How to enable authentication for the Toshiba Unified Client component

This procedure describes how to enable authentication at the global level.

This procedure configures authentication for all devices in all groups. To configure authentication for a group, see Enabling authentication at the group level.

  1. In the Toshiba Unified Client component settings dialog box, double-click the group you want to edit.
  2. In the Group Settings dialog box, click the Authentication tab.
  3. Select the Requires Authentication check box.
  4. In the Authentication Type box, select the authentication method you want to use:
    Option Description
    Windows

    This will prompt the user for a Windows user name, domain and password.

    Enter the default domain in the Domain box under Windows. Do not use the fully qualified Domain Name Server (DNS) domain name. Do not use top level domain qualifiers such as .com, .net or .org. For example, if the user is listed as mydomain/user1 or user1@mydomain.domain.com, then in a User Principal Name (UPN) format, the domain should be "mydomain", not "mydomain.domain.com".

    Custom Scripting

    The administrator has full control over the prompts that will be presented to the user as well as how the prompts are validated.

    Note: LDAP may be used for authentication of lookup data.

Custom Scripting authentication

  1. Configure the prompts that will be used to collect user information.
    1. On the Authentication tab of the Group Settings dialog box, click the Prompts button.
    2. To add a prompt type the name of the prompt in the Name column in the prompt list.
    3. In the Display column, type an alternative text to use as the label for the prompt at the MFP.
      If the display value is left empty then the prompt name will be used as the label as well.
    4. In the Defaultcolumn, type a default value for the prompt (this is optional).
    5. Select the Required check box if the user must enter a value for this prompt.
    6. Select the Masked check box if the prompt text that is displayed at the device panel should be masked for security.
    7. Click Save.
  2. Enter the path to the VB.NET script that contains the code that will authenticate the user after he has filled the prompts at the device.
    • If you have an existing script you want to use you can click the browse button (...) next to the Script File box.
    • You can also click the Edit Script Code button to open a script editor window with basic script code.
    For details on the script editor window and the object model used to authenticate users please refer to the Toshiba Unified Client Scripting Guide by clicking the help button in the script editor window.
  3. Select the Use an LDAP search to retrieve additional information check box if you need to look up the email address and other attributes about the authenticated user.
    Note: When windows authentication is selected the email address is retrieved automatically as part of the authentication, so an LDAP search is not required if only the email address is needed.
  4. If you select the Use an LDAP search to retrieve additional user information check box, click Configure to enter the settings for the LDAP search:
    Option Description
    LDAP Server Type the address or host name of the LDAP server.
    Root DN Type the distinguished name for the node where the search should start. For example: DC=Sales, DC=MyCompany, DC=com. If this field is left empty, then the starting point of the search will be the root of the directory tree.
    Login as anonymous Select this check box to allow anonymous connections to the LDAP server.
    Login with following credentials Select this check box to log in to the LDAP server with the specified User name and Password.
    Directory Type Select the type of directory that it will be searched, if an option other than Custom is selected then predefined attributes will be used to match the authenticated user name and retrieving the email address.
    Match User name against This option configures a variable that can only be changed by the system administrator. Check with your system administrator to adjust this settings.
    Get email address from This option configures a variable that can only be changed by the system administrator. Check with your system administrator to adjust this settings.
    Additional attributes Type the name of the user attributes separated by a semicolon. If no attributes are specified in this box then only the email address will be retrieved. These attributes will be available as user attributes replacement tag names (URTNs). For more information about URTNs supported by this component, see Toshiba Unified Client component RRTs.
  5. To test the search settings, enter a sample user name in the User name box and click Test.

Using authentication in AutoStore in combination with authentication at the device

  • Using no authentication (option None in the Authentication tab):
    • The user will be taken directly to the device menu.
    • ~SenderRRT variables will use device credentials.
  • Using Windows authentication ~SenderRRT variables will use device credentials and the user will be taken directly to the device menu in the following cases:
    • The device has been configured to use Windows authentication.
    • The device has been configured to use third-party authentication that passes valid Windows credentials (name and domain). If the domain is not passed, then the user must be in the default domain that has been configured for Windows authentication.
    In any other cases the user will be prompted for credentials.
  • Using an authentication method based on a Custom Script.
    • If the custom script has prompts configured, the user will be shown a logon screen where the specified prompts must be re-entered. The associated script will have access to device credentials in addition to the prompt information (for details on the object model used in authentication scripts see the Toshiba Unified Client Scripting Guide). ~SenderRRT variables will use credentials based on the results of the script.
    • If the custom script does not have prompts configured, the initial logon screen is skipped and the associated custom script is invoked immediately and the associated script will have access to the device credentials. If the result of the script is that authentication is not valid, then the user will see an error message. At this time the only option for the user will be to Exit. If the authentication is valid, ~SenderRRT variables will use credentials based on the results of the script execution.