This User’s Guide provides descriptions of the operating procedures and
precautions for using Authentication Unit (IC Card Type) AU-211P. Carefully
read this User’s Guide before using this device.
The actual screens that appear may be slightly different from the screen
images used in this User’s Guide.
Trademark/copyright acknowledgements
- Microsoft
trademarks of Microsoft Corporation in the United States and/or other
countries.
- All other company names and product names mentioned in this
User’s Guide are either registered trademarks or trademarks of their
respective companies.
Restrictions
- Unauthorized use or reproduction of this User’s Guide, whether in its
entirety or in part, is strictly prohibited.
- The information contained in this User’s Guide is subject to change
without notice.
®
and Windows® are either registered trademarks or
1
AU-211P4
Introduction
1.1Safety Information
Carefully read this information, and then store it in a safe place.
- Before using this device, carefully read this information and follow it
to operate the device correctly.
- After reading this information, store it in the designated holder with
the warranty.
Important information
- The reprinting or reproduction of the content of this publication, either
in part or in full, is prohibited without prior permission.
- The content of this publication is subject to change without notice.
- This publication was created with careful attention to content;
however, if inaccuracies or errors are noticed, please contact your
sales representative.
- The marketing and authorization to use our company’s product
mentioned in this information are provided entirely on an “as is” basis.
- Our company assumes no responsibility for any damage (including
lost profits or other related damages) caused by this product or its
use as a result of operations not described in this information. For
disclaimers and warranty and liability details, refer to the User’s Guide
Authentication Unit (IC Card Type AU-211P).
- This product is designed, manufactured and intended for general
business use. Do not use it for applications requiring high reliability
and which may have an extreme impact on lives and property.
(Applications requiring high reliability: Chemical plant management,
medical equipment management and emergency communications
management)
- Use with other authentication devices is not guaranteed.
- In order to incorporate improvements in the product, the
specifications concerning this product are subject to change without
notice.
For safe use
1
• Do not this product near water, otherwise it may
be damaged.
• Do not cut, damage, modify or forcefully bend the
USB cable. A malfunction may occur as a result
of a damaged or cut USB cable.
• Do not disassembly this device, otherwise it may
be damaged.
AU-211P5
Introduction
Regulation notices
USER INSTRUCTIONS FCC PART 15 - RADIO FREQUENCY DEVICES
(For U.S.A. Users)
NOTE:
This equipment has been tested and found to comply with the limits for a
Class B digital device, pursuant to Part 15 of the FCC Rules.
These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses and
can radiate radio frequency energy and, if not installed and used in
accordance with the instructions, may cause harmful interference to radio
communications. However, there is no guarantee that interference will not
occur in a particular installation. If this equipment does cause harmful
interference to radio or television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the
interface by one or more of the following measures:
WARNING:
The design and production of this unit conform to FCC regulations, and any
changes or modifications must be registered with the FCC and are subject
to FCC control. Any changes made by the purchaser or user without first
contacting the manufacturer will be subject to penalty under FCC
regulations.
1
FCC: Declaration of Conformity
Product TypeAuthentication Unit (IC Card Type)
Product NameAU-211P
(This device complies with Part 15 of the FCC Rules.) Operation is subject to the
following two conditions: (1) this device may not cause interference, and (2) this
device must accept any interference, including interference that may cause
undesired operation of this device.
- Reorient or relocate the receiving antenna.
- Increase the separation between the equipment and receiver.
- Connect the equipment into an outlet on a circuit different from that
to which the receiver is connected.
- Consult the dealer or an experienced radio/TV technician for help.
AU-211P6
Introduction
INTERFERENCE-CAUSING EQUIPMENT STANDARD (ICES-003 ISSUE
4) (For Canada Users)
(This device complies with RSS-Gen of IC Rules.) Operation is subject to the
following two conditions: (1) this device may not cause interference, and (2)
this device must accept any interference, including interference that may
cause undesired operation of this device.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du
Canada.
