Preparing the Device and Network Environment

This section describes the procedure for specifying the settings for the devices to restrict and the network environment.

Setting the Date/Time

In the Access Management System, the date/time settings of all equipment that comprises the system (devices, client computers, server computers, etc.) need to match.
If you are using imageRUNNER ADVANCE devices, set the date and time correctly in [Date/Time Settings] in [Timer/Energy Settings] in [Preferences] on the [Settings/Registration] screen of the device.
For more information, see the instruction manuals of the device.

Specifying the Network Settings

To install the Access Management System, it is necessary to set the devices to be accessible from the network.
If you are using imageRUNNER ADVANCE devices, specify the various items in [Network] in [Preferences] on the [Settings/Registration] screen of the device.
For more information, see the instruction manuals of the device.
IMPORTANT
If the device is already operating on the network (documents can already be printed or sent from a computer), this operation is not required.

Registering DNS Server

To use a device in a domain environment, it is necessary to register the DNS server to use on the device.
If you are using imageRUNNER ADVANCE devices, this can be set from [Network] in [Preferences] on the [Settings/Registration] screen of the device.
For more information, see the instruction manuals of the device.
IMPORTANT
This operation is not required if the device is already being operated in a domain environment.

Making Devices Accessible from Web Browsers

To operate the Access Management System, it is necessary to set the devices to be accessible from Web browsers.
For more information, see the instruction manuals of the device.
IMPORTANT
The devices cannot be connected to via a proxy server. If you are using a proxy server, add the IP address of the device to [Exceptions] (addresses to not use a proxy server for) in the proxy server settings of the Web browser (contact your company network administrator, as the required settings differ according to the network environment).
This function cannot be used unless Cookies, JavaScript, and JavaApplet are enabled in the Web browser.
When entering characters from a Web browser, only use characters that can be entered from the touch panel display of the device. If you use other characters, the device may not display/recognize them correctly.

Registering the System Manager ID

To restrict device usage properly in the Access Management System, it is necessary to register the System Manager ID in advance.
If you are using imageRUNNER ADVANCE devices, set the System Manager ID in [System Manager Information Settings] for [User Management] in [Management Settings] on the [Settings/Registration] screen of the device.
For more information, see the instruction manuals of the device.
IMPORTANT
For imageRUNNER ADVANCE devices, the user can use the system management functions allowed for the [Administrator]/[DeviceAdmin]/[NetworkAdmin] role without knowing the System Manager ID and System PIN.

Setting the LDAP Server

If you are using the LDAP authentication method, set the LDAP server information in User Authentication. For more information, see the instruction manuals of the device.

Setting the DNS Server

When operating the device in a multi-domain environment, set the DNS server to ensure the following. For details on setting the DNS server, see the documentation for the DNS server.
Name resolution can be performed with the DNS domain name of the Active Directory used for authentication (IP address of the domain controller can be retrieved)
The DNS server supports SRV records
If the port number for the LDAP port has been changed on the Active Directory side, the following settings are also required.
The information for the LDAP service of Active Directory is registered as an SRV record as follows:
Service: '_ldap'
Protocol: '_tcp'
Port number: port number actually used by the LDAP service of the Active Directory domain (zone)
Host provided by this service: host name of the domain controller actually provided by the LDAP service of the Active Directory domain (zone)
IMPORTANT
This operation is not required if the device is already being operated in a multi-domain environment.

Setting the Domain Trust Relationships

With the Access Management System, you can restrict devices that belong to domains trusted by the domain in which the user belongs to.
When operating the Access Management System with the Active Directory authentication, if the domain that the user belongs to and the domain that a device belongs to differ, it is necessary to set a bilateral trusted relationship between the domains.
IMPORTANT
This operation is not required if you are operating the Access Management System using authentication method other than Active Directory authentication.
You cannot restrict devices that belong to a domain other than the domain the user belongs to with trusted relationships that occur due to the hierarchical structure of Active Directory. Set direct trusted relationships.