This is a login service which can be used in an Active Directory environment network or in the machine. You can register/edit user data and specify administrator/end user settings in the following location:
Domain authentication is performed in Active Directory.
Local device authentication is performed in the memory of the machine from a web browser.
SSO-H contains the following functions:
Enables the functions of the machine and MEAP applications, etc., to be used after being authenticated once.
Contains a user authentication system that connects with the domain controller, and has two compatible user authentication systems, which can be used even when there is network trouble and only the machine can be authenticated. These two user authentication systems can be used together or alone.
SSO-H includes the following three user authentication systems:
'Domain Authentication'
'Local Device Authentication'
'Domain Authentication + Local Device Authentication'
|
IMPORTANT
|
|
If you are logging in as the administrator for the Local Device Authentication and the user name and password is still the default setting, the screen to change the password is displayed when you click [Log In]. Change the password to increase the security.
|
|
NOTE
|
|
The three user authentication systems can be switched using a web browser. (See "Setting the User Authentication System.")
The default setting is 'Domain Authentication + Local Device Authentication.' To increase the security, set the user authentication system to 'Domain Authentication' or change the user name and password of the Local Device Authentication for the administrator immediately after you start using the SSO-H.
|
Domain Authentication is a user authentication method that logs in to the machine and authenticates the domain on the network by connecting with the domain controller of the Active Directory. In addition to the user that belongs to the domain with the machine, you can authenticate up to 200 users that belong to the domain that is directly related to the domain with the machine. The domain name is selected by the user when logging in.
A user authentication system which only uses the machine. This users to be authenticated are registered/managed using a database inside the machine. [This device] is the login destination.
A user authentication system which includes the functions of both Domain Authentication and Local Device Authentication. This is useful for using Domain Authentication to authenticate users registered/managed in Active Directory, and using Local Device Authentication to authenticate temporary users which cannot be added to Active Directory.
In the example below, users belonging to Domain A (which includes the machine), and users belonging to Domain B (which is bi-directionally trusted by Domain A), can be authenticated, and users registered in the machine itself can be authenticated. The location to log in to (domain name or [This device]) is selected by the user when logging in.
|
IMPORTANT
|
|
When using Domain Authentication, if the server cannot be accessed because of trouble such as network failure, it may take up to five minutes for the login screen to be displayed on the touch panel display after the machine is started.
To use Local Device Authentication and Department ID Management at the same time, the information registered for Local Device Authentication and the user information for Department ID Management (Department ID and passwords) must match.
You cannot use the optional control card reader with 'Domain Authentication' or with 'Domain Authentication + Local Device Authentication'.
|
When SSO-H is set as the login service, two types of login screens exist.
For instructions on logging in from the touch panel display, see "Using a Login Service."
Select the login destination, and enter a user name and password to log in to the Remote UI or a MEAP application (including login applications).
Select the login destination using the Login Destination drop-down list.
|
NOTE
|
|
The names of the domains which allow user authentication are displayed in the Login Destination drop-down list in alphabetical order. However, regardless of the items displayed in the Login Destination drop-down list, the domain which the machine belongs to is displayed at the top of the list, and [This device] is displayed at the bottom of the list.
|