12 Authentication and

Accounting Feature
12.1 Summary
Use the authentication feature to restrict access to the machine itself, or restrict access for each
service. This also allows users to process and manage data on service usage status per user.

Types of Users
Users are grouped into the following categories when using the authentication feature.

Administrator
This type of user is able to register and change system setting value according to the user
environment.
Administrators use a specially defined user ID called an administrator ID.

Login User
This type of user is registered to the machine or an external server. Each user is authenticated by a
user ID.
The user ID of an authenticated user can be associated with a sub user based on its intended use. The
user ID of an authenticated user can be associated with up to 10 sub user IDs.

Note
z Set the User ID within 32 characters.
z
A separate application is required to use sub users. For details, contact your local representative.

Guest User
This type of user has not been registered.
Guest users cannot access restricted services.

Administrator Permissions and Authorization Groups

Administrator permissions and authorization groups can be set for each user on the machine.
If using our products (sold separately) as the remote accounts, set them in the products (sold
separately). If using LDAP or Microsoft Entra ID as the remote accounts, set them in Internet
Services.

Administrator Permissions
You can configure administrator and account administrator permissions for each authenticated user.

12.1 Summary
217
Administrator
The same permissions as the administrator can be granted. However, the following actions will be
unavailable.
z
Folder Operations
z
Controlling job flow sheets
z Changing administrator passwords

Account Administrator
The following permissions can be granted.
z Regarding, deleting, changing (password cannot be changed by themselves) or referencing (may
be unavailable based on some setting configurations) user information
z
Registering, deleting, changing or referencing accounting data
z
Changing alternative name for user ID/mask user ID (***)
z Changing alternative name for account ID/mask account ID (***)
z
Printing accounting reports

Authorization Groups
You can divide permissions allowing access to features for registering authenticated users. Users
belonging to an authorization group can perform the same actions as the administrator.

Refer
zRefer to "Authorization Groups" (P.227) for more information.

Usage Limit
Usage Limit Across Entire System
You can restrict access to the machine and each service in Authentication Mode. User authentication
is required to use this.

Refer
z
Refer to "[Authentication]" (P.197) for more information.

Usage Limit by User

You can restrict the creation, editing and use of Usage Limit, Account Limit, Job Flow Sheets and
Folder for a service for each user.

Refer
zRefer to "Services that Allow Usage Limit or Accounting Settings for Authentication/Accounting Mode"
(P.222) and "Authentication for Job Flow Sheets and Folders" (P.223) for more information.

Types of Authentication and Authentication Method

Types of Authentication
Log In to Local Accounts
Authentication is performed using user information registered to the machine.
Authentication/Accounting Mode is set to [Local]/[Network], Authentication becomes “Local
Accounting”.

218 12 Authentication and Accounting Feature

 Note
z
Print information sent directly from the client computer is authenticated by comparing authentication
information preset in client-side printer drivers with authentication information registered to the
machine, before it can be received by the machine.
z
If [Network] is set, register the user details managed with remote services and performs authentication
using the details.

Log In to Remote Accounts

Authentication is performed using user information managed in an external authentication server.
For users using an external server (LDAP, Kerberos, our products (sold separately) or Microsoft Entra
ID). User information is not registered to the machine.
Authentication/Accounting Mode is set to [Remote], Authentication becomes “Remote Account”.

Note
zThe remote authentication kit is required.
z
When using remote accounts (other than when using our products (sold separately)), you can select
available services from the touch panel display on the machine based on access permission information
retrieved from the external authentication server.

Authentication Method
User ID Authentication
User information such as User IDs and passwords is registered to the machine or an external
authentication server in advance for users to enter in their user ID and password from the touch
panel display on the machine directly for authentication.

Card Authentication
User information such as card numbers registered to cards, user IDs and passwords is registered to
the machine or an external authentication server in advance for card authentication.

Combined Use of Card Authentication and User ID Authentication

Allows the combined use of card authentication and user ID authentication.

Note
z
To use card authentication and user ID authentication in local accounts, set [Login When Card Reader Is
Connected] to [IC Card / Control Panel Login]. Refer to "[Authentication]" (P.197) for more information.

Accounting Feature
Types of Accounting Modes
Local Accounting
Accounting reports are performed using authenticated user information registered to the machine.
Authentication/Accounting Mode is set to [Local], Authentication becomes “Local Accounting”.

