User authentication is a process for authorised users to validate that they are who they say they are, by some pre-arranged criteria.
Typically, user authentication is required to allow access to electronic devices, networks, or services. A common user authentication process is accessing bank accounts at an automatic teller machine (ATM). This requires us to enter a bank-issued security card, followed by a personal identification number (PIN) at the keypad.
Because user authentication is a part of daily life, the requirement for user authentication to access office automation equipment at work is a standard expectation.
User authentication methods
Supported Ricoh multifunction products (MFPs) provide four methods to control user access:
- Windows authentication
- LDAP authentication
- Basic authentication
- User codes.
Windows authentication
Users are required to log on to the device using their existing Windows network username and password. Only users with a valid username and password can access the device.
User access can be limited to any, or all of the MFP functions—print, scan, copy, and document server.
Print jobs can only be sent from PCs logged in with a valid username and password. The device uses the authenticated user’s identification details by default, for example, Scan to email messages are sent from the user’s email address. This means that the sender’s address cannot be falsified.
An administrator can set up groups with access to a particular set of functions, and then assign individuals to each group.
Windows authentication provides the following benefits:
- Users only need to remember their Windows network username and password which they use every day to access their PCs
- Existing IT infrastructure is used, so additional administration and maintenance is not required.
LDAP authentication
Users log on to the device with their username and password which is stored on the LDAP server.
Without a valid username and password, the device can’t be accessed.
When LDAP authentication is enabled, user credentials, specifically the username and email address registered on the LDAP server, can automatically be copied to the MFPs’ address book
when the user logs on. This enables users to select their Homefolder location as a destination when using Scan to folders.
LDAP authentication provides the following benefits:
- There’s no additional password to remember—the user logs on with their existing username and password
- The LDAP address book can be downloaded to the MFP, so there is no need to manually register individuals in the address book.
Kerberos authentication
Windows and LDAP authentication can be performed using Kerberos authentication and can be configured at the operation panel.
Kerberos provides strong authentication for client/server applications by using symmetric secret-key cryptography.
Note: Refer to the Encryption whitepaper on the Library page of the Sales Knowledge Centre for more information on secret-key cryptography.
A network client can prove its identity to a server, and vice versa, across an insecure network connection. After a client and server have used Kerberos to prove their identity, they can also
encrypt all of their communication to ensure privacy and data integrity as they go about their business.
Kerberos authentication is used in most networks—from basic networks with a single server, through to complex enterprise implementations where a trust relationship needs to be in place between multiple organisations.
Basic authentication
Basic authentication requires users to log on to the MFP using their username and password that have been manually registered on the MFP by an administrator. This is useful for customers who are using a network infrastructure that includes a centralised authentication server, for example, Windows, Novell, Macintosh, or LDAP.
Basic authentication provides similar features to Windows authentication—for example, customers can:
- Restrict access to each MFP function
- Limit access to stored files and personal data inthe address book.
Basic authentication is more advanced than user codes because it requires both a username and a password for each individual—rather than a single code that can be used by multiple users.
User codes
User codes are eight-digit codes that are used to control user access to MFP functions. For example, users may be given access to copy functions, but not fax functions:
User | Copy | Scan | Fax | Document server | |
---|---|---|---|---|---|
User code 1 | Yes | Yes | No | No | Yes |
User code 2 | No | No | Yes | Yes | Yes |
User code 3 | Yes | Yes | Yes | Yes | No |
Maintaining password security
Encrypting logon passwords and using IPsec and SSL simultaneously for user and administrator authentication, is recommended to protect passwords from being hacked.
Device requirements
The MFP requires either, standard printer functionality, or the optional printer unit, or printer/scanner unit to support Windows and LDAP authentication methods.
Comments
Post a Comment