displayed at the time of login. |
|
Display Remaining Usage Count |
When a limit has been set for a function such as Copy, the number of times the function can be used is displayed. |
|
Duration to display remaining usage count |
You can select how long the remaining number of times the function can be used is displayed. Options are:
The remaining number of times the function can be used is displayed for the specified number of seconds. |
|
Setting Item |
Description |
|
|---|---|---|
|
LDAP Authentication |
Specify whether to enable the LDAP Authentication. |
|
|
LDAP Server 1–5 |
If you select [LDAP Authentication] in [User Authentication Settings], select an LDAP authentication server. If your machine does not support configuration of multiple LDAP servers, be sure to select only one LDAP server at a time. Selecting multiple LDAP servers at the same time will result in a batch settings failure. |
|
|
LDAP Login Attribute |
Enter an LDAP login attribute. |
|
|
Global Identifier |
Enter a global identifier. |
|
|
LDAP Server |
Specify whether to use the LDAP search. |
|
|
LDAP Server 1–5 |
Perform batch settings for LDAP servers 1 to 5. To use the selected LDAP server, select LDAP servers 1 to 5. Select [Program] to configure the selected LDAP server. Select [Delete] to clear the settings of a LDAP server. |
|
|
Identification Name |
Enter the name. |
|
|
Server Name |
Enter the server name. |
|
|
Search Base |
Enter the search start point. |
|
|
Port Number |
Enter the port number. If SSL is not used, the initial port number is 389. If SSL is used, the initial port number is 636. |
|
|
SSL |
Specify whether to use SSL. |
|
|
Authentication |
For authentication, select either of the following: [Off], [On], [High Security], [Kerberos Authentication] |
|
|
Authentication Realm |
If you specify [Kerberos Authentication], you must then specify the realm that you want to protect with Kerberos authentication. |
|
|
User Name |
Enter the user name. |
|
|
Password |
Enter the password. |
|
|
LDAP Server 1–5 (Search Conditions) |
Identification Name |
Enter the name as a search condition. |
|
Email Address |
Enter the e-mail address as a search condition. |
|
|
Fax Number |
Enter the fax number as a search condition. |
|
|
Company Name |
Enter the company name as a search condition. |
|
|
Department Name |
Enter the department name as a search condition. |
|
|
Attribute |
Enter the attribute as an optional search condition. |
|
|
Key Display |
Enter the key display name as an optional search condition. |
|
|
Setting Item |
Description |
|
|---|---|---|
|
Integration Server Authentication |
Specify whether to enable the Integration Server Authentication. |
|
|
Server Name |
If you select [Integration Server Authentication] in [User Authentication Settings], enter the Integration server name. |
|
|
Domain Name |
Enter the name of the domain where integration server authentication will be performed. |
|
|
Authentication Type |
Select the type of integration server authentication from the following: [Windows Authentication (Native)], [Windows Authentication (NT Compatible)], [Basic Authentication (Integration Server)], [Notes Authentication], [Default] |
|
|
SSL |
You can specify whether or not to perform SSL. |
|
|
Setting Item |
Description |
|
|---|---|---|
|
Windows Authentication |
Specify whether to enable the Windows Authentication. |
|
|
Domain Name |
If you select [Windows Authentication] in [User Authentication Settings], enter the domain name to be used for authentication. |
|
|
SSL |
Specify whether or not to perform SSL. |
|
|
Use Kerberos |
Specify whether to use Kerberos authentication. If you select [On] under [Kerberos Authentication], you must specify the realm to protect with Kerberos authentication. |
|
|
Authentication Realm |
Specify the realm to protect with Kerberos authentication. |
|
|
Setting Item |
Description |
|
|---|---|---|
|
Realm 1–5 |
Enter the information about the realm you want to protect with Kerberos authentication. Up to five realms can be set. Select [Program] to configure the selected authentication realm. Select [Delete] to clear the settings of a selected realm. |
|
|
Realm Name |
Enter the name. |
|
|
KDC Server Name |
Enter the key distribution center (KDC) server address. |
|
|
Corresponding Domain Name |
Enter the name of the domain that corresponds to the realm. |
|
|
Setting Item |
Description |
|
|---|---|---|
|
Print Job Authentication |
Specify whether to enable the Print Job Authentication. |
|
|
Print Job Authentication |
Select the print job authentication method: [Entire], [Simple (All)], [Simple (Limitation)] |
|
|
Limitation Range 1–5 |
Enter the range of IP addresses subject to authentication. |
|
|
Parallel Interface (Simple) |
Specify whether to allow parallel interface. |
|
|
USB (Simple) |
Specify whether to allow USB interface. |
|
[Access Control] can be specified only when [User Authentication Settings] is set to [User Code Authentication].
