Xerox WorkCentre 5740 User Manual
Have a look at the manual Xerox WorkCentre 5740 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 228 Xerox manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
WorkCentre™ 5735/5740/5745/5755/5765/5775/5790 System Administrator Guide161 6. In the Authentication Server page, select [LDAP] from the Authentication Type drop-down menu and click on the [Add New] button. 7. To configure LDAP, refer to LDAP on page 115. a. When you have configured LDAP settings, click on the [Save] button to return to the Authentication Configuration: LDAP page. b. Click on the [Save] button and return to the Xerox Access Setup page. 8. To set Authentication to control access to individual Services, In the table displaying a list of related configuration setting pages, click on the [Edit..] button for Tools and Feature Access (Lock/Unlock). a. On the Tools & Feature Access page, in the Presets area, select either [Open Access] to allow all users access to all pathways and features or [Custom Access] and lock or unlock the various pathways and features as required. 9. Click [Save] to confirm the changes and return to the Xerox Access Setup page.. 10. Select [Logout] in the upper right corner of your screen if you are still logged in as Administrator, and click on the [Logout] button. Configure Authorization Access (by groups) for LDAP Used when Remotely on the Network is selected for Authorization. LDAP server user groups can be used to control access to certain areas of the Xerox device. For example, the LDAP server may contain a group of users called ‘Admin’. You can configure the ‘Admin’ group on the device so that the members of that group will have administrator access to the device. When a user logs in at the device with their network authentication account, the device performs an LDAP look-up to determine if the user is a member of any groups. (LDAP server will find members nested up to five levels down a group. For example, if LDAP searches for a user within the Admin Group, it may not find that user, but may find another group. It will also look for the user in that group as well and so on). If the LDAP server confirms that the user is a member of the ’Admin’ group, the user will have administrator access to the device. 1. If you have already logged out of Internet Services or closed your browser, at a networked workstation open the web browser and enter the IP Address (or Host Name) of the device in the Address bar, and press . 2. Click the [Properties] tab. 3. If prompted, enter the Administrator User ID and Password. The default is [admin] and [1111]. 4. Click on the [Login] button. 5. Click on the [Connectivity] link. 6. Click on the [Protocols] link. 7. Select [LDAP] in the directory tree. 8. Click on [Add New]. 9. Click on the [Authorization Access] heading tab under the LDAP title. a. Select the [User Roles] tab. Use this tab to define the access groups that are authorized for the following roles: •For the System Administrator Access [Access Group] field, enter the name of a group, defined at the LDAP server, that you want to provide with System Administrator access to the device. Downloaded From ManualsPrinter.com Manuals
WorkCentre™ 5735/5740/5745/5755/5765/5775/5790 System Administrator Guide 162 •In the Accounting Administrator Access [Access Group] field, enter the name of a group, defined at the LDAP server, that you want to provide with accounting administrator access to the device. b. To verify either group, enter a name of one of the members of the LDAP server group in the [User Name box], then click on the [Test] button. Under the Test Results column, it will display Access. If the test result displays No Access, this will mean that the user name is not a member of the Access Group, or the Access Group name was misspelled, or that the Access Group does not exist. Note:When an access group is entered in one of the Access Group fields, only the members from that group will have access to those features. When two or more groups are entered, they must be separated by commas. When no access group is listed, all members will have access. 10. Select the [Device Access] tab. a. For Services Pathway [Access Group] field, enter the name of a group, defined at the LDAP server, that you want to provide with Service access to the device. b. Repeat the process for Job Status Pathway and Machine Status Pathway. c. To verify any of these groups, enter a name of one of the members of the LDAP server groups in the [Enter User Name] field, then click on the [Test] button. Under the Test Results column, it will display Access. If the test result displays No Access, this will mean that the user name is not a member of the Access Group, or the Access Group name was misspelled, or that the Access Group does not exist Note:When an access group is entered in one of the Access Group fields, only the members from that group will have access to those features. When two or more groups are entered, they must be separated by commas. When no access group is listed, all members will have access. 