Home > Xerox > Printer > Xerox WorkCentre 5740 User Manual

Xerox WorkCentre 5740 User Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Xerox WorkCentre 5740 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 228 Xerox manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
    System Administrator Guide161
    6. In the Authentication Server page, select [LDAP] from the Authentication Type drop-down 
    menu and click on the [Add New] button.
    7. To configure LDAP, refer to LDAP on page 115.
    a. When you have configured LDAP settings, click on the [Save] button to return to the 
    Authentication Configuration: LDAP page.
    b. Click on the [Save] button and return to the Xerox Access Setup page.
    8. To set Authentication to control access to individual Services, In the table displaying a list of 
    related configuration setting pages, click on the [Edit..] button for Tools and Feature Access 
    (Lock/Unlock).
    a. On the Tools & Feature Access page, in the Presets area, select either [Open Access] to allow 
    all users access to all pathways and features or [Custom Access] and lock or unlock the 
    various pathways and features as required.
    9. Click [Save] to confirm the changes and return to the Xerox Access Setup page..
    10. Select [Logout] in the upper right corner of your screen if you are still logged in as Administrator, 
    and click on the [Logout] button.
    Configure Authorization Access (by groups) for LDAP 
    Used when Remotely on the Network is selected for Authorization.
    LDAP server user groups can be used to control access to certain areas of the Xerox device. For example, 
    the LDAP server may contain a group of users called ‘Admin’. You can configure the ‘Admin’ group on 
    the device so that the members of that group will have administrator access to the device. When a user 
    logs in at the device with their network authentication account, the device performs an LDAP look-up 
    to determine if the user is a member of any groups. (LDAP server will find members nested up to five 
    levels down a group. For example, if LDAP searches for a user within the Admin Group, it may not find 
    that user, but may find another group. It will also look for the user in that group as well and so on). If 
    the LDAP server confirms that the user is a member of the ’Admin’ group, the user will have 
    administrator access to the device. 
    1. If you have already logged out of Internet Services or closed your browser, at a networked 
    workstation open the web browser and enter the IP Address (or Host Name) of the device in the 
    Address bar, and press . 
    2. Click the [Properties] tab. 
    3. If prompted, enter the Administrator User ID and Password. The default is [admin] and [1111].
    4. Click on the [Login] button.
    5. Click on the [Connectivity] link.
    6. Click on the 
    [Protocols] link.
    7. Select [LDAP] in the directory tree.
    8. Click on [Add New].
    9. Click on the [Authorization Access] heading tab under the LDAP title. 
    a. Select the [User Roles] tab. Use this tab to define the access groups that are authorized for 
    the following roles:
    •For the System Administrator Access [Access Group] field, enter the name of a group, 
    defined at the LDAP server, that you want to provide with System Administrator access 
    to the device. 
    Downloaded From ManualsPrinter.com Manuals 
    						
    							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
    System Administrator Guide 162
    •In the Accounting Administrator Access [Access Group] field, enter the name of a 
    group, defined at the LDAP server, that you want to provide with accounting 
    administrator access to the device. 
    b. To verify either group, enter a name of one of the members of the LDAP server group in the 
    [User Name box], then click on the [Test] button.
    Under the Test Results column, it will display Access. If the test result displays No Access, 
    this will mean that the user name is not a member of the Access Group, or the Access Group 
    name was misspelled, or that the Access Group does not exist.
    Note:When an access group is entered in one of the Access Group fields, only the members from 
    that group will have access to those features. When two or more groups are entered, they must be 
    separated by commas. When no access group is listed, all members will have access.
    10. Select the [Device Access] tab. 
    a. For Services Pathway [Access Group] field, enter the name of a group, defined at the LDAP 
    server, that you want to provide with Service access to the device. 
    b. Repeat the process for Job Status Pathway and Machine Status Pathway. 
    c. To verify any of these groups, enter a name of one of the members of the LDAP server groups 
    in the [Enter User Name] field, then click on the [Test] button.
    Under the Test Results column, it will display Access. If the test result displays No Access, 
    this will mean that the user name is not a member of the Access Group, or the Access Group 
    name was misspelled, or that the Access Group does not exist
    Note:When an access group is entered in one of the Access Group fields, only the members from 
    that group will have access to those features. When two or more groups are entered, they must be 
    separated by commas. When no access group is listed, all members will have access.
    11. Select the [Service Access] tab. Use this tab to define the groups that are authorized to access 
    various device functions and services.
    a. Enter the names of LDAP groups, as required in the Access Group field, to allow access to 
    individual device services.
    Note:By default everybody has access to all of the services on the device. By entering a group 
    name in any of the services, access is then restricted to those users belonging to that group.
    b. Verify each group by entering a group user in the Enter User Name field, and click on the 
    [Test] button.
    Under the Test Results column, it will display Access. If the test result displays No Access, 
    this will mean that the user name is not a member of the Access Group, or the Access Group 
    name was misspelled, or that the Access Group does not exist
    Note:When an access group is entered in one of the Access Group fields, only the members from 
    that group will have access to those features. When two or more groups are entered, they must be 
    separated by commas. When no access group is listed, all members will have access.
    c. When done, click on [Close]. 
    Local Authentication
    With Local Authentication enabled, the System Administrator defines passwords via a web browser, for 
    users to use to authenticate to the system and use restricted services.
    Downloaded From ManualsPrinter.com Manuals 
    						
