Using the Remote UI
Setting the Preferences
1.
Click [Settings/Registration] → [User Management] → [Authentication Management] → [Preferences].
2.
Click [Edit...].
3.
Specify each setting → press [Update].
Preference Settings
The preference settings are indicated below.
Login Users Settings
Authentication Settings
[Use User Authentication Function:]:
Select [Use] to use User Authentication. [Do not use] cannot be selected for the [Local Device Authentication] setting that is enabled by default.
Set User Authentication System
You can switch the user authentication system here. For information on authentication using Active Directory or an LDAP server, see "Changing the User Authentication System."
[User Authentication System:]:
When using Active Directory or an LDAP server, select [Server Authentication + Local Device Authentication].
[Authentication Server Type:]:
If you selected [Server Authentication + Local Device Authentication], select the type of server to use for authentication.
[Active Directory]:
Uses authentication that is performed in a Windows domain environment.
[LDAP Server]:
Uses authentication that is performed on an LDAP server environment. Set the LDAP server in [LDAP Server Management...]. (See "Registering/Editing LDAP Server Information.")
NOTE
The settings are only effective after you restart the machine.
Set Default Role
Set the role to assign when a user without a role set logs in. This setting can be specified when the ACCESS MANAGEMENT SYSTEM is enabled. (See "ACCESS MANAGEMENT SYSTEM Administrator Guide.")
Role Association
Set this when Server Authentication + Local Device Authentication has been set for the user authentication system.
To obtain the role name from a user attribute, select [Retrieve role name to apply from [User Attribute to Browse]] → enter the user attribute in [User Attribute to Browse:].
Specify [Conditions:] if you do not want to browse a user attribute.
NOTE
If you are using Active Directory authentication, only 'memberOf' can be set for [User Attribute to Browse:].
If using Active Directory Authentication:
[Search Criteria]:
Only [Exact Match] can be set.
[Character String]:
Enter the name (user group name) of the administrator group.
[Role]:
Select the role to assign from Base Roles and Custom Roles (Administrator).
NOTE
Do not set 'Canon Peripheral Admins' as the primary group.
Periods (.) cannot be used in administrator group names.
If using LDAP Server Authentication:
[Search Criteria]:
Select the matching criteria to use for comparing the attribute value retrieved from the LDAP server and the user group name entered on this screen when logging in.
[Character String]:
Enter the name (user group name) of the administrator group.
[Role]:
Select the role to assign from Base Roles and Custom Roles (Administrator).
To set a user registered in the LDAP server as the Administrator of Server Authentication + Local Device Authentication, set criteria that will match with the user registered in the LDAP server.
Example:
In the following case, set 'Administrators' for the 'group' attribute of the user to use as the LDAP server administrator.
[Search Criteria]:
Exact Match
[Character String]:
group
[Role]:
Administrator
NOTE
When registering user information to a server, follow the registration procedure for that server.
Control Panel Login Settings
Set the timing for displaying the login screen and the functions that require authentication.
[Display Login Screen:]:
Set the timing for displaying the login screen.
[Display login screen when operation is started on the device]:
Displays the login screen when a user starts operating the machine.
[Display login screen when functions requiring authentication are selected]:
Displays the login screen when a user uses a function set in [Select Function That Will Require Authentication (Max 32 Functions):].
[Select Function That Will Require Authentication (Max 32 Functions):]:
If you selected [Display login screen when functions requiring authentication are selected], select the functions that require authentication.
[Select Authentication Requirement for Color Copy/Color Print:]:
Displays a message prompting the user to log in when performing color copying/color printing. Logging in is required to perform color printing.
[Login for Unregistered Users:]:
Uses the Guest User role to enable users to log in without entering an ID and password. [Display Login Screen:] must be set to [Display login screen when operation is started on the device].
This setting can be specified when the ACCESS MANAGEMENT SYSTEM is enabled. (See "ACCESS MANAGEMENT SYSTEM Administrator Guide.")
Cache Settings
These settings are related to the retention of login information.
[Number of Login Users to Display:]:
Sets the number of users that have previously logged in on the login screen to display in a drop-down list. Selecting a user in the drop-down list enables you to omit the procedure for entering the user name. The list is reset when the power of the machine is turned OFF.
[0]:
The drop-down list is not displayed.
[1]:
Only the previous user that logged in is displayed.
[Max (Maximum Number of a Device)]:
Displays a list of all users that have previously logged in.
[Printer Driver Management:]:
You can set whether to allow users to retain the password entered in the AMS Printer Driver Add-in. If you retain the password, it becomes unnecessary to enter a password in the AMS Printer Driver Add-in after the first time.
This setting can be specified when the ACCESS MANAGEMENT SYSTEM is enabled. (See "ACCESS MANAGEMENT SYSTEM Administrator Guide.")
NOTE
The settings are only effective after you restart the machine.