Note
z
The following users can print accounting reports.
- Administrator
- Users granted administrator permissions
- Users granted account administrator permissions

12.1 Summary
219
Network Accounting
Performs accounting using user details managed with remote services.
Job data saved to the machine by the external service is collected and processed by user.
Authentication/Accounting Mode is set to [Network], Authentication becomes “Network
Accounting”.

Note
z
User information managed in an external service is sent from the external service to the machine and
registered to the machine. When the user information managed in an external service is updated, the
updated user information must be sent from the external service to the machine.

Accounting Using an Authentication Server

With this, accounting is performed using an authentication server.
Job data saved to the machine by the external service is collected and processed by user.
If you set Authentication/Accounting Mode to [Remote] and [Authentication System] is
[Authentication Agent], this becomes “Accounting Using an Authentication Server”.

Note
z
If [Authentication System] is other than [Authentication Agent], accounting is not performed with the
authentication server.

Services that Allow for Local Accounting

This section describes information for which accounting is possible by service jobs.

Print

Service (Job) Applicable User Management

Items
Normal Print Machine printer drivers Login User Number of sides/
sheets printed

Non-machine printer drivers*1 Guest User

Secure Print Printing files Login User

Sample Set
Print Files from Folder
Delayed Print
Charge Print
Private Charge Print

Print Email*1 Guest User

*1 :Printing is possible if [Permissions] > [Permissions] > [Access Control] > [Non-Account Print] is set to [Unlocked] in
Internet Services.

Scanner

Service Applicable User Management Items

Email Login User Scanning, sending Emails
Scan to Folder Scanning
Scan Scanning, forwarding files
Scan to USB Scanning

220 12 Authentication and Accounting Feature

Fax

Service (Job) Applicable User Management Items

Fax Recipient Auto Send Login User Number of times/sheets to
send as fax, frequency of
Manual Send (outgoing
communications
calls, incoming calls)
Receive faxes, Auto Receive and Print Number of times/sheets
printing -*1 received, number of sides/
sheets printed
Manual Receive Print
(outgoing calls,
incoming calls)
Store Fax - Local Auto Store and Receive Number of times/sheets
-*1 received
Store and Receive Print Login User*2 Number of sides/sheets
printed
Fax Polling Auto Send (to Folder) Guest User Number of times/sheets to
send as fax
Auto Receive and Print Login User Number of times/sheets
polled, number of sides/
sheets printed
Confirm and Print Login User*2 Number of sides/sheets
Stored Files printed
(Folder, Public Folder)
Send as Direct Fax Login User Number of times/sheets to
send as fax, frequency of
communications
Send as Internet Fax Login User Number of times/sheets to
send as Internet fax
Receive, Print Auto Receive Print Number of times/sheets
Internet Fax -*3 received, number of sides/
sheets printed
Auto Receive in Folder Number of times/sheets
received
Store and Receive Print Login User*2 Number of sides/sheets
printed
Receive Internet Fax, Auto Send (Transfer) Number of times/sheets to
Transfer Fax -*4 send as fax, frequency of
communications

*1 :Processed as faxes received.

*2 :If [Print Files from Folder] is set to [Unlocked], guest user data will be accounted for. Refer to "[Authentication]" (P.197)
for [Print Files from Folder].
*3 :Processed as Internet faxes received.
*4 :Processed as Internet faxes received and transferred.

„ Cautions When Using Accounting Reports (Fax Jobs)

z
Faxes sent to the same address from different users will not be counted as batch send jobs.
z Communication frequency is calculated using an independent timer installed within the machine.
Be aware that this may result in slight differences between communication fees calculated from
the communication frequency and the amount charged by the telecommunication company, etc.
z
When receiving segmented pages, counting is based on the number of sides received, not the
number of sheets printed.

12.1 Summary
221
 z The communication frequency does not take into account the following communications.
- Entering a number using the keypad, or using on-hook/off-hook
- Using an address for which billing information has not been registered
- When placing calls (included calls made before communications)

„ Fax Billing
The following actions are not charged.
z Entering a number using the keypad and dialing the number
z
Communications to an address for which billing information has not been registered
z
When manually receiving, sending and polling
z When placing calls

Services that Allow Usage Limit or Accounting

Settings for Authentication/Accounting Mode
Services that allow Usage Limit and Accounting settings to be configured are as follows.