11. Select the [Service Access] tab. Use this tab to define the groups that are authorized to access various device functions and services. a. Enter the names of LDAP groups, as required in the Access Group field, to allow access to individual device services. Note:By default everybody has access to all of the services on the device. By entering a group name in any of the services, access is then restricted to those users belonging to that group. b. Verify each group by entering a group user in the Enter User Name field, and click on the [Test] button. Under the Test Results column, it will display Access. If the test result displays No Access, this will mean that the user name is not a member of the Access Group, or the Access Group name was misspelled, or that the Access Group does not exist Note:When an access group is entered in one of the Access Group fields, only the members from that group will have access to those features. When two or more groups are entered, they must be separated by commas. When no access group is listed, all members will have access. c. When done, click on [Close]. Local Authentication With Local Authentication enabled, the System Administrator defines passwords via a web browser, for users to use to authenticate to the system and use restricted services. Downloaded From ManualsPrinter.com Manuals
WorkCentre™ 5735/5740/5745/5755/5765/5775/5790 System Administrator Guide163 If using this method, you can only determine the User Role. You can not control individual user access to items. If authentication is successful, then the user will have access to all locked items (except System Administrator items, unless they are a System Administrator). Note:If users are created locally on the device using the User Information Database, those users will be authenticated only if the Authentication Configuration method is set to “Locally on the Device”. If the authentication method is switched to “Remotely on the Network”, those users will not be authenticated unless their credentials are also accessible remotely. Note:To configure this feature or these settings access the Properties tab as a System Administrator. For details, refer to Access Internet Services as System Administrator on page 24. 1. From the Properties tab, click on the [Security] link. 2. Click on the [Authentication] link and select [Setup] in the directory tree. 3. The Xerox Access Setup page is displayed. In the Authentication, Authorization and Personalization area click on the [Edit...] button. 4. In the Authentication method on the machine's touch interface (Touch UI) area select [User Name/Password Validated Locally on the Xerox Machine] from the drop-down menu and click on the [Save] button to return to the Xerox Access Setup page. 5. In the table displaying a list of related configuration setting pages, click the [Edit...] button on the Local User Information Database row. 6. In the User Information Database area, click on the [Add New User] button. a. In the User Identification area, enter details of the new user in the [User Name], [Friendly Name], [Password] and [Retype Password] fields. b. In the [User Role] area, select one of the following roles: •System Administrator •Accounting Administrator •User c. Click on the [Add New User] button to add the user. Note:You can also Edit user credentials, as well as Delete users, from the User Information Database screen. If using this method, you can only determine the user role to items if Authentication is successful. User will have access to all locked items if they have System Administrator access. 7. To set Authentication to control access to individual Services, In the table displaying a list of related configuration setting pages, click on the [Edit..] button for Tools and Feature Access (Lock/Unlock). a. On the Tools & Feature Access page, in the Presets area, select either [Open Access] to allow all users access to all pathways and features or [Custom Access] and lock or unlock the various pathways and features as required. 8. Click [Save] to confirm the changes and return to the Xerox Access Setup page.. 9. Select [Logout] in the upper right corner of your screen if you are still logged in as Administrator, and click on the [Logout] button. Downloaded From ManualsPrinter.com Manuals
WorkCentre™ 5735/5740/5745/5755/5765/5775/5790 System Administrator Guide 164 Xerox Secure Access System Administrators can configure the device so that users must be authenticated and authorized before they can access specific services or areas. Xerox Secure Access provides a means of authenticating users via an authentication server and optional card reader. For further information about Xerox Secure Access, refer to Xerox Secure Access on page 331. Information Checklist Before starting the procedure, ensure the following items are available or tasks have been performed: • Ensure that the device is fully functional on the network. TCP/IP and HTTP protocols must be configured so that Internet Services can be accessed. • Ensure that the Xerox Partner authentication solution (Secure Access Server, Controller, and Card Reader) is installed and communicating with the device. Follow the installation instructions from the manufacturer of the authentication solution to correctly set the devices up. Make sure to securely mount any external user authenticating devices to the device. • Ensure that SSL (Secure Sockets Layer) is configured on the device. The Xerox Partner authentication solution communicates with