Configure Authentication Settings (Login Method) Using the Embedded Web Server

Authentication

Authentication is the process of confirming your identity. When the system administrator enables authentication, the printer compares the information that you provide to another source of information, such as an LDAP directory. The information can be a user name and password, or the information stored on a magnetic, proximity, or Smart Card. If the information is valid, you are considered an authenticated user.

Setting the Login Method

Login methods provide different levels of authentication and allow different ways to access the printer. You can choose from the following login methods:

• Simple: For the Simple level, users type their user name or select it from a list at the control panel or in the Embedded Web Server. The printer uses no other levels of authentication. If you do not need secure access to the printer, use this method.

• Local: For the Local level, to prove their identity, users type their user name and password at the control panel or in the Embedded Web Server. The printer compares the user credentials to the information the user database stored in the printer. If you have a limited number of users, or do not have access to an authentication server, use this authentication method.

• Network: For the Network level, to prove their identity, users type their user name and password at the control panel or in the Embedded Web Server. The printer compares the user credentials to the information stored on an authentication server.
  
  NOTE: The printer can use one of the following authentication server types: Kerberos (Windows ADS), SMB (Windows ADS), or LDAP.
  
  

• Convenience: For the Convenience level, users swipe a pre-programmed identification card at the control panel. To use this method, purchase and install a USB card reader and use an authentication server that supports the Xerox® Convenience Authentication API.

• Smart Card: For the Smart Card level, users insert a pre-programmed identification card in a card reader at the control panel. Users also type their user name and password. To use this method, purchase and install a Smart Card reader system.

NOTE: When you open the Login Method page, the page indicates the current login method by a check mark and an Edit button. Any unselected methods display a Select button. To edit the current method, click Edit. To select a different method, click Select.

Setting the Simple Login Method:

1. In the Embedded Web Server, log in as administrator, then click Permissions > Login/Logout Settings. See the Related Content for additional information.

2. For Simple, click Select.

3. Select the method for users to identify themselves.

4. Click OK.

5. If a confirmation message appears that prompts you to restart the printer, click Change.

Setting the Local Login Method:

1. In the Embedded Web Server, log in as administrator, then click Permissions > Login/Logout Settings. See the Related Content for additional information.

2. For Local, click Select.

3. Select the method for users to identify themselves.

4. Click OK.

5. If a confirmation message appears that prompts you to restart the printer, click Change.

User Database

The user database stores user credential information. The printer uses this information for local authentication and authorization, and for Xerox Standard Accounting. When you configure local authentication, the printer checks the credentials that a user provides against the information in the user database. When you configure local authorization, the printer checks the user database to determine which features the user is allowed to access.

NOTE: User names and passwords stored in the user database are not transmitted over the network.

Adding User Information to the User Database

To add user information to the user database, refer to Creating a User Account and Editing the Account Settings for Individual Users under Xerox Standard Accounting. See the Related Content for additional information.

Setting the Network Login Method:

1. In the Embedded Web Server, log in as administrator, then click Permissions > Login/Logout Settings. See the Related Content for additional information.

2. For Network, click Select.

3. Select an authentication protocol, then click Next.

4. Configure the authentication protocol, then click Done.

   • For details on configuring the Kerberos (Windows ADS) protocol, refer to Configuring Authentication Server Settings for Kerberos below.

   • For details on configuring the SMB (Windows ADS) protocol, refer to Configuring Authentication Server Settings for SMB below.

   • For details on configuring the LDAP protocol, refer to Configuring Authentication Server Settings for LDAP below.

5. If a confirmation message appears that prompts you to restart the printer, click Change.

Configuring Authentication Server Settings for Kerberos:

1. On the Network Login window, select Kerberos (Windows ADS), then click Next.

2. In the Default Server area, for Realm, type the domain or realm for your authentication server.

3. In the Default Server area, for Server Address, type the IP address and port number for your authentication server.

4. For each alternate server, as needed, type the domain or realm and the server address.

5. To remove an alternate server from the list, click the Trash icon.

6. When you have entered information for all servers, click Done.

Configuring Authentication Server Settings for SMB:

1. On the Network Login window, select SMB (Windows ADS), then click Next.

2. In the Default Server area, for Domain, type the domain for your authentication server.

3. In the Default Server area, for Server Address, type the IP address for your authentication server.

4. For each alternate server, as needed, type the domain and server address.

5. To remove an alternate server from the list, click the Trash icon.

6. When you have entered information for all servers, click Done.

Configuring Authentication Server Settings for LDAP:

The printer uses the primary LDAP server for authentication, authorization, and personalization. The primary LDAP server is the server that appears at the top of the LDAP server list on the LDAP Server page in the Embedded Web Server. If you already have configured LDAP server settings, the printer uses this server automatically when you select LDAP as the network authentication or authorization method. The printer only uses alternate LDAP servers for authorization and personalization when primary LDAP server communication fails.