When Using [Local] as Authentication/Accounting Mode

9: Available; -: Not available

Service Usage Limit by User Aggregation by User

Usage Limit by Account Limit
Feature
[Copy] 9 9 9
[Print] 9 9 9
[Scan] 9 9 9
[Fax] 9 - 9

When Using [Network] as Authentication/Accounting Mode

9: Available; -: Not available

Service Usage Limit by User Aggregation by User*2

Usage Limit by Account Limit
Feature*1
[Copy] 9 - 9
[Print] 9 - 9
[Scan] 9 - 9
[Fax] 9 - 9

*1 :Usage Limit can be configured in our products (sold separately).

*2 :This can be processed in our products (sold separately).

222 12 Authentication and Accounting Feature

When Using [Remote] as Authentication/Accounting Mode
9: Available; -: Not available

Service Usage Limit by User Aggregation by User*2

Usage Limit by Account Limit
Feature*1
[Copy] 9 - 9
[Print] 9 - 9
[Scan] 9 - 9
[Fax] 9 - 9

*1 :Usage Limit can be configured in our products (sold separately).

*2 :This can be processed in our products (sold separately).

12.2 Authentication for Job Flow Sheets and

Folders
Conditions for Job Flow Sheet and Folder Use
z When using remote accounts or local accounts, changing the authentication method will delete job
flow sheets and folders created by authenticated users.
z
Job flow sheets and folders will not be deleted even if the authentication method is changed under
the following circumstances.
- When the job flow sheet or folder has been created by the administrator.
- When the job flow sheet or folder was created by a local user while the authentication feature
was not in use.

When Using the Authentication Feature

Note
z
When using the authentication feature, the following users are able to use folders and job flow sheets.
- Authenticated users and administrators when using [Local] or [Network]
- Authenticated users other than guest users when using [Remote]

Creating Folders
When using the authentication feature, the relationship between creators and users of folders that
can be created/used is as follows.

Folder Creator Permitted Users Available Actions

Login User Creators/Administrators View, Delete, Change Settings, View Files,
Delete Files, Register Files, Print Files,
View Job Flow Sheets, Associate Job Flow
Sheets, Execute Job Flow Sheets
Administrator All guest users*2/All View, Delete*1, Change Settings*1, View
Authenticated users/ Files, Delete Files, Register Files, Print
Administrators Files, Associate Job Flow Sheets*1, View
Job Flow Sheets, Execute Job Flow Sheets

*1 :Actions only available to administrators.

*2 :This is available if folder use is permitted in authentication feature settings in Administrator Mode.

12.2 Authentication for Job Flow Sheets and Folders

223
Creating Job Flow Sheets from the [Send from Folder] Screen
Job flow sheet creators, the users that can use them, and the actions available are as follows.

Job Flow Sheet Permitted Users Available Actions

Creator
Login User Creators/Administrators Edit, View, Copy, Delete, Select, Run,
Associate with Folder
Administrator All authenticated users/ Edit*1, View, Copy*2, Delete*1, Select,
Administrators Run, Associate with Folder

*1 :Actions only available to administrators.

*2 :The user copying job flow sheets will be the creator of the copied job flow sheets.

Creating Job Flow Sheets in [Create Job Flow Sheet]

Job flow sheet creators, the users that can use them, and the actions available are as follows.

Job Flow Sheet Permitted Users Available Actions

Creator
Login User Creators/Administrators Edit, View, Copy, Delete, Select, Run
Administrator All authenticated users/ Edit*1, View, Copy*2, Delete*1, Select,
Administrators Run

*1 :Actions only available to administrators.

*2 :The user copying job flow sheets will be the creator of the copied job flow sheets.

When the Authentication Feature is Not Used

Creating Folders
The relationship between creators and users of folders is as follows.

Folder Creator Permitted Users Available Actions

Local User All local users/Administrators View, Delete, Change Settings, View
Files, Delete Files, Register Files, Print
Files, View Job Flow Sheets, Associate
Job Flow Sheets, Execute Job Flow
Sheets
Administrator All local users/Administrators View, Delete*1, Change Settings*1, View
Files, Delete Files, Register Files, Print
Files, Associate Job Flow Sheets*1, View
Job Flow Sheets, Execute Job Flow
Sheets

*1 :Actions only available to administrators.

Note
z
Files registered and printed using Network Scanner Utility 3 are outside the scope of authentication.

224 12 Authentication and Accounting Feature

Creating Job Flow Sheets from the [Send from Folder] Screen
Job flow sheet creators, the users that can use them, and the actions available are as follows.

Job Flow Sheet Permitted Users Available Actions

Creator
Local User All local users/Administrators Edit, View, Copy, Delete, Select, Run,
Associate with Folder
Administrator All local users/Administrators Edit*1, View, Copy*2, Delete*1, Select,
Run, Associate with Folder

*1 :Actions only available to administrators.

