Filter
Top Products
Configuring Common Access Card access
A set of Public Key Infrastructure (PKI) embedded applications comes installed on the MFP. These applications provide
for additional functionality, including the use of Smart Cards such as the Department of Defense Common Access Card
(CAC). For more information on using a card reader with your MFP, see “Using a Common Access Card to access the
printer” on page 50.
Note: You must configure Kerberos before setting up CAC access. For information about configuring Kerberos, see
“Kerberos” on page 19.
Step 1: Start the authentication token application
The authentication token application comes in a “Stopped” state and must be started before you configure PKI
Authentication.
1 From the Embedded Web Server, click Settings > Device Solutions > Solutions (eSF).
Note: For information on accessing the EWS, see “Using the Embedded Web Server” on page 15.
2 On the Solutions tab, verify that the authentication token is not running. If it is not, then select the check box next
to the application, and then click Start.
After the Solutions tab reloads, the authentication token application should be listed as “Running.”
Step 2: Configure PKI Authentication
PKI Authentication provides the login screen and authentication mechanism and supports user authorization to the
MFP and its functions.
1 From the Embedded Web Server, click Settings > Device Solutions > Solutions (eSF).
2 Select the check box next to the PKI Authentication application, and then click Start. When the Solutions tab reloads,
PKI Authentication should be in a “Running” state.
3 From the Solutions tab, click PKI Authentication > Configure.
4 For Logon Type, select Card Only so that users will be required to insert a Common Access Card to access the MFP.
5 Select whether the Card PIN can be numeric only or alphanumeric.
6 If you want to, provide a custom Logon Screen Text with special instructions for users or a custom Logon Screen
Image. Custom screen images must be in GIF format and must not be larger than 800 x 320 pixels.
7 Clear the Allow Copy without Card and the Allow Fax without Card check boxes.
8 Set “User Validation Mode” to Active Directory.
9 Select the Use Device Kerberos Setup check box to use the Kerberos settings already configured on the MFP, or
clear the check box to use Simple Kerberos Setup.
10 For Simple Kerberos Setup, you must provide:
• Realm—This is the Kerberos realm as configured in Active Directory, typically the Windows Domain Name. The
realm must be entered in uppercase.
• Domain Controller—This is the IP address or host name of the domain controller used for validation. Multiple
values can be entered, separated by commas. They will be tried in the order listed.
30