Configuring Identity Provider (IdP) - Validate on Cloud Authentication Settings

Xerox : Overview, Networking, and Security : Security : Authentication : Configuring Identity Provider (IdP) - Validate on Cloud Authentication Settings

When you configure Identity Provider (IdP) authentication, users prove their identity by typing a user name and choosing one of the sign-in options, such as SFA (Single-Factor Authentication) or MFA (Multi-Factor Authentication), which do not require a password and are made available by the IdP. The device compares the user credentials to the information that is stored in the user database.

The Login Methods page in the Embedded Web Server provides links to authentication and personalization configuration settings.

1. In the Embedded Web Server, click Properties > Login/ Permissions/ Accounting > Login Methods.

2. Set the login method to Identity Provider (IdP) - Validate on Cloud. For details, refer to Setting the Login Method for the Control Panel.

3. In the Configuration Settings table, configure options for local authentication:

• To configure identity provider settings, for Identity Provider Endpoint, click Edit. For details, refer to Identity Provider Endpoint.

• To auto-populate IdP login from user certificate, for Auto-Populate IdP Login, click Edit.

In the Auto-Populate IdP Login window, to enable or disable Acquire email address from user certificate to auto-populate IdP login option, click the toggle button, then click OK.

• To add user information to the device user database, for Device User Database, click Edit. For details, refer to Adding, Editing, or Viewing User Information in the User Database.

• To specify the account and password requirements for a locally authenticated user, for Device Account Requirements, click Edit. For details, refer to Specifying User Password and Account Requirements.

• To configure card reader policies, for Card Reader Setup, click Edit. For details, refer to Configuring the USB Card Reader Disconnection Policy.

• To select the trusted client certificates to validate login first, for First Priority Client Cert Validation Pool, click Edit.

In the Edit Client Certificate Priority window, select Smart Card option to login with a Smart Card Authentication using the Certificate Based Authentication sign-in option, then click OK.

• If needed, specify the method that the printer uses to acquire the email address of users. For Acquiring Logged in User's Email Address, click Edit. For details, refer to Specifying the Method the Printer Uses to Acquire Email Address of Users.

• To customize the title and instruction text that appears on the blocking screen, for Customize Blocking Screen, click Edit. For details, refer to Customize Blocking Screen.

• To enable the USB device reset from the control panel, for USB Reset Policy, click Edit.

To enable or disable Allow the USB reset from the Touch Control Panel option, click the toggle button in the USB Reset Policy window, then click OK.

• To enable or disable the device authentication, for On-Device Authentication, click Edit.

In the On-Device Authentication window, to enable or disable On-Device Authentication option, click the toggle button, then click OK.

• To enable personalization for logged-in users, for Personalization, click Edit. For details, refer to Enabling Personalization.

• To view or delete personalization profiles, for Personalization Profiles, click Edit. For details, refer to View and Deleting Personalization Profiles.

• To provide information about your LDAP server for personalization, for LDAP Servers, click Edit. For details, refer to Configuring LDAP Server Optional Information.

• To enable or disable the logout prompt at the control panel, for Log Out Confirmation, click Edit. For details, refer to Disabling the Logout Confirmation Prompt.

• To enable and configure proxy server settings, for Proxy Server, click Edit. For details, refer to Proxy Server.

• To enable and configure an EIP authentication app, for EIP Authentication, click Edit. For details, refer to Configuring an EIP Authentication App.

• To enable and configure login using cards, for Card Credential Configuration, click Edit.

In the Card Credential Configuration window, to enable or disable Allow walkup users to login using cards option, click the toggle button, then click Save.

• To view or configure any actions on card profiles for a user, for Card Credential Profiles, click Edit.

The Card Credential Profiles window display the details of users having registered cards.