    							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
    System Administrator Guide163
    If using this method, you can only determine the User Role. You can not control individual user access 
    to items. If authentication is successful, then the user will have access to all locked items (except 
    System Administrator items, unless they are a System Administrator).
    Note:If users are created locally on the device using the User Information Database, those users 
    will be authenticated only if the Authentication Configuration method is set to “Locally on the 
    Device”. If the authentication method is switched to “Remotely on the Network”, those users will 
    not be authenticated unless their credentials are also accessible remotely.
    Note:To configure this feature or these settings access the Properties tab as a System 
    Administrator. For details, refer to Access Internet Services as System Administrator on page 24.
    1. From the Properties tab, click on the [Security] link.
    2. Click on the [Authentication] link and select [Setup] in the directory tree.
    3. The Xerox Access Setup page is displayed. In the Authentication, Authorization and 
    Personalization area click on the [Edit...] button.
    4. In the Authentication method on the machine's touch interface (Touch UI) area select [User 
    Name/Password Validated Locally on the Xerox Machine] from the drop-down menu and click 
    on the [Save] button to return to the Xerox Access Setup page.
    5. In the table displaying a list of related configuration setting pages, click the [Edit...] button on the 
    Local User Information Database row.
    6. In the User Information Database area, click on the [Add New User] button.
    a. In the User Identification area, enter details of the new user in the [User Name], [Friendly 
    Name], [Password] and [Retype Password] fields.
    b. In the [User Role] area, select one of the following roles:
    •System Administrator
    •Accounting Administrator
    •User
    c. Click on the [Add New User] button to add the user.
    Note:You can also Edit user credentials, as well as Delete users, from the User Information 
    Database screen. If using this method, you can only determine the user role to items if 
    Authentication is successful. User will have access to all locked items if they have System 
    Administrator access.
    7. To set Authentication to control access to individual Services, In the table displaying a list of 
    related configuration setting pages, click on the [Edit..]
     button for Tools and Feature Access 
    (Lock/Unlock).
    a. On the Tools & Feature Access page, in the Presets area, select either [Open Access] to allow 
    all users access to all pathways and features or [Custom Access] and lock or unlock the 
    various pathways and features as required.
    8. Click [Save] to confirm the changes and return to the Xerox Access Setup page..
    9. Select [Logout] in the upper right corner of your screen if you are still logged in as Administrator, 
    and click on the [Logout] button.
    Downloaded From ManualsPrinter.com Manuals 
    						
