Xerox ColorQube 8700 Installation Guide
Contents
1. Troubleshooting Smart Card 42 Installation and Configuration Guide2. Card device certificate could not be found is Check the Operator s CAC to see invalid has expired or been revoked which Root CA and Intermediate CA issued the CAC certificates Card reader not detected The card reader has been Verify that the card reader is disconnected properly connected If you suspect the reader has failed swap with a known working reader 40 Installation and Configuration Guide Smart Card Troubleshooting Problem Possible Cause Solution Invalid Timestamp Authentication NTP not enabled or properly Verify that Network Time Protocol failed due to a time or date difference configured is correctly set up refer to Enable between the device and the remote NTP Service on page 21 server Domain Controller GMT offset is not set correctly If you are not using DHCP verify the date and time and GMT Offset Time Zone is correct Instructions are available in the System Administrator Guide Verify that GMT offset is correct for Daylight Savings Time Unforeseen errors are mapped to this error message Cannot see the Internet Services web IP Address incorrect or has been reset Check the IP Address printed on page the configuration report Ensure the DHCP settings match your site settings To print a configuration report at the Xerox device select Machine Status then Information Pages Select the Configuration Report from the list and select Print Installation and Configuration Guide 41
3. Instructions are available in the System Administration Guide Configure E mail Defaults 19 Select the Defaults tab a Select the required options for e mail default settings b Save your changes Configure E mail Compression 20 Select the Compression tab a Select the required Compression Settings b Click Apply ee ee i na P LIW Optimiratce too Pani Mob Veewieg PL POF A Pastis Configure E mail Security 21 Select the Security tab a Select Encryption Signing Edit b Select the required Encryption EE meda Enablement setting EEJ Emal Encryption signing infarmabese r y pkaki DET ELEOKE PARC 1 b pew ath tha da d BEL briot core gerecl e Off E mail cannot be signed sera ees ee e Always On E mail must be signed e Editable by user E mail can be sent signed or unsigned according to local user settings c If you selected Editable by User select On for E mail Encryption Default if you require signing to be on by default Select the required Encryption Algorithm Select Apply 30 Installation and Configuration Guide Smart Card Installation 22 If you want to configure e mail domain restrictions click Edit in the Network Policies area dilan pikih are biip vil Sal ah E baaria a Select the required restrictions _ aoe 29 Security Network Policies e Domain Filtering enables you to configure a list of domains to allow or block
4. KK K kk kk kk kk k kk k e kk e e sa 7 S pport d C rd TYPES sj ys sy osan ee ee ee 7 Minimum Software Levels 0 kk KK KK kK KK KK KK KK KK KK kk k kk k kk kk k kk k kk 8 Documentation and Support W Wk KK kK KK KK KK KK KK kk kk kk kk kk kk kk 8 2 Preparation Configuration Checklist LAWA KK KK KK KK EK KK eau KK KK KK aes weet kk kk k 9 3 Installation Hardware Installation ik kc hek l n sad Alan h h h 2 2a EErEE A An An 2n 12 Connect the USB Smart Card Reader to the MFD KK KK KK KK 12 Software ConhfiqU rdti0h p54 i ss sula sl ee uns al ela l G5 l dk al ln ave l lel a 9 we ooh eos ela 18 Enter the Smart Card Enablement Key 0 KK KK KK KK KK KK KK KK KK KK KK KK K 18 Configuring the Smart di Ls s su xa k el nuna newn Wara wena u bunlar n dd b y teen WW Md 20 Configure Smart Card Authentication eonn asuaan sussen KK KK KK KK KK KK KK k k 20 Enable NTP Service Wk kk kk kk kk kk kk kK kk kk k k kk k kk e kk ek k ek e e ek 21 Configure Alternate Authentication WW kK KK KK KK KK KK KK KK kk K k kk kk ka 22 Configure a Security Certificate WAK ccc KK KK KK KK KK k kk kk k
5. PIV II e Gemalto NET Other card types may function with the solution but have not been validated Installation and Configuration Guide 7 Introduction Smart Card Minimum Software Levels Minimum System Software Access Version oe i Client Rijkspas WorkCentre 3655 072 060 034 16800 Yes Product ColorQube 87xx 89xx Yes ColorQube 93xx Yes To identify the software level on your machine press the Machine Status button on the Control Panel The System Software Version number is displayed Documentation and Support For information specifically about your Xerox product the following resources are available e System Administrator Guide provides detailed instructions and information about connecting your device to the network and installing optional features This guide is intended for System Machine Administrators e User Guide provides detailed information about all the features and functions on the device This guide is intended for general users Most answers to your questions will be provided by the support documentation supplied for your product Alternatively you can contact the Xerox Support Center or access the Xerox website at www xerox com 8 Installation and Configuration Guide Preparation This section explains the preparation and resources required to install the Smart Card feature Configuration Checklist The following items are required to complete the installation Summary Status 1 Obtain t
6. Printing Features on Cd page 32 Installation and Configuration Guide 9 Preparation Smart Card 10 Installation and Configuration Guide Installation This section provides instructions for installing and configuring the Smart Card solution There are four main installation procedures to follow in sequence Hardware Installation Unpacking the Smart Card Enablement kit and installing the card reader device Enabling the Smart Card Use the Feature Enable Key to enable the Smart Card to be configured Configuring the Smart Card Enabling the Smart Card function and customizing the settings Using Smart Card Instructions on how to use the card reader device to access the device functions Installation and Configuration Guide 11 Installation Smart Card Hardware Installation Connect the USB Smart Card Reader to the MFD Install the card reader device using the following instructions 1 Unpack the Smart Card Enablement Kit The kit contains the following items Smart Card Enablement Guide 1 Four Dual Lock Fastener pads Velcro 2 Three Cable Ties 3 One Ferrite Bead 4 Ensure you have read the licence agreement and agree to the terms and conditions specified prior to installation 12 Installation and Configuration Guide Smart Card Installation 2 Locate the card reader device being installed There are four types of card reader available one upright model or three slimline models Locate the d