1
AU-211P7
Getting Started
2Getting Started
2.1Product Overview
This product is a PKI card authentication unit that scans a PKI card (CAC or
PIV card) to perform personal authentication.
Connecting this unit enables you to run a PKI card authentication system
(hereinafter referred to as "this system") that uses the PKI card
authentication unit on the MFP.
Using this system will enable you to carry out operations without making a
password public on the network, and to configure the system environment
with a higher level of security. You can also implement the unique functions
using this system on the MFP.
Use conditions
The following conditions are required to use this system.
- PKI card authentication unit (This unit)
- MFP compatible with a PKI card authentication system
- PKI card available for PIV and CAC
- User management using Active Directory (Kerberos authentication +
PKINIT)
2
2
Reminder
Do not disconnect the USB cable while using this unit. Doing so may
cause this system to become unstable.
AU-211P8
Getting Started
2.2Part names and their functions
2
1
No. Part nameDescription
1Card inletUsed to insert the PKI card.
2LED lampTurns green when you insert a PKI card into this unit.
Blinks green while authentication.
3USB cableUsed for connecting this device to the
multifunctional product.
2
3
AU-211P9
Getting Started
2.3Pre-Setting
To use this system, pre-configure the following settings on the MFP.
- Configuring network settings (page 10)
- Registering Active Directory for Authentication (page 12)
- Correcting the MFP time (page 13)
- Registering the DNS server associated with Active Directory
(page 14)
- Specifying the PIV transitional mode (page 16)
- Configuring settings for verifying the Active Directory certificate
(page 17)
2.3.1Configuring Network Settings
Configure the basic settings required to use the MFP in a network
environment.
TCP/IP Settings
On the MFP control panel, tap [Utility] - [Administrator Settings] - [Network
Settings] - [TCP/IP Settings].
2
ItemDescription
ON/OFFSelect [ON].
IPv4 Settings
ItemDescription
IP Application MethodSelect whether to automatically retrieve the IP address
or directly specify it.
Auto InputWhen automatically retrieving the IP address, select the
automatic retrieval method.
IP AddressWhen directly specifying the IP address, enter the IP
AU-211P10
address of the MFP.
Getting Started
ItemDescription
Subnet MaskWhen directly entering the IP address, specify the
Default GatewayWhen directly entering the IP address, specify the
IPv6 Settings
2
Note
These settings are required when using the MFP in an IPv6 environment.
ItemDescription
ON/OFFSelect [ON] when using the MFP in an IPv6
Auto IPv6 SettingsSelect [ON] when automatically retrieving the IPv6
DHCPv6 SettingSelect [ON] when retrieving the IPv6 address using
Global AddressSpecify the IPv6 global address when not automatically
Prefix LengthSpecify the IPv6 global address prefix length when not
Gateway AddressSpecify the IPv6 gateway address when not
Link-Local AddressDisplays the link-local address generated from the MAC
DNS Host
2
subnet mask for the connected network.
default gateway for the connected network.
environment.
address.
DHCPv6.
retrieving the IPv6 address.
automatically retrieving the IPv6 address.
automatically retrieving the IPv6 address.
address.
ItemDescription
DNS Host NameSpecify the host name of the MFP (up to 63 characters).
Dynamic DNS SettingsSelect [Enable] when automatically registering the
specified DNS host name in the DNS server that
supports the Dynamic DNS function.
DNS Domain
ItemDescription
Domain Name Auto
Retrieval
Select whether to automatically retrieve the domain
name. This item is available when using DHCP.
AU-211P11
Getting Started
ItemDescription
Search Domain Name
Auto Retrieval
Default DNS Domain
Name
DNS Search Domain
Name 1 to 3
Select whether to automatically retrieve the search
domain name. This item is available when using
DHCPv6.
Specify the domain name that the MFP is connected to
(up to 253 bytes with the host name).
Specify the DNS search domain name (up to 251 bytes).