*2 :The user copying job flow sheets will be the creator of the copied job flow sheets.

Creating Job Flow Sheets in [Create Job Flow Sheet]

Job flow sheet creators, the users that can use them, and the actions available are as follows.

Job Flow Sheet Permitted Users Available Actions

Creator
Local User All local users/Administrators View, Edit, Copy, Delete, Select, Run
Administrator All local users/Administrators View, Edit*1, Copy*2, Delete*1, Select,
Run

*1 :Actions only available to administrators.

*2 :The user copying job flow sheets will be the creator of the copied job flow sheets.

12.3 Enabling User Authentication

When using local accounts, configure settings in the following order.
z
"Authentication and Accounting Method" (P.225)
z
"Access Control" (P.226)
z "Authorization Groups" (P.218)
z
"User Registration (Log In to Local Accounts)" (P.228)
When using remote accounts, configure settings in the following order.
z "Authentication and Accounting Method" (P.225)
z
"Access Control" (P.226)
z
"Authentication System Setup (Log In to Remote Accounts)" (P.231)

Note
z
To require password entry for authentication, set [Password for Control Panel Login] or [Password for IC
Card Login] to [On]. For details, refer to "[Authentication]" (P.197).
z It is necessary to log in to Administrator Mode to perform the following settings.

Authentication and Accounting Method

Note
z
You can set the authentication/accounting method also in [Authentication/Accounting Settings] in
[Accounting].

1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] >

[Authentication] > [Authentication/Accounting Settings].

12.3 Enabling User Authentication

225
2. Select [Local] or [Remote], tap on [OK].

Access Control
1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] >
[Authentication] > [Access Control].

2. Tap on [Device Access], select [Unlocked] or [Locked].

3. Tap on [App Access].

4. Configure authentication requirements for actions by service.

Note
z
If [Locked (Show Icon)] is set, the confirmation screen displays when you tap on the icons on the Home
screen without authentication.
z
If [Locked (Hide Icon)] is set, the icons for the corresponding function button are not displayed on the
Home screen without authentication.

5. Tap on [<].

6. Tap on [Feature Access].

226 12 Authentication and Accounting Feature

7. Select [Unlocked] or [Locked] for the feature being changed.

Authorization Groups
Register authorization groups to assign to users.

1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] >

[Authentication] > [Create Permission Groups].

2. Select the authorization group number to register, and then tap on [Create/Delete].

Note
z
The following users will belong to the No. 00 [DefaultGroup (Default)] (default authorization group).
- Newly created users
- Users that have not yet been authenticated
- Authenticated users for which the [Authentication System] is not set to [Authentication Agent] in
remote accounts
z
The default authorization group can be changed in the same manner as other authorization groups.

3. Tap on [Group Name], enter the name and then tap on [OK].

4. Tap on the permission to change, and select the setting.

12.3 Enabling User Authentication

227
 [Restriction on Recipient Selection]
When communications sent to addresses not listed in the Address Book are restricted, this can lift
the restriction.

[Restriction on Address Book Editing]

When editing the Address Book is restricted, this can lift the restriction.

[Allow Force Print Suspension]

When a Force Watermark, Print Universal Unique ID, Force Annotation or other forced printing is set,
this can temporarily lift the forced printing settings.

User Registration (Log In to Local Accounts)

Authenticated users are registered to the machine when Log In to Local Accounts is set.
Administrator permissions, service access and account limit settings can be configured for each user.

Note
z
Users can also be registered in [Authentication/Accounting Settings] under [Accounting].

1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] >

[Authentication] > [Create/View User Accounts].

2. Tap on the field to register a user.

Note
z The unique number with 4 digit (user registration number) are assigned to the field to register a user.

3. Enter the User ID and then tap on [OK].

4. Tap on [User Name].

5. Enter the user display name, and then tap on [OK].

6. If there is a [Password], set the password.

228 12 Authentication and Accounting Feature

7. Tap on [Enter Password], and then enter the password.

8. Tap on [Next], and then enter the same password.

9. Tap on [OK].

10. Set access restrictions and permissions as needed.

[Email Address]
This is used as the default ["From" Address] address when sending Emails when authenticating.

[Device Access]
Allows machine use.

Note
z
If an IC Card reader is connected, this permission can be set for each authentication method.

[Feature Access/Limits]
Specify use restrictions and account limit settings for each service. Select the service, and then set
either [Feature Access] or [Account Limit], and tap on [OK].

