FUJIFILM Business Innovation
Back to top
Authentication for Job Flow Sheets and Folders
Registering IC Card

Enabling User Authentication

When using local accounts, configure settings in the following order.

When using remote accounts, configure settings in the following order.

Note

  • To require password entry for authentication, set [Password for Control Panel Login] or [Password for IC Card Login] to [On]. For details, refer to [Authentication].

  • It is necessary to log in to Administrator Mode to perform the following settings.

Authentication and Accounting Method

Note

  • You can set the authentication/accounting method also in [Authentication/Accounting Settings] in [Accounting].

  1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] > [Authentication] > [Authentication/Accounting Settings].
  2. Select [Local] or [Remote], tap on [OK].

Access Control

  1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] > [Authentication] > [Access Control].
  2. Tap on [Device Access], select [Unlocked] or [Locked].
  3. Tap on [App Access].
  4. Configure authentication requirements for actions by service.

    Note

    • If [Locked (Show Icon)] is set, the confirmation screen displays when you tap on the icons on the Home screen without authentication.

    • If [Locked (Hide Icon)] is set, the icons for the corresponding function button are not displayed on the Home screen without authentication.

  5. Tap on [<].
  6. Tap on [Feature Access].
  7. Select [Unlocked] or [Locked] for the feature being changed.

Authorization Groups

Register authorization groups to assign to users.

  1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] > [Authentication] > [Create Permission Groups].
  2. Select the authorization group number to register, and then tap on [Create/Delete].

    Note

    • The following users will belong to the No. 00 [DefaultGroup (Default)] (default authorization group).

      • Newly created users

      • Users that have not yet been authenticated

      • Authenticated users for which the [Authentication System] is not set to [Authentication Agent] in remote accounts

    • The default authorization group can be changed in the same manner as other authorization groups.

  3. Tap on [Group Name], enter the name and then tap on [OK].
  4. Tap on the permission to change, and select the setting.

    • [Restriction on Recipient Selection]

    When communications sent to addresses not listed in the Address Book are restricted, this can lift the restriction.

    • [Restriction on Address Book Editing]

    When editing the Address Book is restricted, this can lift the restriction.

    • [Allow Force Print Suspension]

    When a Force Watermark, Force Secure Watermark, Print Universal Unique ID, Force Annotation or other forced printing is set, this can temporarily lift the forced printing settings.

    • [When Protection Code Is Detected]

    If embedded job disabled code is detected, this can temporarily allow the job to continue.

User Registration (Log In to Local Accounts)

Authenticated users are registered to the machine when Log In to Local Accounts is set.

Administrator permissions, service access and account limit settings can be configured for each user.

Note

  • Users can also be registered in [Authentication/Accounting Settings] under [Accounting].

  1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] > [Authentication] > [Create/View User Accounts].
  2. Tap on the field to register a user.

    Note

    • The unique number with 4 digit (user registration number) are assigned to the field to register a user.

  3. Enter the User ID and then tap on [OK].
  4. Tap on [User Name].
  5. Enter the user display name, and then tap on [OK].
  6. If there is a [Password], set the password.
  7. Tap on [Enter Password], and then enter the password.
  8. Tap on [Next], and then enter the same password.
  9. Tap on [OK].
  10. Set access restrictions and permissions as needed.

    • [Email Address]

    This is used as the default ["From" Address] address when sending Emails when authenticating.

    • [Device Access]

    Allows machine use.

    Note

    • If an IC Card reader is connected, this permission can be set for each authentication method.

    • [Feature Access/Limits]

    Specify use restrictions and account limit settings for each service. Select the service, and then set either [Feature Access] or [Account Limit], and tap on [OK].

    • [User Permissions]

    You can grant permissions to users. Configure authorization group settings in [Add to Permission Group].

    • [Local User]

      Permissions for regular users who do not have administrator permissions.

    • [System Administrator]

      The same permissions as the administrator can be granted. However, folders and job flow sheets cannot be modified, and administrator passwords cannot be changed.

    • [Account Administrator]

      The following accounting-related permissions can be granted.