the device via HTTPS. • (Optional) Ensure that Network Accounting is configured if you want the device to send user account information to a Network Accounting server. For instructions, refer to the Network Accounting section of this guide. • You may also need another Authentication Server to communicate with the Secure Access Server providing that server with user credentialing information. A second Authentication Server will be necessary for web user interface Authentication, if this feature is additionally desired. • You will need to configure LDAP communications on the device as stated in the LDAP/LDAPS topic in the Authentication section of this guide. Configure Authentication Note:To configure this feature or these settings access the Properties tab as a System Administrator. For details, refer to Access Internet Services as System Administrator on page 24. 1. From the Properties tab, click on the [Security] link. 2. Click on the [Authentication] link and select [Setup] in the directory tree. 3. The Xerox Access Setup page is displayed. In the Authentication, Authorization and Personalization area click on the [Edit...] button. 4. In the Authentication method on the machine's touch interface (Touch UI) area select [Xerox Secure Access Unified ID System] from the drop-down menu. 5. Select the required option from the [Authentication method on the machine's web user interface (Web UI)] drop-down menu. a. When a user attempts to access Internet Services they are prompted to enter their login information. The option selected from the web user interface Authentication menu defines how the device will validate the user's rights to access Internet Services. This is required because if the user normally authenticates at the device with a card reader, there would be no method for the device to authenticate users who access Internet Services from their workstations. Downloaded From ManualsPrinter.com Manuals
WorkCentre™ 5735/5740/5745/5755/5765/5775/5790 System Administrator Guide165 • Select [Locally on the Device] to validate users listed in the Local User Information Database. This option requires you to configure accounts in the Local User Information Database. • Select [Remotely on the Network] to validate users via an Authentication Server. This option requires you to have a server that will provide authentication of user login details. Authentication via Kerberos (Solaris, Windows 2000), NDS (Novell), SMB (Windows NT4/2000) or LDAP is supported. b. Select required method from the [Authorization] drop-down menu. The card reader and Authentication Solution authenticates (validates) the user. The Authorization method determines which areas of the device a user is allowed to access. There are two options: • Select [Locally on the Device]: if you want the device to check the Local User Information Database for levels of authorization. • Select [Remotely on the Network]: if you want to use an LDAP server to determine levels of authorization. If you selected Remotely on the Network (from the Location of Access Rights box), configure LDAP communications as stated in the Configure Authentication for LDAP/LDAPS in the Authentication section of this guide. c. Check the [Automatically retrieve user’s e-mail address from LDAP] checkbox under Personalization if you want to set the From address to the logged in user's e-mail address when they log in via Secure Access. d. Click on the [Save] button to return to the Xerox Access Setup page. 6. In the table displaying a list of related configuration setting pages, click the [Edit...] button on the Xerox Secure Access Setup row. a. The Xerox Secure Access Setup screen displays. The device will automatically configure itself to work with the XSA remote server. Click on the [Manually Configure] button if the XSA remote server does not configure automatically. b. In the Server Communication area, select either [IPv4 Address] or [Hostname]. c. Enter details in the [IP Address: Port] or [Host Name: Port] fields. d. Enter the details in the [Path] field. e. Under the Device Log In Methods heading, select one of the following: •Xerox Secure Access Device Only (e.g., Swipe Cards - if you want to allow the user to swipe their swipe cards at the UI. •Xerox Secure Access Device + alternate on-screen authentication method - if you want users to authenticate using the device’s control panel as well as the XSA feature. When the second option is enabled, a button labelled “Alternate Login” is displayed on the “Instructional Blocking Window” providing users with an alternate method to log in. For example, this feature can be enabled for users who are unable to use their swipe card. When the alternate button is selected, the remote server presents a series of log in screens on the local user interface. The remote server is still responsible for authenticating the user. All other Xerox Secure Access options are supported with this setting. f. Under the Accounting Information heading, note that this item will be grayed out if Network Accounting is not enabled. If accounting is enabled, select [Automatically apply Accounting Codes from the server], if the Secure Access Server has been configured to Downloaded From ManualsPrinter.com Manuals