[User Permissions]
You can grant permissions to users. Configure authorization group settings in [Add to Permission
Group].
z
[Local User]
Permissions for regular users who do not have administrator permissions.
z [System Administrator]
The same permissions as the administrator can be granted. However, folders and job flow sheets
cannot be modified, and administrator passwords cannot be changed.
z
[Account Administrator]
The following accounting-related permissions can be granted.
- Registering/deleting/changing (some) user information
- Registering/deleting/changing accounting data
- Changing alternative name for user ID/mask user ID (***)
- Changing alternative name for account ID/mask account ID (***)
- Printing accounting reports

12.3 Enabling User Authentication

229
Deleting Registered Users (Log In to Local Accounts)
Note
zAny job flow sheets, folders and files inside folders that the user being deleted is an owner of will also get
deleted.

Deleting Individual Users

1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] >

[Authentication] > [Create/View User Accounts].

2. Select the user registration number to delete.

3. Tap on [Delete Account].

4. Tap on [Delete].

Deleting All Users

1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] >

[Authentication] > [Delete/Reset Account Data].

2. Tap on [All User Accounts] > [Delete/Reset].

3. Tap on [Delete].

230 12 Authentication and Accounting Feature

Authentication System Setup (Log In to Remote
Accounts)
This registers an external authentication server to the machine.

1. Tap on > [Device] > [Network Settings] > [Remote Authentication / Directory Service] >
[Authentication System Setup] > [Authentication System].

2. Select the type of external authentication server, and then tap on [OK].

Note
zIf using our products (sold separately) as the remote accounts, select [Authentication Agent].

3. If an option other than [Authentication Agent] is selected, tap on [<], and then register the
authentication server details.

Refer
zRefer to Internet Services help for details of Microsoft Entra ID.

Other Settings (LDAP)

Encrypting Communications Between the Machine and the
LDAP Server
1. Tap on > [Device] > [Network Settings] > [Security Settings] > [SSL/TLS Settings].

2. Set [LDAP - SSL/TLS Communication] to [Enabled].

3. Tap on [<] twice.

4. Tap on [Remote Authentication / Directory Service].

12.3 Enabling User Authentication

231
5. Tap on [LDAP Server / Directory Service Settings] > [Primary Server - Port Number].

6. Enter the port number to run LDAPS, and then tap on [OK].

Logging In as an LDAP Server User that has Established a Trust

Relationship in Active Directory
The procedure for logging in to the machine as a user on a trusted domain server is described below,
assuming the following conditions have been met as an example.
z The domain name is set to “w2k8adtest.local”.
z
A trust relationship has been established in [Active Directory Domains and Trusts].

Refer
zFor more information about [Active Directory Domains and Trusts], refer to the official website of
Microsoft.

1. Tap on > [Device] > [Network Settings] > [Remote Authentication / Directory Service] > [LDAP
Server / Directory Service Settings].

2. Set [LDAP Referrals] to [Enabled].

3. Set [LDAP Referral Hop Limit] as needed.

Note
zThe maximum number of servers that can be connected is the value set for the [LDAP Referral Hop
Limit]. If this is set to “5”, up to five trust relationship connections can be made.
z
With regard to [Login Credentials to Search Entries], users must also be qualified to access the trusted
LDAP server.
z
From a security feature perspective, connections will not be made to unencrypted trusted domains while
LDAPS is in use.

232 12 Authentication and Accounting Feature

If Logging In Takes an Excessive Amount of Time, and the Same
User Succeeds and Fails Login Attempts
This can be thought to be due to the following.
z
The scope for searching LDAP servers is too broad
z
There are too many entries contained within the search scope
Review [Search Directory Root] and [Search Scope]. For details, refer to "[LDAP Server / Directory
Service Settings]" (P.181).
Additionally, login failures may be avoided by setting a sufficiently long timeout duration for
connecting to the LDAP server for the machine. However, as this will not reduce the time required to
log in, this should only be considered a provisional measure.
Follow the procedure below to set the connection timeout duration.

1. Tap on > [Device] > [Network Settings] > [Remote Authentication / Directory Service] >
[Authentication System Setup].

2. Confirm and change the following settings as required.

[Server Response Timeout]

This sets the maximum timeout duration for a response from the server when an authentication
request is sent to the LDAP server.
Change this setting when the network load is thought to be causing the issue.

[Search Timeout]
This sets the maximum timeout duration for a response from the server when an search request is
sent to the LDAP server.
Change this setting when the LDAP server load is thought to be causing the issue.