      • Registering/deleting/changing (some) user information

      • Registering/deleting/changing accounting data

      • Changing alternative name for user ID/mask user ID (***)

      • Changing alternative name for account ID/mask account ID (***)

      • Printing accounting reports

Deleting Registered Users (Log In to Local Accounts)

Note

  • Any job flow sheets, folders and files inside folders that the user being deleted is an owner of will also get deleted.

Deleting Individual Users
  1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] > [Authentication] > [Create/View User Accounts].
  2. Select the user registration number to delete.
  3. Tap on [Delete Account].
  4. Tap on [Delete].
Deleting All Users
  1. Tap on > [Device] > [Authentication/Accounting] > [Authentication/Security Settings] > [Authentication] > [Delete/Reset Account Data].
  2. Tap on [All User Accounts] > [Delete/Reset].
  3. Tap on [Delete].

Authentication System Setup (Log In to Remote Accounts)

This registers an external authentication server to the machine.

  1. Tap on > [Device] > [Network Settings] > [Remote Authentication / Directory Service] > [Authentication System Setup] > [Authentication System].
  2. Select the type of external authentication server, and then tap on [OK].

    Note

    • If using our products (sold separately) as the remote accounts, select [Authentication Agent].

  3. If an option other than [Authentication Agent] is selected, tap on [<], and then register the authentication server details.

    Refer

    • Refer to Internet Services help for details of Microsoft Entra ID.

Other Settings (LDAP)

Encrypting Communications Between the Machine and the LDAP Server

  1. Tap on > [Device] > [Network Settings] > [Security Settings] > [SSL/TLS Settings].
  2. Set [LDAP - SSL/TLS Communication] to [Enabled].
  3. Tap on [<] twice.
  4. Tap on [Remote Authentication / Directory Service].
  5. Tap on [LDAP Server / Directory Service Settings] > [Primary Server - Port Number].
  6. Enter the port number to run LDAPS, and then tap on [OK].

Logging In as an LDAP Server User that has Established a Trust Relationship in Active Directory

The procedure for logging in to the machine as a user on a trusted domain server is described below, assuming the following conditions have been met as an example.

  • The domain name is set to “w2k8adtest.local”.

  • A trust relationship has been established in [Active Directory Domains and Trusts].

Refer

  • For more information about [Active Directory Domains and Trusts], refer to the official website of Microsoft.

  1. Tap on > [Device] > [Network Settings] > [Remote Authentication / Directory Service] > [LDAP Server / Directory Service Settings].
  2. Set [LDAP Referrals] to [Enabled].
  3. Set [LDAP Referral Hop Limit] as needed.

    Note

    • The maximum number of servers that can be connected is the value set for the [LDAP Referral Hop Limit]. If this is set to “5”, up to five trust relationship connections can be made.

    • With regard to [Login Credentials to Search Entries], users must also be qualified to access the trusted LDAP server.

    • From a security feature perspective, connections will not be made to unencrypted trusted domains while LDAPS is in use.

If Logging In Takes an Excessive Amount of Time, and the Same User Succeeds and Fails Login Attempts

This can be thought to be due to the following.

  • The scope for searching LDAP servers is too broad

  • There are too many entries contained within the search scope

Review [Search Directory Root] and [Search Scope]. For details, refer to [LDAP Server / Directory Service Settings].

Additionally, login failures may be avoided by setting a sufficiently long timeout duration for connecting to the LDAP server for the machine. However, as this will not reduce the time required to log in, this should only be considered a provisional measure.

Follow the procedure below to set the connection timeout duration.

  1. Tap on > [Device] > [Network Settings] > [Remote Authentication / Directory Service] > [Authentication System Setup].
  2. Confirm and change the following settings as required.

    • [Server Response Timeout]

    This sets the maximum timeout duration for a response from the server when an authentication request is sent to the LDAP server.

    Change this setting when the network load is thought to be causing the issue.

    • [Search Timeout]

    This sets the maximum timeout duration for a response from the server when an search request is sent to the LDAP server.

    Change this setting when the LDAP server load is thought to be causing the issue.