e-Manual TopContentsHelpGlossary
Category
Top » MEAP » System Requirements » SSO-H (Single Sign-On H)

Category Top

Overview of This Function

Overview of Login Services

Default Authentication (Department ID Management)

Login Screens

SSO-H (Single Sign-On H)

Login Screens

System Requirements

SMS (Service Management Service)

SSO-H (Single Sign-On H)

Before Starting SMS (Preparations)

Specifying the SSL Encrypted Communication Settings

Before Logging In to SSO-H

Logging In to SMS

Logging In with the SMS Password

Logging In with the User Name and Password of the Machine

Logging In from the Remote UI Portal

Logging Out from SMS

Managing Applications

Starting/Stopping Applications

Uninstalling Applications

Confirming Application Preferences

Managing Application Licenses

Setting Application Authentication Information

Installing Applications

Managing System Applications and Login Services

Login Service Selection

Uninstalling a Login Service

Starting/Stopping System Applications

Uninstalling System Applications

Installing System Applications

Changing the Login Method for SMS

Confirming System Information

Confirming Application Data

Confirming License Files

Changing the Password

Managing Application Setting Information

Managing Application Logs

Logging In to SSO-H

Menu for Administrators

Setting the User Information for SSO-H

Registering/Editing User Data for Local Device Authentication

Registering/Editing User Data for Domain Authentication

Setting the SSO-H

Setting the User Authentication System

Setting the User Group to Register the Domain Administrator

Specifying the Number of Users Displayed on the Touch Panel Display

Setting the Access Mode in Sites

Setting the Security for SSO-H

Allowing Administrators to Operate Using the Default Password

Setting Password Restrictions

Setting the Lockout Function

Menu for General Users

File Formats for Local Device Authentication User Information Files

SDL Format

NetSpot Accountant 3.x Format

NetSpot Accountant 4.x Format

Troubleshooting

Trouble That May Occur When Using SSO-H

Trouble That May Occur When the Windows Server Firewall Is Set

Other Trouble

Collapse all|Expand all
SSO-H (Single Sign-On H)
SSO-H operates with the system environment described in "Domain Authentication" and "Local Device Authentication."
Domain Authentication
Local Device Authentication
IMPORTANT
To use Domain Authentication, you must match the current time on the server in which Active Directory is running with the machine (and the computer to log in with).
When using Domain Authentication, make sure you register a Domain Authentication administrator. If you do not register a Domain Authentication administrator, some settings and management functions may not be available, depending on the application. The registration method differs depending on your system environment.
The user that belongs to the "Canon Peripheral Admins" group on Active Directory is the administrator for Domain Authentication. Follow the instructions in the manual for Active Directory to create the "Canon Peripheral Admins" group, and then register a Domain Authentication administrator.
If the default password is being used, the screen for changing the password is automatically displayed for security purposes. Change the password. (See "Registering/Editing User Data for Local Device Authentication.")
Domain Authentication
A windows server in which Active Directory is installed and a DNS server for name resolution are necessary to use Domain Authentication.
Windows Server to Install Active Directory (Domain Controller)
Software
Operating system:
Windows Server 2003 SP2
Windows Server 2003 R2 SP2
Windows Server 2008 SP2
Windows Server 2008 R2
IMPORTANT
This version of SSO-H is compatible with both 128-bit AES (Advanced Encryption Standard) and DES (Data Encryption Standard) as the Kerberos encryption type to be used when performing Domain Authentication. The encryption type automatically switches according to the Active Directory settings. AES is used in an environment that supports both encryption types.
If you use Windows Server 2003 SP2/R2 SP2 for the Active Directory, only the IPv4 communication protocol is supported (IPv6 cannot be used).
System Requirements for Domain Authentication Administrators and General Users
Operating System
Web Browser
Java Runtime Environment
Windows XP Professional SP3
Internet Explorer 7
Java Runtime Environment 1.5 or later
Windows Vista SP2
Internet Explorer 8
Windows 7
Internet Explorer 8
Windows Server 2003 SP2
Windows Server 2003 R2 SP2
Internet Explorer 7
Windows Server 2008 SP2
Windows Server 2008 R2
Internet Explorer 8
Mac OS X v 10.3
Safari 1.3.2
Java 2 Platform Standard Edition 5.0
Mac OS X v 10.4
Safari 2.0.4
Mac OS X v 10.5
Safari 3.1.2
Mac OS X v 10.6
Safari 4.0.3
System Requirements for Domain Authentication Administrators and General Users (When Using IPv6 Communications)
Operating System
Web Browser
Java Runtime Environment
Windows XP Professional SP3
Internet Explorer 7
Java Runtime Environment 1.5 or later
Windows Vista SP2
Internet Explorer 8
Windows 7
Internet Explorer 8
Windows Server 2003 SP2
Windows Server 2003 R2 SP2
Internet Explorer 7
Windows Server 2008 SP2
Windows Server 2008 R2
Internet Explorer 8
Other System Requirements
Access privileges to Windows 2003/2008 Domain Name System (DNS)
Access privileges to Domain Controller
Server Ports Used
The following server ports are used when using Domain Authentication with SSO-H:
Port Number
Application
53
Communication with the DNS server
88
Domain Authentication with the KDC (Key Distribution Center)
389
LDAP communications with the directory service (Default is 389, but it can be changed to a user-defined port in the LDAP service properties.)
Local Device Authentication
An Active Directory environment network is not necessary to use Local Device Authentication.
System Requirements for Local Device Authentication Administrators and General Users
Operating System
Web Browser
Java Runtime Environment
Windows XP Professional SP3
Internet Explorer 7
Java Runtime Environment 1.5 or later
Windows Vista SP2
Internet Explorer 8
Windows 7
Internet Explorer 8
Windows Server 2003 SP2
Windows Server 2003 R2 SP2
Internet Explorer 7
Windows Server 2008 SP2
Windows Server 2008 R2
Internet Explorer 8
Mac OS X v 10.3
Safari 1.3.2
Java 2 Platform Standard Edition 5.0
Mac OS X v 10.4
Safari 2.0.4
Mac OS X v 10.5
Safari 3.1.2
Mac OS X v 10.6
Safari 4.0.3
System Requirements for Local Device Authentication Administrators and General Users (When Using IPv6 Communications)
Operating System
Web Browser
Java Runtime Environment
Windows XP Professional SP3
Internet Explorer 7
Java Runtime Environment 1.5 or later
Windows Vista SP2
Internet Explorer 8
Windows 7
Internet Explorer 8
Windows Server 2003 SP2
Windows Server 2003 R2 SP2
Internet Explorer 7
Windows Server 2008 SP2
Windows Server 2008 R2
Internet Explorer 8
IMPORTANT
For information on obtaining the Java Runtime Environment or Java 2 Platform Standard Edition, see the Oracle Web site.
You must use the user logon name (pre-Windows 2000) registered in Active Directory in order to enter a user name for Domain Authentication.
You can use only alphanumeric characters for Domain Authentication. You cannot use symbols (\ / : * ? l <> [ ] ; , = + . "), or spaces. You can log in only if you use valid characters.
User names and passwords are registered in a database in the machine.
When using the Local Device Authentication system, you can use only alphanumeric characters for the user name.
NOTE
Port number is a default value. If you change the settings, the port number is different. (See "Before Logging In to SSO-H.")