CONFIGURING NETWORK AUTHENTICATION SETTINGS
When you configure network authentication, to prove their identity, users type their name and password at the control panel or in the Embedded Web Server. The device compares the user credentials to the information stored on an authentication server.
Note: If two or more authentication servers are configured, the IPP Authentication Policy window appears. The IPP Authentication Policy is used to determine which server to use for IPP Authentication.
The Login Methods page in the Embedded Web Server provides links to authentication and personalization configuration settings.
1. In the Embedded Web Server, click Properties > Login/ Permissions/ Accounting > Login Methods.
2. Set the login method to User Name / Password – Validate on the Network. For details, refer to Setting the Login Method for the Control Panel.
3. In the Configuration Settings table, configure options for network authentication:
- To configure authentication server settings, for Authentication Servers, click Edit.
- For Kerberos authentication, refer to Configuring Authentication Server Settings for Kerberos.
- For LDAP authentication, refer to Configuring Authentication Server Settings for LDAP.
- For SMB authentication, refer to Configuring Authentication Server Settings for SMB.
- To enable personalization for logged-in users, for Personalization, click Edit. For details, refer to Enabling Personalization.
- To view or delete personalization profiles, for Personalization Profiles, click Edit. For details, refer to View and Deleting Personalization Profiles.
- To provide information about your LDAP server for personalization, for LDAP Servers, click Edit. For details, refer to Configuring LDAP Server Optional Information.
- To enable or disable the logout prompt at the control panel, for Log Out Confirmation, click Edit. For details, refer to Disabling the Logout Confirmation Prompt.
- To enable and configure an EIP authentication app, for EIP Authentication, click Edit. For details, refer to Configuring an EIP Authentication App.
- To enable and configure an Single Sign On Identity Provider app, for Single Sign On Identity Provider, click Edit. For details, refer to Single Sign On Identity Provider.
- To enable DNS canonicalize hostname in Kerberos Settings, for Device-Wide Kerberos Settings, click Edit.
In the Device-Wide Kerberos Settings window, select any one option to configure the DNS canonical name, then click OK.
- To configure card reader policies or to install a card reader firmware update, for Card Reader Setup, click Edit. For details, refer to Configuring the USB Card Reader Disconnection Policy.
- To customize the title and instruction text that appears on the blocking screen, for Customize Blocking Screen, click Edit. For details, refer to Customize Blocking Screen.
- To enable and configure login using cards, for Card Credential Configuration, click Edit.
In the Card Credential Configuration window, to enable or disable Allow walkup users to login using cards option, click the toggle button, then click Save.
- To view or configure any actions on card profiles for a user, for Card Credential Profiles, click Edit.
The Card Credential Profiles window display the details of users having registered cards.
Authentication Servers
Use the Authentication Servers page to provide information about your authentication server.
1. In the Authentication Type area, select an authentication server type.
2. To provide information about your server, click Add New.
3. To copy the settings from another server, select a server from the list, then click Copy From.
4. To specify server settings for an alternate authentication server, click Add New.
5. To edit server settings, for the server, click Edit.
6. To delete all server information, click Delete All.
7. If the IPP authentication window appears, select the number of the default server, then click Save.
Note: If IPP Authentication is configured and two or more authentication servers are configured, then the IPP Authentication Policy window appears. The IPP Authentication Policy is used to determine which server to use for IPP Authentication.
Configuring Authentication Server Settings for Kerberos
1. On the Login Methods page, for Authentication Servers, click Edit.
2. For Authentication Type, select Kerberos.
3. Click Add New.
4. For Server Information, in the Domain or Realm field, type the domain or realm for your authentication server.
5. Select the desired address type.
6. Type the appropriately formatted address and port numbers for both the primary and backup addresses.
Note: A backup address is optional.
7. To use an LDAP server for network authorization or personalization:
a. Click Add LDAP Mapping.
b. Select the LDAP server from the list and click Add Mapping, or click Add New to add an LDAP server.
8. Click Save.
9. To specify server settings for an alternate authentication server, click Add New.
10. To copy the settings from another server, select a server from the list, then click Copy From.
11. To update the settings, click Edit.
Configuring Authentication Server Settings for SMB
1. On the Login Methods page, next to Authentication Servers, click Edit.
2. Under Authentication Type, select SMB (Windows NT 4) or SMB (Windows 2000/2003).
3. Click Add New.
4. Under Domain, type the domain name of your authentication server.
5. Select the address type.
6. Type the appropriately formatted address and port number.
7. Click Save.
8. To specify server settings for an alternate authentication server, click Add New.
9. To copy the settings from another server, select a server from the list and click Copy From.
10. Click Edit to update the settings.
Configuring Authentication Server Settings for LDAP
The device uses the primary LDAP server for authentication, authorization, and personalization. The primary LDAP server appears in the Embedded Web Server on the LDAP Server page. If you have configured LDAP server settings, when you select LDAP as the network authentication or authorization method, the device uses this server automatically. The device only uses alternate LDAP servers for authorization and personalization when primary LDAP server communication fails.
1. On the Login Methods page, for Authentication Servers, click Edit.
2. For Authentication Type, select LDAP.
3. Click Add New.
4. Configure LDAP server settings, then click Apply.
FAQs:
What is network authentication on the Xerox® AltaLink® C8200?
Network authentication on the Xerox® AltaLink® C8200 is a security feature that requires users to authenticate themselves before gaining access to network resources such as scanning, printing, or copying. It helps ensure that only authorized users can use the device, enhancing the security of your network.
How do I configure network authentication on the Xerox® AltaLink® C8200?
To configure network authentication on the Xerox® AltaLink® C8200, you need to access the device’s web interface (CentreWare Internet Services). Once logged in, navigate to the Security tab, select Network Authentication, and configure the required authentication method, such as LDAP, Active Directory, or Windows domain authentication. Follow the on-screen prompts to complete the setup.
What authentication methods are supported by the Xerox® AltaLink® C8200?
The Xerox® AltaLink® C8200 supports several authentication methods, including:
- LDAP (Lightweight Directory Access Protocol) for integrating with an existing directory server.
- Active Directory for authentication via a Windows domain.
- Windows-based Authentication, enabling users to log in using their Windows credentials.
- Local Authentication for managing user access directly on the device.