12.4 Registering IC Card

Note
zWhile you are operating jobs as a guest user, do not register the IC Card or re-register.
z
While you are operating Smart Card Registration, a guest user will remain in case that you close the
setting screen with the menu button, or the machine resets the settings automatically by the Auto Clear
service. In this case, the system administrator can delete the guest user on the control panel, or Device
Setup. The user name of a guest user is specified as the default of [Account Auto Setup for Card Login].

12.4 Registering IC Card

233
New Registration
Users Who Have Active Directory Accounts (Login to Remote
Accounts)
1. Touch the unregistered IC Card over the IC Card reader of the machine.

2. Enter your Active Directory ID and password. Then tap on [Register].

Users Who Have Active Directory Accounts (Login to Local

Accounts)
1. Touch the unregistered IC Card over the IC Card reader of the machine to authenticate as the
[Guest User].

2. Tap on [Smart Card Registration].

3. Select [Active Directory® Server], enter your Active Directory ID and password and then tap on
[Register].

Note
z
If you want to control access for each user, a system administrator needs to set.
z The password you entered in this procedure is registered as the password of the machine. Even if you
change Active Directory's password, the machine’s password is not changed automatically. When you
change Active Directory's password, change it on the control panel of the machine.

Users Who Do Not Have Active Directory Account (Local Users)

1. Beforehand, make sure a system administrator that your user information (ID and password) is
already registered.

2. Touch the unregistered IC Card over the IC Card reader of the machine to authenticate as the
[Guest User].

3. Tap on [Smart Card Registration].

4. Select [Local Machine] for [Domain]. And enter your ID and password noticed by the system
administrator. And then tap on [Register].

Re-registration of Card
If you need to re-register (overwrite) a different IC Card which is not the same IC Card as you have
ever used.

1. Operate the same procedures as described in "New Registration" (P.234).

2. Tap on [Register] on the screen displayed.

3. Tap on [OK].

234 12 Authentication and Accounting Feature

12.5 Settings for IC Card Reader
Authentication
With this, you can perform authentication using information registered to an IC Card, collate
information registered to an IC Card with user information registered to the machine, and perform
accounting tasks for usage restrictions, jobs and other machine data.

Step 1: Set a Joint Password For Use With the IC Card

In remote accounts, set whether to ask for a password when logging in to the machine using an IC
Card.

1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] >

[Authentication] > [User Details Setup].

2. Tap on [IC Card Link Mode] > [Type Password].

Step 2: Logout Method When Using an IC Card

Set how to log out authentication when using an IC Card.

1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] >

[Authentication] > [User Details Setup] > [Contactless IC Card Logout Timing].

2. Select how to log out authentication, and then tap on [OK].

Step 3: Register IC Card Details

The administrator uses Internet Services to set IC Card details and information used for
authentication.

12.5 Settings for IC Card Reader Authentication

235
Step 4: Set Up the LDAP Server (Log In to Remote Accounts)
Set the attribute corresponding to the IC Card ID, and attribute used to identify the user after
authentication.

1. Tap on > [Device] > [Network Settings] > [Remote Authentication / Directory Service] > [LDAP
Server / Directory Service Settings] > [Attribute of IC Card].

2. Enter the attribute name corresponding to the IC Card ID, and then tap on [OK].

Note
z
The IC Card ID must be registered to the attribute in advance.
z Set an attribute that guarantees that each user is provided with a unique value.

3. Tap on [Network User ID Attribute].

4. Once authentication using the IC Card is complete, enter the user display name and the attribute
name to use as the identifier, and then tap on [OK].

Note
z
Set an attribute that guarantees that each user is provided with a unique value.
z If the set attribute cannot be retrieved from the LDAP server, you will be unable to log in.

12.6 User Authentication Operations

Authenticating Login Users

You can authenticate a registered user by using the touch panel display on the machine, or touching
the IC Card to the IC Card reader.

Changing a Registered User Password

A registered user can set or change a registered user password using the touch panel display, or
Internet Services.

1. Tap on > [Device] > [Authentication/Accounting] > [User Details Setup] > [Change Password].

2. Enter the current password, and then tap on [OK].

3. Tap on [Enter Password] and then enter the new password.

4. Enter the new password, tap on [Next], and then enter the same password.

236 12 Authentication and Accounting Feature

5. Tap on [OK].

User Authentication When Using Microsoft Entra ID

Refer
z
Refer to "Logging in to Authentication Mode" (P.32) for more information.

12.6 User Authentication Operations

237