WorkCentre™ 5735/5740/5745/5755/5765/5775/5790 System Administrator Guide 166 return the accounting User ID and Account ID login. If you want the user to enter these values at the local user interface during login, select [User must manually enter accounting codes at the device]. g. Under the Device Instructional Blocking Window heading, enter text in the [Window Title] and [Instructional Text] fields to create the prompt that will be displayed on the device’s user interface informing users how to authenticate themselves at the device. Note:If the Title and Prompt have been configured on the Secure Access Server, then this information will override the Title and Prompt text entered here. h. Click on the [Save] button when done. 7. Click on the [Close] button to return to the Authentication Configuration page. Enable Web User Interface Authentication A second, networked Authentication Server will be necessary for web user interface Authentication, if Remotely on the Network was selected. Full instructions for configuring network authentication, using Kerberos, NDS, SMB, and LDAP/LDAPS are contained in the Network Authentication section of this guide. The path to the Authentication Server configuration screen is: Note:To configure this feature or these settings access the Properties tab as a System Administrator. For details, refer to Access Internet Services as System Administrator on page 24. 1. From the Properties tab, click on the [Security] link. 2. Click on the [Authentication] link and select [Setup] in the directory tree. 3. The Xerox Access Setup page is displayed. In the Authentication, Authorization and Personalization area click on the [Edit...] button. 4. In the Authentication method on the machine's web user interface (Web UI) area, select [Remotely on the Network] from the drop-down menu. Click on the [Save] button to return to the Authentication Configuration page. 5. In the table displaying a list of related configuration setting pages, click the [Edit...] button on the Authentication Server row. 6. Follow the instructions to select the required Authentication Type from the drop-down menu. •See Authentication Configuration for Kerberos (Solaris) on page 157. •See Authentication Configuration for Kerberos (Windows 2000/2003) on page 158. •See Authentication Configuration for SMB (Windows NT4) and SMB (Windows 2000/2003/2008) on page 159. •See Authentication Configuration for SMB (Windows NT4) and SMB (Windows 2000/2003/2008) on page 159. •See Authentication Configuration for LDAP/LDAPS on page 160. 7. When you have configured the required Authentication Type, click on the [Save] button to return to the Xerox Access Setup page. Configure your LDAP Server Configure LDAP communications on the device as stated in the LDAP/LDAPS topic. See Authentication Configuration for LDAP/LDAPS on page 160. Downloaded From ManualsPrinter.com Manuals
WorkCentre™ 5735/5740/5745/5755/5765/5775/5790 System Administrator Guide167 8. To set Authentication to control access to individual Services, In the table displaying a list of related configuration setting pages, click on the [Edit..] button for Tools and Feature Access (Lock/Unlock). a. On the Tools & Feature Access page, in the Presets area, select either [Open Access] to allow all users access to all pathways and features or [Custom Access] and lock or unlock the various pathways and features as required. 9. Click [Save] to confirm the changes and return to the Xerox Access Setup page.. 10. Select [Logout] in the upper right corner of your screen if you are still logged in as Administrator, and click on the [Logout] button. Using Secure Access 1. Read the device’s user interface prompt to determine what needs to be done to be authenticated at the device. Authentication methods include swiping a card, placing a proximity card near the reader, or entering a user ID or PIN (personal identification number). 2. If the device requests further information such as accounting details, enter this information at the user interface. 3. The device will confirm successful authentication allowing access to previously locked system fea t ure s. 4. When finished using system features, press the button on the device’s keypad to close your account. Downloaded From ManualsPrinter.com Manuals
WorkCentre™ 5735/5740/5745/5755/5765/5775/5790 System Administrator Guide 168 Downloaded From ManualsPrinter.com Manuals
WorkCentre™ 5735/5740/5745/5755/5765/5775/5790 System Administrator Guide169 8Security This chapter describes how to configure the following Security features for the device: •Email Encryption and Signing on page 171 •FIPS 140-2 Encryption on page 172 •User Data Encryption on page 173 •User Information Database on page 173 •IP Filtering on page 176 •Audit Log on page 177 •Security Certificate Management on page 179 •IP Sec on page 183 •Security Certificates on page 189 •802.1X on page 191 •System Timeout on page 194 •On Demand Overwrite on page 195 •Immediate Image Overwrite on page 199 Downloaded From ManualsPrinter.com Manuals
Security @ Xerox WorkCentre™ 5735/5740/5745/5755/5765/5775/5790 System Administrator Guide 170 Security @ Xerox For the latest information on securely installing, setting up and operating your device see the Xerox Security Information website located at www.xerox.com/security. Downloaded From ManualsPrinter.com Manuals