Configuring authentication

By enabling authentication at this level (by selecting this tab), the user is enabling authentication at a global level. This authentication procedure will be used for all devices. The user does also have the option of enabling authentication at the group level.

  1. Click the Authentication tab.
  2. On the drop down menu for Authentication Type, select the authentication method you want to use:
    Option Description
    Windows Select this option to use Windows authentication. This will prompt the user for a Windows user name, domain and password. In the Domain box, enter the name of a Windows domain to be used as the default domain for authentication.
    Custom Script The administrator has full control over the prompts that will be presented to the user as well as how the prompts are validated. In the Script File Path box, specify the script to be used for authentication.
    Note: LDAP may be used for authentication of lookup data.

Custom Scripting authentication

  1. Configure the prompts that will be used to collect user information.
    1. Click the Prompts button.
    2. To add a prompt type the name of the prompt in the Name column in the prompt list.
    3. In the Display column, type an alternative text to use as the label for the prompt at the MFP.
      If the display value is left empty then the prompt name will be used as the label as well.
    4. In the Default column, type a default value for the prompt (this is optional).
    5. Select the Required check box if the user must enter a value for this prompt.
    6. Select the Masked check box if the prompt text that is displayed at the device panel should be masked for security.
    7. Click OK.
  2. Enter the path to the VB.NET script that contains the code that will authenticate the user after he has filled the prompts at the device.
    • If you have an existing script you want to use you can click the browse button (...) next to the Script File box.
    • You can also click the Edit Script Code button to open a script editor window with basic script code.
    For details on the script editor window and the object model used to authenticate users please refer to the Ricoh SOP Component Scripting Guide by clicking Help in the script editor window.
  3. Select the Use an LDAP search to retrieve additional information check box if you need to look up the email address and other attributes about the authenticated user.
    Note: When windows authentication is selected the email address is retrieved automatically as part of the authentication, so an LDAP search is not required if only the email address is needed.
  4. If you select the Use an LDAP search to retrieve additional information check box, click Configure to enter the settings for the LDAP search.
    This opens the LDAP Lookup Settings dialog box. For more information about options in this dialog box, see LDAP Lookup Settings dialog box.
  5. To test the search settings, enter a sample user name in the Username box and click Test.

Using authentication in AutoStore in combination with authentication at the device

  • Using no authentication (option None in the Authentication tab):
    • The user will be taken directly to the device menu.
    • ~SenderRRT variables will use device credentials.
  • Using Windows authentication ~SenderRRT variables will use device credentials and the user will be taken directly to the device menu in the following cases:
    • The device has been configured to use Windows authentication.
    • The device has been configured to use third-party authentication that passes valid Windows credentials (name and domain). If the domain is not passed, then the user must be in the default domain that has been configured for Windows authentication.
    In any other cases the user will be prompted for credentials.
  • Using an authentication method based on a Custom Script.
    • If the custom script has prompts configured, the user will be shown a login screen where the specified prompts must be re-entered. The associated script will have access to device credentials in addition to the prompt information (for details on the object model used in authentication scripts, see the Ricoh SOP Component Scripting Guide). ~SenderRRT variables will use credentials based on the results of the script.
    • If the custom script does not have prompts configured, the initial login screen is skipped and the associated custom script is invoked immediately and the associated script will have access to the device credentials. If the result of the script is that authentication is not valid, then the user will see an error message. At this time the only option for the user will be to Exit. If the authentication is valid, ~SenderRRT variables will use credentials based on the results of the script execution.