Before Logging In to SSO-H
SSO-H is an authentication system that runs on the machine. It is necessary to specify the following settings in the machine to use SSO-H for authentication.
IMPORTANT
|
To access the machine from a Web browser, set [Use HTTP] to 'On' in [TCP/IP Settings] in [Network] in [Preferences] (Settings/Registration). For more information, see "Settings Common to TCP/IPv4 and TCP/IPv6."
|
Specifying the Various Settings
Specify the settings under [Network] in [Preferences] (Settings/Registration). Also, confirm the machine's IP address. For more information, see
"Protocol Settings."
When using Active Directory Authentication with SSO-H, it is necessary to synchronize the date and time settings of the authentication server and machine. Set the date and time of the machine in [Date/Time Settings] in [Preferences] (Settings/Registration) to the same date and time set on the authentication server. For more information, see
"Current Date and Time." You can also specify daylight saving settings to automatically advance the standard time of the machine forward by one hour for a certain period each year.
DNS Settings (Active Directory Authentication)
For Active Directory Authentication, the machine uses a DNS server. If using Active Directory Authentication, specify settings in [Network] in [Preferences] (Settings/Registration). For more information, see
"Protocol Settings."
The DNS server that manages the domain name registered in the machine requires the following:
The domain name of the Active Directory server used for authentication (the IP address of the domain controller) must be able to be retrieved.
The DNS server must support SRV records.
The following settings are required if the port number used for LDAP on the Active Directory side is changed.
Information for the LDAP service of Active Directory must be registered as an SRV record as follows:
Service:
|
'_ldap'
|
Protocol:
|
'_tcp'
|
Port number:
|
The port number used by the LDAP service of the Active Directory domain (zone)
|
Host offering this service:
|
Host name of the domain controller that is actually providing the LDAP service of the Active Directory domain (zone)
|
LDAP Server Information Settings (LDAP Server Authentication)
LDAP Server Authentication uses an LDAP server for authentication. Register the LDAP server information (server name, server address, port number, etc.) to use LDAP Server Authentication. (See
"Registering/Editing User Data for LDAP Server Authentication" and
"Registering/Editing LDAP Server Information.")
Department ID Management Settings
[Department ID Management] must be set to 'Off' before using SSO-H. For instructions on setting [Department ID Management] to 'Off', see
"Department ID Management."
Check the language settings of Active Directory and the machine. If the display language of Active Directory and the machine differ, the sender's full name will not be displayed in the destination for e-mail.
IMPORTANT
|
To specify [Management Settings] (Settings/Registration), you must log in using the System Manager ID and the System PIN.
If the date and time settings of the authentication server and machine are not synchronized, a login error will occur when using Active Directory Authentication.
|
NOTE
|
If you are using the ColorPASS or the imagePASS, see the documentation included with the ColorPASS or the imagePASS.
The allowed difference in times can be changed using the settings of Active Directory. However, if more than '5' minutes is specified, the allowed difference will not be changed.
If [Department ID Management] is set to 'On', a warning message will be displayed on the login screen.
|