    							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
    System Administrator Guide 164
    Xerox Secure Access
    System Administrators can configure the device so that users must be authenticated and authorized 
    before they can access specific services or areas. Xerox Secure Access provides a means of 
    authenticating users via an authentication server and optional card reader.
    For further information about Xerox Secure Access, refer to Xerox Secure Access on page 331.
    Information Checklist
    Before starting the procedure, ensure the following items are available or tasks have been performed:
    • Ensure that the device is fully functional on the network. TCP/IP and HTTP protocols must be 
    configured so that Internet Services can be accessed.
    • Ensure that the Xerox Partner authentication solution (Secure Access Server, Controller, and Card 
    Reader) is installed and communicating with the device. Follow the installation instructions from 
    the manufacturer of the authentication solution to correctly set the devices up. Make sure to 
    securely mount any external user authenticating devices to the device.
    • Ensure that SSL (Secure Sockets Layer) is configured on the device. The Xerox Partner 
    authentication solution communicates with the device via HTTPS.
    • (Optional) Ensure that Network Accounting is configured if you want the device to send user 
    account information to a Network Accounting server. For instructions, refer to the Network 
    Accounting section of this guide.
    • You may also need another Authentication Server to communicate with the Secure Access Server 
    providing that server with user credentialing information. A second Authentication Server will be 
    necessary for web user interface Authentication, if this feature is additionally desired.
    • You will need to configure LDAP communications on the device as stated in the LDAP/LDAPS topic 
    in the Authentication section of this guide.
    Configure Authentication
    Note:To configure this feature or these settings access the Properties tab as a System 
    Administrator. For details, refer to Access Internet Services as System Administrator on page 24.
    1. From the Properties tab, click on the [Security] link.
    2. Click on the [Authentication] link and select [Setup] in the directory tree.
    3. The Xerox Access Setup page is displayed. In the Authentication, Authorization and 
    Personalization area click on the [Edit...] button.
    4. In the Authentication method on the machine's touch interface (Touch UI) area select [Xerox 
    Secure Access Unified ID System] from the drop-down menu.
    5. Select the required option from the [Authentication method on the machine's web user 
    interface (Web UI)] drop-down menu. 
    a. When a user attempts to access Internet Services they are prompted to enter their login 
    information. The option selected from the web user interface Authentication menu defines 
    how the device will validate the user's rights to access Internet Services. This is required 
    because if the user normally authenticates at the device with a card reader, there would be 
    no method for the device to authenticate users who access Internet Services from their 
    workstations.
    Downloaded From ManualsPrinter.com Manuals 
    						
    							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
    System Administrator Guide165
    • Select [Locally on the Device] to validate users listed in the Local User Information 
    Database. This option requires you to configure accounts in the Local User Information 
    Database.
    • Select [Remotely on the Network] to validate users via an Authentication Server. This 
    option requires you to have a server that will provide authentication of user login details. 
    Authentication via Kerberos (Solaris, Windows 2000), NDS (Novell), SMB (Windows 
    NT4/2000) or LDAP is supported.
    b. Select required method from the [Authorization] drop-down menu. The card reader and 
    Authentication Solution authenticates (validates) the user. The Authorization method 
    determines which areas of the device a user is allowed to access. There are two options:
    • Select [Locally on the Device]: if you want the device to check the Local User 
    Information Database for levels of authorization. 
    • Select [Remotely on the Network]: if you want to use an LDAP server to determine 
    levels of authorization.
    If you selected Remotely on the Network (from the Location of Access Rights box), configure LDAP 
    communications as stated in the Configure Authentication for LDAP/LDAPS in the Authentication 
    section of this guide.
    c. Check the [Automatically retrieve user’s e-mail address from LDAP] checkbox under 
    Personalization if you want to set the From address to the logged in user's e-mail address 
    when they log in via Secure Access.
    d. Click on the [Save] button to return to the Xerox Access Setup page.
    6. In the table displaying a list of related configuration setting pages, click the [Edit...] button on the 
    Xerox Secure Access Setup row.
    a. The Xerox Secure Access Setup screen displays. The device will automatically configure itself 
    to work with the XSA remote server. Click on the [Manually Configure] button if the XSA 
    remote server does not configure automatically.
    b. In the Server Communication area, select either [IPv4 Address] or [Hostname].
    c. Enter details in the [IP Address: Port] or [Host Name: Port] fields.
    d. Enter the details in the [Path] field.
    e. Under the Device Log In Methods heading, select one of the following:
    •Xerox Secure Access Device Only (e.g., Swipe Cards - if you want to allow the user to 
    swipe their swipe cards at the UI.
    •Xerox Secure Access Device + alternate on-screen authentication method - if you 
    want users to authenticate using the device’s control panel as well as the XSA feature.
    When the second option is enabled, a button labelled “Alternate Login” is displayed on 
    the “Instructional Blocking Window” providing users with an alternate method to log in. 
    For example, this feature can be enabled for users who are unable to use their swipe 
    card. When the alternate button is selected, the remote server presents a series of log in 
    screens on the local user interface. The remote server is still responsible for 
    authenticating the user. All other Xerox Secure Access options are supported with this 
    setting. 
    f. Under the Accounting Information heading, note that this item will be grayed out if 
    Network Accounting is not enabled. If accounting is enabled, select [Automatically apply 
    Accounting Codes from the server], if the Secure Access Server has been configured to 
    Downloaded From ManualsPrinter.com Manuals 
    						
