This section describes the settings in [System Settings]
→ [Authentication Settings] → [Initial Settings] in "Settings (Administrator)".
This setting enables or disables user authentication
and specifies the authentication method.
When the user authentication is enabled, each user of the
machine is registered. When a user logs in, the separate authentication
settings apply to the user. This function allows greater control
of security and cost management than that on previous machines.
Even if user information is not stored on the machine, you
can directly enter the user information stored in an LDAP server
to log in the machine if necessary. In this case, the authentication
information of the "User" being stored as factory default applies
to the login user. For more information see "
Users stored as factory default".
User
Authentication
When [User Authentication] is enabled, the authentication
screen appears before an operation is carried out in any mode except
the job status screen*.
Log in as an already registered user.
After logging in, you can move freely through the modes.
* The login screen appears when a document filing file is used or when a broadcast transmission is reattempted from the job status screen.
Set the location where user authentication is to be
enabled.
Login Locally: User authentication is performed on this machine.
LDAP: User authentication by LDAP server.
Active Directory: User authentication by Active Directory.
Sharp OSA: Authenticate the user using the Sharp OSA application.
Use this to set the default network authentication server.
When you log into Setting mode (Web version) or send a print
job to the machine using user information that is not registered
in the machine, the authentication server is not known.
This setting is used to select one of the LDAP servers registered
in the machine as the authentication server.
Register the access control information for page count
limits, authorities, and favorite operations can be registered
on an network server in advance. By using this network server for
network authentication, perform the user authentication based on
the registered access control information.
Use this function when user authentication is performed by
network authentication using an LDAP server or a directory service
(Active Directory, etc.).
Before using this function, configure settings for authentication
by network server, obtain control numbers for the "Pages Limit Group",
"Authority Group", "Favorite Operation Group", and "My Folder"
(including base settings for each group), and associate these with
the control numbers registered in the machine.
To use this function, add the properties associated with
"Pages Limit Group", "Authority Group", "Favorite Operation Group",
and "My Folder" to the directory information of the network server
used for user authentication.
The property information is indicated below. Settings previously
stored in the machine cannot be changed.
| Property | Name of property in factory default state | Settings |
|---|---|---|
|
Pages Limit Group |
pagelimit |
Registration number of Pages Limit Group registered in the machine, or a group name previously registered in the machine. Registration number of Authority Group registered in the machine, or a group name previously registered in the machine. Unlimited: unlimited |
|
Authority Group |
authority |
Registration number of Authority Group registered in the machine, or a group name previously registered in the machine. Registration number of Authority Group registered in the machine, or a group name previously registered in the machine. Admin: admin User: user Guest: guest |
|
Favourite Operation Group |
favorite |
Registration number of Favourite Operation Group registered in the machine, or a group name previously registered in the machine. Following the System Settings: systemsettings |
|
My Folder |
myfolder |
Folder name of user folder stored in the machine. Do not enter if the default folder is specified. |
Rename the properties that the machine obtains from
the LDAP server as follows. In "Settings", select [Network Settings]
→ [LDAP Settings]. From the Global Address Book setting screen that
is displayed, select [Linkage with User Control Function] and then
select [Pages Limit Group], [Authority Group], [Favourite Operation
Group] and [My Folder].
The [Pages Limit Group], [Authority Group], and [Favourite
Operation Group] information that is registered in each machine
determines the authority and settings that the user is actually
granted. To use this function to ensure that users are granted the
same authority and settings on any machine, register the [Pages
Limit Group], [Authority Group], and [Favourite Operation Group]
information with the same authority so that they will be registered
in each machine using the same registration numbers.
For [My Folder], register the folder having the same name
in [Custom Folder] in each machine.
The directory information of the network server that is used
cannot be changed from the machine. Consult the administrator of
the network server.
If 1000 users have already been manually registered, login
will not be possible. Consult the administrator of the machine.
Users auto-registered
When you log in by network authentication, your user information
is automatically registered in the machine.
The information stored is as follows:
| Item | Description |
|---|---|
|
User Name |
This information is acquired from the authentication server.* |
|
Initial |
1 |
|
Index |
User1 |
|
Card ID |
- |
|
PIN Code/Password |
- |
|
Authentication Settings |
- |
|
Authentication Server |
Network Authentication |
|
E-mail Address |
When Access Control is enabled, this information is acquired from the authentication server. |
|
My Folder |
|
|
Pages Limit Group |
|
|
Authority Group |
|
|
Favourite Operation Group |
* If the user name cannot be acquired by network authentication, the first 16 characters of the text string used as the login name for network authentication is applied.
This selects the authentication method. When using user
authentication, be sure to configure this setting first. The items to
be configured for users stored after setting the user authentication
method vary depending on the selected authentication method.
Authenticate
a User by Login Name and Password
Standard authentication method using a login name and password.
Authenticate
a User by Login Name, Password and E-mail Address
This authentication also checks the e-mail address, in addition
to the login name and password of the user.
Authenticate
a User by User Number Only
Use this option for simple authentication if you skip the
network authentication.