2.3.2Registering Active Directory for Authentication
Register Active Directory for authentication in the MFP. You can register up
to 20 Active Directory services.
External Server Settings
On the MFP control panel, tap [Utility] - [Administrator Settings] - [User
Authentication/Account Track] - [External Server Settings] - [New].
2
ItemDescription
Server NameSpecify the name of the external server (up to 32
Server TypeSelect Active Directory, and specify its default domain
characters).
name (up to 64 characters).
!
Detail
When registering multiple Active Directory services, specify the default
Active Directory previously. Select the desired Active Directory on the
External Server Settings screen, and tap [Set as Default].
AU-211P12
Getting Started
2.3.3Correcting the MFP Time
You cannot log into Active Directory if the MFP system time is extremely
different between the MFP and Active Directory. Correct the MFP time so it
matches the Active Directory time with the system time.
Time Adjustment Setting
On the MFP control panel, tap [Utility] - [Administrator Settings] - [Network
Settings] - [Forward] - [Detail Settings] - [Time Adjustment Setting].
2
Note
Before correcting the MFP time, tap [Utility] - [Administrator Settings] [System Settings] - [Date/Time Setting], and check that the time zone is
specified correctly.
2
Page 1/2
ItemDescription
ON/OFFSelect [ON].
Auto IPv6 RetrievalTo automatically obtain the IPv6 address of the NTP
server, select [On].
This item is necessary when IPv6 is used while DHCPv6
is enabled.
Host AddressSpecify the host address of the NTP server associated
with Active Directory.
Port NumberSpecify the port number.
Set DateCorrect the time.
AU-211P13
Getting Started
Page 2/2
ItemDescription
Auto Time AdjustmentWhen an automatic time correction is made, select [On].
Polling IntervalWhen [On] is selected for Auto Time Adjustment, set the
polling interval.
2.3.4Registering the DNS Server Associated with Active Directory
Register the DNS server associated with Active Directory in the MFP.
DNS Server Settings (IPv4)
On the MFP control panel, tap [Utility] - [Administrator Settings] - [Network
Settings] - [TCP/IP Settings] - [DNS Server Settings (IPv4)].
2
ItemDescription
DNS Server Auto ObtainSelect whether to automatically obtain the DNS server
Priority DNS ServerSpecify the IPv4 address of the priority DNS server
Secondary DNS Server 1
and 2
address. This item is available when using DHCP.
associated with Active Directory.
Specify the IPv4 address of the secondary DNS server
associated with Active Directory.
AU-211P14
Getting Started
DNS Server Settings (IPv6)
On the MFP control panel, tap [Utility] - [Administrator Settings] - [Network
Settings] - [TCP/IP Settings] - [DNS Server Settings (IPv6)].
2
Note
These settings are required when using the MFP in the IPv6 environment.
ItemDescription
DNS Server Auto ObtainSelect whether to automatically obtain the DNS server
Priority DNS ServerSpecify the IPv6 address of the priority DNS server
Secondary DNS Server 1
and 2
2
address. This item is available when using DHCPv6.
associated with Active Directory.
Specify the IPv6 address of the secondary DNS server
associated with Active Directory.
AU-211P15
Getting Started
2.3.5Specifying the PIV Transitional Mode
Specify the PIV transitional mode in the PIV transitional specifications.
Authentication Device Settings
On the MFP control panel, tap [Utility] - [Administrator Settings] - [User
Authentication/Account Track] - [Authentication Device Settings] - [General
Settings] - [PKI Card Authentication].
ItemDescription
PIV Transitional ModeSelect PIV or CAC as the PIV transitional mode.
2
AU-211P16
Getting Started
2
2.3.6Configuring Settings for Verifying the Active Directory
Certificate
Configure the certificate verification settings to verify the Active Directory
certificate when communicating with Active Directory.
Certificate Verification Setting
On the MFP control panel, tap [Utility] - [Administrator Settings] - [User
Authentication/Account Track] - [Certificate Verification Setting].
