Configure Smart Card Authentication Settings
- Product support for
- AltaLink B8145 / B8155 / B8170 Multifunction Printer
- Article ID
- KB0029049
- Published
- 2020-02-28
When the Smart Card Authentication feature is configured, users swipe a pre-programmed identification card at the control panel.
Before you configure the Smart Card Authentication feature, purchase and install a smart card reader system.
The Login Methods page in the Embedded Web Server provides links to authentication and personalization configuration settings.
Access the Embedded Web Server and log in to the Embedded Web Server as a System Administrator.
In the Embedded Web Server, click Properties→Login/ Permissions/ Accounting→Login Methods.
Set the login method to Smart Cards. For details, refer to Set the Login Method for the Control Panel.
In the Configuration Settings table, configure the options for Smart Card Authentication:
To provide information about your domain controller servers, and to configure domain controller and NTP settings, for Domain Controllers, click Edit. For details, refer to Domain Controller below.
To configure certificate validation options and to provide information about your OCSP server, for Certificate Validation, click Edit. For details, refer to Configuring OCSP Validation Server Settings below.
To configure the inactive time limit, for Smart Card Inactivity Timer, click Edit. For details, refer to Setting the Inactive Time Limit below.
If needed, specify the method that the printer uses to acquire the email address of users. For Acquiring Logged in User's Email Address, click Edit. For details, refer to Specifying the Method the Printer Uses to Acquire Email Address of Users below.
To display your company logo on the blocking screen, for Import Customer Logo, click Edit.
If you selected an alternate login method that requires a network authentication server, provide information about the server. For Authentication Servers, click Edit. For details, refer to Configuring Network Authentication Settings.
To enable personalization for logged-in users, for Personalization, click Edit. For details, refer to Enabling Personalization.
To view or delete personalization profiles, for Personalization Profiles, click Edit. For details, refer to Viewing and Deleting Personalization Profiles.
To provide information about your LDAP server for personalization, for LDAP Servers, click Edit. For details, refer to Configuring LDAP Server Optional Information.
To enable or disable the logout prompt at the local user interface, for Log Out Confirmation, click Edit. For details, refer to Disabling the Logout Confirmation Prompt below.
Setting Up Authentication for a Smart Card System
Domain Controller
On the Login Methods page, for Domain Controllers, click Edit. Users cannot access the device until the domain controller validates the smart card domain certificate.
Click Add Domain Controller.
If you are using a Windows-based domain controller, for Domain Controller Type, select Windows-Based Domain Controller.
Type the domain controller server address information.
To apply the new settings, click Save. To return to the previous page, click Cancel.
Note: Before you access the device, ensure that the domain controller server has validated the domain certificate on the smart card. To install domain controller certificates, refer to Security Certificates.To change the search priority of the domain controller, click Change Domain Priority.
To change the priority of the server, select a server in the list. To move the selected server up or down in the priority list, click the arrows.
Click Close.
To ensure that the printer and the domain controller are synchronized, enable and configure NTP settings:
For NTP, click Edit.
Synchronize the domain controller time with the time set on the device.
Note: Xerox recommends that you enable NTP to ensure time synchronization. For details, refer to Enable NTP.
To return to the Login Methods page, click Close. To associate an LDAP server with your Domain Controller for authorization or personalization, under LDAP Server Mapping, click Add LDAP Mapping.
Configuring OCSP Validation Server Settings
If you have an OCSP server, or an OCSP certificate validation service, you can configure the printer to validate certificates installed on the domain controller.
Before you begin: Add a domain controller.
On the Login Methods page, next to Certificate Validation, click Edit.
Select a validation method and click Next.
On the Required Settings page, type the URL of the OCSP server.
To ensure that the printer can communicate with the OCSP server and the domain controller, configure your proxy server settings as needed.
For each domain controller listed, under Domain Controller Certificate, select the corresponding domain controller certificate from the menu. If there are no certificates installed, click Install Missing Certificate.
Click Save.
Setting the Inactive Time Limit
On the Login Methods page, next to Smart Card Inactivity Timer, click Edit.
Specify the maximum amount of time before a user is logged out automatically. Type the time in minutes.
Click Save.
Disabling the Logout Confirmation Prompt
On the Login Methods page, for Log Out Confirmation, click Edit.
To disable the log out confirmation prompt on the device control panel, select Yes.
Click Save.
Specifying the Method the Printer Uses to Acquire Email Address of Users
On the Login Methods page, next to Acquired Logged-in User's Email Address, click Edit.
Under Acquire logged-in user's email address from, select an option:
Auto instructs the printer to attempt to acquire the email address of the user from the Smart Card. If an email address is not associated with the Smart Card, the printer searches the Network Address Book. If an email address is not found, the printer uses the email address
specified in the From Field. Edit From Field settings on the Required Settings tab of the Email Setup page.Only Smart Card instructs the printer to acquire the email address of the user from the Smart Card.
Only Network Address Book (LDAP) instructs the printer to search the Network Address Book to acquire the email address of the user.
To configure LDAP server settings, under Server Configuration, next to Network Address Book (LDAP), click Edit.
To enable or disable Personalization, under Feature Enablement, next to Acquire Email from Network Address Book, click Enable Personalization or Disable Personalization.
Click Save.