, login names with identical spelling
but different cases (upper and lower) will be identified as different
login names. Therefore, login names with identical spelling but
different cases will be authenticated as user names of different
users.
If the checkbox is set to , case sensitivity
for login names is disabled. Therefore, identically spelled user
names with upper and lower case character differences will be authenticated
as the user name of the same user., and identical user names with only upper
and lower case character differences exist, the user names that
have already been registered are identified as user names of different
users.Enable "
QUICK AUTHENTICATION".
A specific user can be registered as an auto login user.
When this option is enabled, the registered user can log in the machine
automatically.
This function can eliminate each login procedure on the authentication
screen and apply the selected user settings (such as network authentication
and favorite operations). As an example, this enables uses such
as "authentication for color copying only".
Also, you can temporarily log in as a user other than the
auto login user, and operate the machine with the privileges of this
user. To allow other users to log in temporarily when [Device Account
Mode] is enabled, select [Allow Login by Different User].
This setting is used to select the auto login user when
auto user login is enabled.
Store User Information
Set whether or not automatically registered users are created.
Externally authenticated users in Sharp OSA can also be automatically
registered.
Set whether or not authentication information for connection
to the cloud is retained as cache information.
When this setting is enabled, the authentication information
of a successfully authenticated user is retained to enable smooth
authentication when the user subsequently logs in.
When this setting is disabled, the previously retained cloud
connection authentication information of all users is deleted and
authentication information is no longer retained.
Use
IC Card for Authentication
Allows the IC card to be used when authenticating the user.
| Item | Description |
|---|---|
|
Only Card Authentication Approved |
User authentication is only for IC cards. |
|
Allow both use of IC card and input from the operation panel |
User authentication is possible from both the IC card and the operation panel. |
Request Password at IC Card Authentication
This can be set when "Authentication Settings" is "Active
Directory" and "Use IC Card for Authentication" is enabled. When
enabled, enter the password each time you authenticate with the
IC card. If disabled, the password will be entered when logging
in with the IC card for the first time, and the password information
will be sent to the Active Directory server. You can omit entering
the password for the second and subsequent logins.
Print jobs by users who have not registered
user information in this machine, such as jobs for which appropriate
user information has not been entered in the printer driver or when
"DIRECTLY PRINTING A FILE ON AN FTP SERVER" is entered from
the setting mode (administrator), are prohibited.
When user authentication is enabled, this setting
specifies whether or not to enable automatic logout.
The time until logout can be specified up to 240 seconds in
increments of 10 seconds.
When entering passwords, including administrator passwords,
during user authentication, the number of incorrect password attempts
is counted, and if the number of attempts reaches the specified
number (three), the user account is locked, and the user is blocked
from making any more attempts at authenticating their account until
a period of five minutes has elapsed. The number of incorrect entries
made is counted separately for each user, and the count is reset when
the correct password is entered.
This prevents an unauthorized person from attempting to guess
a password. (The number of failed login attempts is retained even
if the power is turned off.)
This setting specifies whether scanning can be performed
by remote operation before a user has logged in.
When user authentication is enabled, this setting
specifies whether or not to include the job status in user authentication.
Set whether the system information screen can
be displayed before logging in.
Enable IPP authentication on a non-printer driver.
This setting determines whether or not a job will be
completed if the page limit is reached while the job is in progress.
The following settings can be configured.
When retention is enabled in the printer driver and
print data has been spooled to the machine, you can have the spooled
print data automatically print out when the user who enabled retention
logs in.
After E-mail Status has been sent, the counter is reset.
Displayed only when E-mail Alert and Status is enabled.
This can be set when the job status is subject to user
authentication.
When this setting is enabled, only the logged-in user's job
is displayed on the job status screen.
When scanning E-mail transmissions (including resending)
during user authentication, when [System Settings] → [Authentication
Settings] → [Default Settings] → [Set Email Address of Logged In
User in the From/Sender Field of E-mail] is enabled in "Settings
(Administrator)", the user name and E-mail address of the logged-in
user will be set as the From/Sender field of E-mail.
When the logged-in user has not registered an e-mail address
or a job is configured to use digital signatures for sending e-mail
in the S/MIME function, the settings in [System Settings] → [Network
Settings] → [Service Settings] → [SMTP] (tab) → [Sender Name] and
[Sender Address] will be entered.
Applies the login name to the user name in the shared
folder.
When user authentication is enabled, select
whether the login name is shown or asterisks are shown.
| Item | Description |
|---|---|
|
Display login name |
Show the login name. |
|
Display login name with "*" |
Hide the login name with asterisks. |
When user authentication is enabled, this setting
specifies whether or not to display the page counts of a user when
the user logs in.
Settings you have created here is displayed on the login
screen.
Card
Scan Test
Perform a read test of the card to be used.
Card
ID Registration/Change Authority
Set whether the logged-in user can register/change/delete
his/her card ID information in this machine.
Check
System Code only in FeliCa User Area mode
Check the System Code only in FeliCa User Area mode.
Set when connecting a card reader/writer.
Version 06a / bp70c65_usr_06a_us