ItemDescription
Verify Validity PeriodSelect whether to verify that the certificate is within the
validity period.
Check Root SignatureSelect whether to check the root signature.
To check the root signature, view the external
certificates managed on the MFP. For details on how to
register an external certificate on the MFP, refer to
"External Certificate Setting" (page 20).
Check CRL ExpirationSelect whether to check that the certificate is not
Check OCSP ExpirationSelect whether to check that the certificate is not
expired in the CRL (Certificate Revocation List).
expired in the OCSP service.
For details on how to configure the OCSP service
setting, refer to "Certificate Verification Settings"
(page 18).
AU-211P17
Getting Started
Certificate Verification Settings
In the PageScope Web Connection administrator mode, select [Security],
and then [Certificate Verification Settings].
2
Note
For details on how to use PageScope Web Connection, refer to the
User's Guide [Web Management Tool] supplied together with the MFP.
2
ItemDescription
Certificate Verification
Settings
TimeoutEnter the timeout period to check the expiration date.
OCSP ServiceSelect this check box to use an OCSP service.
URLEnter the URL of the OCSP service (up to 511
Proxy Server AddressTo check the expiration date via a proxy server, enter
Select [ON] to enable certificate verification.
characters).
If this item is left blank, the system accesses the URL of
the OCSP service embedded in the certificate. If the
URL of the OCSP service is not embedded in the
certificate, it will result in an error.
the proxy server address.
If the DNS server is specified, you can enter the host
name instead.
If [IPv6] is set to [ON], you can also specify the IPv6
address.
AU-211P18
Getting Started
ItemDescription
Proxy Server Port
Number
User NameEnter the user name to log in to the proxy server (up to
PasswordEnter the password to log in to the proxy server (up to
Address not using Proxy
Server
2
Enter the port number for the proxy server.
63 characters).
63 characters).
When changing the registered password, select
[Password is changed.], and enter a new password.
Specify an address with no proxy server used
depending on your environment when checking the
expiration date.
If the DNS server is specified, you can enter the host
name instead.
If [IPv6] is set to [ON], you can also specify the IPv6
addresses.
AU-211P19
Getting Started
External Certificate Setting
In the PageScope Web Connection administrator mode, select
and then
!
Detail
•To check the root signature in Certificate Verification, register the external
certificate you want to view when checking the root signature as
necessary.
•For details on how to use PageScope Web Connection, refer to the
User's Guide [Web Management Tool] supplied together with the MFP.
2
[Security] ,
[PKI Settings] - [External Certificate Setting].
ItemDescription
Certificate typeSelect the type of the external certificate you want to
display, and click [Changes the display]. You will see a
list of the selected types of external certificates.
[New Registration]Click this button to register a new external certificate.
Click [Browse] in the New Registration screen, and
specify a new external certificate.
IssuerDisplays the issuer of the external certificate.
SubjectDisplays the destination to issue the external certificate.
Validity PeriodDisplays the validity period of the external certificate.
DetailView the detailed information about the external
DeleteDisplays the deletion confirmation dialog box. If
AU-211P20
certificate.
necessary, you can delete the external certificate.
Getting Started
<New Registration>
ItemDescription
FileClick [Browse] in the Import Certificates (PEM/DER)
2
screen, and specify a new external certificate to be
registered.
• If [Trusted CA Root Certificate] is selected,
register the root certificate from the CA
(Certificate Authority).
• If [Trusted CA Intermediate Certificate] is
selected, register the intermediate certificate from
the CA (Certificate Authority).
• If [Trusted EE (End Entity) Certificate] is selected,
register the certificates individually.
• If [Non-Trusted Certificate] is selected, register
the non-trusted certificates individually.
2.3.7Enabling TPM (Trusted Platform Module)
If TPM (Trusted Platform Module) is installed, enable TPM on this machine.
2
Note
An optional i-Option LK-115 is required to use TPM on this machine.
AU-211P21
Loading...
+ 50 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.