Xerox : Configuration and Security Settings : Accounting and Authentication : Defining the Components of the Authentication Feature
Defining the Components of the Authentication Feature
User Types Managed by the Authentication Feature
The following users are managed by Authentication / Security Settings > Authentication:
System Administrator
The system administrator can register and change system settings according to the environments being used. A system administrator uses a special user ID.
Login User
A login user is someone who is registered on the press or on a remote server. To use unrestricted services, a user ID and passcode must be entered.
Unregistered User
An unregistered user cannot use any of the restricted press services.
Local User
This is a user who does not log in to the machine.
User Roles and Authorization Groups
When registering a user on the press, the specific user role and an authorization group may be selected. This may be done for each user.
User Roles
Three user roles are available:
User: No special authority is given to this user.
Account Administrator: The same authority as a system administrator except this person cannot manage folders or job flow sheets nor can this person change the system administrator passcode.
System Administrator: This user has authority to create, delete, change (except for passcode), and view most user information; create, delete, change, and view accounting; change the alternative name for an account ID or mask account ID; and finally, print an auditron report for each user.
Authorization Groups
The following four settings can be configured for each authorization group:
Restrict Recipient Selection Method: Select whether or not to permit the group members to specify recipients when the Restrict Recipient Selection Method is set to Only From Address Book.
Restrict User to Edit Address Book: Select whether or not to permit group members to edit the address book in the machine when the address book editing function is prohibited.
Allow User to Disable Active Settings: Select whether or not to permit group members to disable active settings and still perform a job. Settings include Force Watermark, Force Secure Watermark, and Print Universal Unique ID. This setting enables users belonging to an authorization group to disable active settings from Home > Tools.
When Protection Code is Detected: Select whether or not to temporarily allow the press to process a job even if the machine detects a protection code on the original document.
Authentication Login Type Categories
Two categories of authentication are used depending on where user information is stored:
Login to Local Accounts
This option manages authentication based on the user information that is registered on the machine. This requires that Authentication / Security Settings > Authentication > Login Type is set to Login to Local Accounts and that Accounting > Accounting Type is set to Local Accounting. A print job sent directly from a computer can be received on the machine after being authenticated by cross-checking the authentication information on the client print driver with the information that is registered on the machine.
Login to Remote Accounts
Uses a remote authentication server to manage authentication. User information is not registered on the machine.
Note: A registered user ID on the remote authentication server can be a maximum of 32 characters. The password a maximum of 128 characters. For SMB authentication, however, the password can be a maximum of 32 characters.
Authentication Methods
The following authentication methods are available on the machine:
User ID Authentication
This method requires users to enter their user IDs and passcodes with the numeric keypad or the touch screen of the machine UI. Authentication is performed with the user information that is registered on the machine or on a remote server.
The user ID authentication method is available with both Authentication > Login Type > Login to Local Accounts and with Authentication > Login Type > Login to Remote Accounts.
Login to Local Accounts: Authentication is managed by using the information registered on the machine for each user. A print job sent directly from a computer can be received on the machine after being authenticated by cross-checking the authentication information on the client print driver with the information that is registered on the machine.
Login to Remote Accounts: Authentication is managed by a remote server. User information is not registered locally on the machine.
Smart Card Authentication
Authentication is performed using the smart card (Common Access Card / CAC).
Combination of Smart Card and User ID Authentication
Authentication is performed by obtaining the user ID card information and validating it against the registered card information on the machine or remote server.