Remote UI Authentication Setting
Select the authentication mode to use when logging in to the Remote UI.
[Authentication Mode:]:
[Standard authentication mode]:
A user name and password must be entered when logging in, regardless of the privileges of the user.
[Guest authentication mode]:
Registered users must enter a user name and password when logging in.
Users that are not registered can also log in using [Log In (General User)], but the settings they can specify are restricted.
[Administrator authentication mode]:
Only allows administrators to log in.
Device Settings
Specify restrictions on printing from computers, remote scanning, and security settings when forwarding documents.
[Functions to Restrict:]:
[Print from drivers without AMS Printer Driver Add-in]:
Restricts printing from computers in which the AMS Printer Driver Add-in is not installed and computers with an unknown user logged on.
This setting can be specified when the ACCESS MANAGEMENT SYSTEM is enabled. (See "ACCESS MANAGEMENT SYSTEM Administrator Guide.")

[Remote scan]:
Restricts the function for scanning data to a computer by using the machine as a scanner. When this function is restricted, the machine does not become online even if [Scanner] is selected on the Main Menu.
[Security Settings:]:
Set whether to add a device signature to files when transferring files from the machine.
This setting can be specified when the ACCESS MANAGEMENT SYSTEM is enabled. (See "ACCESS MANAGEMENT SYSTEM Administrator Guide.")
NOTE
The settings are only effective after you restart the machine.
Access Mode within Sites
If multiple sites are operating in the domain, you can set to retrieve Active Directory site information to prioritize access to the domain controller in the site the machine belongs to. If you set the Access Mode in Sites mode, you can also select one of the following settings:
Only access the domain controller in the site the machine belongs to.
Enable access to domain controllers outside the site the machine belongs to, but prioritize access to the domain controller in the site the machine belongs to.
[Access Mode within Sites:]:
Retrieves Active Directory site information to access the domain controller in the site the machine belongs to. If multiple domain controllers are in the same site as the machine, they are accessed in the same order as the list of domain controllers retrieved from the DNS server.
If this is not selected, Active Directory site information is not retrieved. Domain controllers are accessed in the same order as the list of domain controllers retrieved from the DNS server.
[Retrieve Site Information:]:
[Only at first time]:
Uses the list of domain controllers retrieved when the machine was logged in to for the first time.
[Every time when device starts up]:
Updates the list of domain controllers every time the machine is started.
[Site Access Range:]:
[Only site to which device belongs]:
Accesses only domain controllers in the same site as the machine. An error occurs if there are no domain controllers in the same site as the machine.
[Access other sites in addition to site to which device belongs]:
Also accesses domain controllers outside the same site as the machine if there are no domain controllers in the same site as the machine. An error occurs if there are also no domain controllers outside the same site as the machine.
IMPORTANT
Even when you specify the settings for [Access Mode within Sites:], site information is not retrieved when logging in from a Web browser.
Even when [Only site to which device belongs] is set, the machine may access sites outside the site it belongs to when performing domain controller access during the startup process. However, access to domain controllers in the same site as the machine is prioritized. As an exception, if domain controllers in the same site cannot be accessed but domain controllers outside the site can be accessed, priority is given to accessing domain controllers outside the site.
Set Web Service Authentication System
You can set the Local Device Authentication system that the Web service authentication system provides.
By rejecting communication with applications which do not support CRAM-MD5, you can enhance the security.
[Authentication System Used for Local Device Authentication:]:
[Use CRAM-MD5/MD5]:
Allows to communicate with applications supporting CRAM-MD5 and MD5.
[Use CRAM-MD5]:
Allows only to communicate with applications supporting CRAM-MD5.
Setting to Disable Integrated Authentication
You can restrict the whole Integrated Authentication functions, regardless of authentication method settings. If you disable Integrated Authentication, entering the authentication information is required in specific operations as using login information of the machine for other authentication will be restricted.
The specific operations are as follows:
Sending to personal folders
Sending to an LDAP server
Sending to a file server
Using the Advanced Box
Using other functions which support Integrated Authentication
[Disable integrated authentication]:
Disable integrated authentication function, regardless of the authentication method.
[Disable integrated authentication using credentials for local device authentication]:
Disable integrated authentication when using authentication method of local device authentication.
[Disable integrated authentication using credentials for LDAP server authentication]:
Disable integrated authentication when using authentication method of LDAP server authentication.
IMPORTANT
If you disable Integrated Authentication, an authentication error may occur when sending files to personal folders. If you want to disable Integrated Authentication while specifying the personal folders under the home folder, make sure to register authentication information for each user.
You can specify the personal folder settings in [Personal Folder Specification Method] in [Function Settings] (Settings/Registration). For more information, see "Specifying Personal Folders."
NOTE
The settings are only effective after you restart the machine.
» Authentication » Setting the User Authentication Function Environment » Using the Remote UI
0R9W-1WS