    							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
    System Administrator Guide 166
    return the accounting User ID and Account ID login. If you want the user to enter these 
    values at the local user interface during login, select [User must manually enter accounting 
    codes at the device].
    g. Under the Device Instructional Blocking Window heading, enter text in the [Window Title] 
    and [Instructional Text] fields to create the prompt that will be displayed on the device’s 
    user interface informing users how to authenticate themselves at the device. 
    Note:If the Title and Prompt have been configured on the Secure Access Server, then this 
    information will override the Title and Prompt text entered here.
    h. Click on the [Save] button when done.
    7. Click on the [Close] button to return to the Authentication Configuration page.
    Enable Web User Interface Authentication
    A second, networked Authentication Server will be necessary for web user interface Authentication, if 
    Remotely on the Network was selected. Full instructions for configuring network authentication, using 
    Kerberos, NDS, SMB, and LDAP/LDAPS are contained in the Network Authentication section of this 
    guide.
    The path to the Authentication Server configuration screen is:
    Note:To configure this feature or these settings access the Properties tab as a System 
    Administrator. For details, refer to Access Internet Services as System Administrator on page 24.
    1. From the Properties tab, click on the [Security] link.
    2. Click on the [Authentication] link and select [Setup] in the directory tree.
    3. The Xerox Access Setup page is displayed. In the Authentication, Authorization and 
    Personalization area click on the [Edit...] button.
    4. In the Authentication method on the machine's web user interface (Web UI) area, select 
    [Remotely on the Network] from the drop-down menu. Click on the [Save] button to return to 
    the Authentication Configuration page.
    5. In the table displaying a list of related configuration setting pages, click the [Edit...] button on the 
    Authentication Server row.
    6. Follow the instructions to select the required Authentication Type from the drop-down menu.
    •See Authentication Configuration for Kerberos (Solaris) on page 157.
    •See Authentication Configuration for Kerberos (Windows 2000/2003) on page 158.
    •See Authentication Configuration for SMB (Windows NT4) and SMB (Windows 
    2000/2003/2008) on page 159.
    •See Authentication Configuration for SMB (Windows NT4) and SMB (Windows 
    2000/2003/2008) on page 159.
    •See Authentication Configuration for LDAP/LDAPS on page 160.
    7. When you have configured the required Authentication Type, click on the [Save] button to return 
    to the Xerox Access Setup page.
    Configure your LDAP Server
    Configure LDAP communications on the device as stated in the LDAP/LDAPS topic. See Authentication 
    Configuration for LDAP/LDAPS on page 160.
    Downloaded From ManualsPrinter.com Manuals 
    						
    							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
    System Administrator Guide167
    8. To set Authentication to control access to individual Services, In the table displaying a list of 
    related configuration setting pages, click on the [Edit..] button for Tools and Feature Access 
    (Lock/Unlock).
    a. On the Tools & Feature Access page, in the Presets area, select either [Open Access] to allow 
    all users access to all pathways and features or [Custom Access] and lock or unlock the 
    various pathways and features as required.
    9. Click [Save] to confirm the changes and return to the Xerox Access Setup page..
    10. Select [Logout] in the upper right corner of your screen if you are still logged in as Administrator, 
    and click on the [Logout] button.
    Using Secure Access
    1. Read the device’s user interface prompt to determine what needs to be done to be authenticated 
    at the device. Authentication methods include swiping a card, placing a proximity card near the 
    reader, or entering a user ID or PIN (personal identification number).
    2. If the device requests further information such as accounting details, enter this information at the 
    user interface.
    3. The device will confirm successful authentication allowing access to previously locked system 
    fea t ure s.
    4. When finished using system features, press the  button on the device’s keypad to close 
    your account.
    Downloaded From ManualsPrinter.com Manuals 
    						
    							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
    System Administrator Guide 168
    Downloaded From ManualsPrinter.com Manuals 
    						
    							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
    System Administrator Guide169
    8Security
    This chapter describes how to configure the following Security features for the device:
    •Email Encryption and Signing on page 171
    •FIPS 140-2 Encryption on page 172
    •User Data Encryption on page 173
    •User Information Database on page 173
    •IP Filtering on page 176
    •Audit Log on page 177
    •Security Certificate Management on page 179
    •IP Sec on page 183
    •Security Certificates on page 189
    •802.1X on page 191
    •System Timeout on page 194
    •On Demand Overwrite on page 195
    •Immediate Image Overwrite on page 199
    Downloaded From ManualsPrinter.com Manuals 
    						
    							Security @ Xerox
    WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
    System Administrator Guide 170
    Security @ Xerox
    For the latest information on securely installing, setting up and operating your device see the Xerox 
    Security Information website located at www.xerox.com/security.
    Downloaded From ManualsPrinter.com Manuals 
    						
    All Xerox manuals Comments (0)

    Related Manuals for Xerox WorkCentre 5740 User Manual