For details on configuring the authentication servers settings for LDAP, refer to Adding LDAP Server Information. See the Related Content for additional information.

Setting the Convenience Login Method

For Convenience Authentication, the card uses either a magnetic strip or an RFID. A convenience authentication card is different from a Smart Card, which uses an embedded chip. Smart Card use typically requires login and password credentials.

To set the Convenience login method:

1. In the Embedded Web Server, log in as administrator, then click Permissions > Login/Logout Settings. See the Related Content for additional information.

2. For Convenience, click Select.
   
   NOTE: The Convenience login method requires that HTTP SSL-TLS is set to On. For details, refer to Configuring HTTP Settings in the Embedded Web Server under Configure HTTP. See the Related Content for additional information.
   
   

3. In the Server area, type the IP address and path for the server.

4. To allow users to log in without a card, in the Alternate Login area, select Yes.

5. In the Accounting Codes area, select a source for the accounting code.

6. To configure a local login method, in the Device Website Login Method area:

   1. If Local is not currently selected, click Select.

   2. When Local is selected, click Edit.

   3. Select a method for users to identify themselves, then click OK.

7. If you are prompted to restart the printer, click Restart Later.

8. To configure a network login method, in the Device Website Login Method area:

   1. If Network is not currently selected, for Network, click Select.

   2. Select and configure an authentication protocol.

      • For details on configuring the Kerberos (Windows ADS) protocol, refer to Configuring Authentication Server Settings for Kerberos above.

      • For details on configuring the SMB (Windows ADS) protocol, refer to Configuring Authentication Server Settings for SMB above.

      • For details on configuring the LDAP protocol, refer to Configuring Authentication Server Settings for LDAP above.

Setting the Smart Card Login Method

For Smart Card authentication, the card uses an embedded chip and typically requires login and password credentials. A Smart Card is different from a convenience authentication card, which uses a magnetic strip or RFID. Convenience authentication card use typically does not require a login.

Note: You cannot use Xerox Standard Accounting with Smart Card Authentication.

Configuring Smart Card Server Authentication

1. In the Embedded Web Server, click Permissions > Login/Logout Settings. See the Related Content for additional information.

2. In the Login Method area, for Smart Card, click Select.

Adding a Domain Controller

1. To add a domain controller, in the Domain Controller area:

   1. Click Add or the Plus icon (+).

   2. For Type, select the desired protocol.

   3. For Address or Host Name, type the IP address or host name for the domain controller.

   4. For Domain, type the domain name for the domain controller.

   5. Click OK.

2. To validate the certificate returned by the domain controller, in the Validate area, click the Enable toggle button.

Setting a Timeout and Synchronizing with a Time Server

1. To set a timeout for the Smart Card reader, in the Options area, for Timeout, type the number of seconds that the printer waits for a response from the domain controller.

2. To synchronize the Smart Card reader with a time server:

   1. In the Options area, click SNTP.

   2. For Time Server Synchronization, click the Enable toggle button.

   3. For Time Server Address, type the IP address for the time server.

   4. For Time Synchronization Interval, type the number of minutes when the Smart Card reader synchronizes with the server.

   5. Click OK.

Configuring a Login Method

1. To configure a local login method, in the Device Website Login Method area:

   1. If Local is not currently selected, click Select.

   2. When Local is selected, click Edit.

   3. Select a method for users to identify themselves, then click OK.

2. If you are prompted to restart the printer, click Restart Later.

3. To configure a network login method, in the Device Website Login Method area:

   1. If Network is not currently selected, for Network, click Select.

   2. Select and configure an authentication protocol.

      • For details on configuring the Kerberos (Windows ADS) protocol, refer to Configuring Authentication Server Settings for Kerberos above.

      • For details on configuring the SMB (Windows ADS) protocol, refer to Configuring Authentication Server Settings for SMB above.

      • For details on configuring the LDAP protocol, refer to Configuring Authentication Server Settings for LDAP above.

Completing the Smart Card Configuration

1. When finished, click OK.

2. If prompted to restart the printer, click Restart Now.

Related Content

• Log in to the Printer's Control Panel or Embedded Web Server as a System Administrator

• Create a User Account in Xerox Standard Accounting (XSA) Using the Embedded Web Server

• Edit the Account Settings for Individual Users in Xerox Standard Accounting (XSA) Using the Embedded Web Server

• Configure LDAP Using the Embedded Web Server

• Configure/Enable HTTP Settings