Configure Embedded Settings

Before you can install the CAC/PIV embedded software on target MFP’s, configure the following settings. The settings you choose here will be applied to target MFP’s when you run an install task to install the CAC/PIV Embedded solution.

• Settings of the login screen displayed on the MFP
• Operational settings of the MFP when the user authenticates
• User authentication priority setting

Login Screen Settings

1. Click [Configuration] ® [Streamline NX Embedded Settings] ® [Embedded Authentication].

2. Click [Add].

3. On the Authentication and Accounting tab, name the configuration you are creating.

4. Set the [Card Reader] list to [Smartcard Reader].

CAC or FIDO2 logic only runs when Card Reader is set as Smartcard Reader.

5. Click [Save].

Authentication Method

You can configure the CAC/PIV-enabled MFP’s to authenticate against all Kerberos servers configured in Streamline NX. Click [System] ® [Security] ® [Authentication Profile] to view the current profiles.

To allow manual logins to work with either the UPN prefix or the sAMAccountName (as opposed to just one or the other), set the Search Condition field value to:
(&(objectClass=organizationalPerson)(|(sAMAccountName=${user})(userPrincipalName=${user}${realm}))

Set the Proxy User Name to the form ‘user@realm’ (not ‘realm\user’) to allow both CAC/PIV and Streamline NX to use the account.

For instructions to configure the LDAP/Kerberos authentication profile, refer to Manage User Authentication.

Set Auth/Scan/print profiles (if using)

Refer to the following sections in the Streamline NX Administrator’s Guide to configure these profiles:

• Embedded Authentication: Configure the Embedded Authentication Properties
• Embedded Print: Configure Embedded Print Properties
• Embedded Settings: Manage the SLNX Embedded Settings