7. E Sap Favorites qiz g XEROX WORKCENTRE 5t ge Web Slice Gallery E XEROX WORKCENTRE Status Centreware AEROX WorkCentre 5865 Internet Services Jobs Print Scan i Address Book Properties Support Password Statie Jobs Print Scan Addrece Book Properties aT Loge Poarminsions Actoesting B Login Methods Login Permizsionss AccounE ing bai Teach Ul Method Web UL Method User Permesmiona Liner Ham Patdw rd Liner Hama Pasrwerd Accounhrsg Method Walaa on the Devoe Walidate on the Device Deve User Database Services Securty Personalize Tauwech UT Enabled Batra n Profile beformstion for the Legged In User F ca Hi Required Mal Configured Installation and Configuration Guide Smart Card Installation e From the Touch UI Method drop ee orre Eee down menu select Smart Cards Login Permissions Accounting Login Hathods Ceahgurahes Csr Gescriotion Edit Login Methods General Setup Connectivity Login Permissions l Accounting Towch UI Method A i Usar Hame Password Validate onthe Desce Leer Permissions Aggeunting Hathed Device User Database Dama neia Ner Secure Access Uded l Sy Security TO datometically retrieve the following information for the suthenticogted user from LDAP Home directory for the Scan to Heme parvisa Ezidl address for the E mad aed internet Fax services f If you require user
8. P server i Select the required LDAP Server from the drop down list j Enter the LDAP Search Directory Root This is typically related to the servers domain name For example if the server s Fully Qualified Domain Name is Hostname Example Search Root the search directory root is dc Example dc Search dc Root k Enter the required Login Credentials to Access LDAP Server l Click Apply m Click Close n Select LDAP Policies o Select Enable SASL Binds to LDAP Note Smart cards use a ticket based authentication to LDAP and require SASL for authentication p Click Save q Click Close Configure SMTP E mail Settings 12 Inthe E mail Setup screen select the Required Settings tab a Select SMTP Edit Installation and Configuration Guide 27 Installation Smart Card b Select Use DNS to identify SMTP FE EREE Server to configure the server amnes COE aeo canta EAA E AMERRE ter nae address using DNS or select IP Address or Host Name and enter the SMTP server address c Enter the required Device E mail Address d Select Save Configure SMTP Authentication 13 Select SMTP Edit a Select the SMTP Authentication ta b a at SHIP Loge credemtesly apoled bo a il jeba sari dare ihe PEZE ran kiren s erh lain r azm SMTP E mail Remed Iniesta b For the required method of authentication for SMTP Login credentials applied to e mail jobs sent fro
9. Queue the MFD holds sent jobs in an unlocked folder Users are not required to log in at the Control Panel c Select the required option for Unidentified Job Policies User ID Unknown Further details are available in the System Administrator Guide 32 Installation and Configuration Guide Smart Card Installation Configure Secure Print Driver Defaults The Secure Print feature allows you to send a job to the MFD with a unique passcode Jobs are stored at the MFD until the user enters the same passcode to release them Further information about how to use Secure Print is available in your User Guide You can configure the Secure Print Driver Default settings to require the user to enter a User ID to release secure print jobs at the Control Panel instead of a passcode If you want to configure Secure Print Driver Defaults follow these instructions 1 Access Internet Services and select Properties Refer to Access Internet Services on page 18 for instructions a Select Services gt Printing gt Secure Print b Select the Print Driver Defaults tab c Select the required Method e Passcode requires users to type a passcode to release their Secure Print jobs at the Control Panel If required enter a number from 4 10 to specify the length of the Secure Print Passcode e User ID requires users to log in at the Control Panel to release their Secure Print jobs d Click Apply Further information on how to configu
10. Version 3 0 October 2014 Smart Card Installation and Contiguration Guide CAC PIV Net Access Client amp Rijkspas Xerox WorkCentre 3655 Multifunction Printer Xerox WorkCentre 5845 5855 5865 5875 5890 Multifunction Printer Xerox WorkCentre 5945 5955 Multifunction Printer Xerox WorkCentre 6655 Multifunction Printer Xerox WorkCentre 7220 7225 Multifunction Printer Xerox WorkCentre 7830 7835 7845 7855 Multifunction Printer Xerox ColorQube 8700 8900 Multifunction Printer Xerox ColorQube 9301 9302 9303 Multifunction Printer E en EZAN EEE 2014 Xerox Corporation All rights reserved Xerox Xerox and Design ColorQube and WorkCentre are trademarks of Xerox Corporation in the United States and or other countries BR10996 Other company trademarks are also acknowledged Changes are periodically made to this document Changes technical inaccuracies and typographic errors will be corrected in subsequent editions Document version 3 0 October 2014 Table of Contents 1 Introduction Smart Card Feature Overview 0 ccc ccc KK K kk kK een k kk kk ees 6 a ln sa yen Ss Lzww rc_cco o e o oleeeeeremmmhbazan 6 AAA ALJO 3 te re 6 E mail Signing and Encryption kk kk ccc ec KK KK KK KK KK K kk k kk k k 6 Supported Card Readers WWW kk kk kk kk KK
11. ain Controller Certificate 7 Complete these steps if you want to install a domain controller certificate a Inthe Properties tab select the Security link b Select Certificates gt Security Certificates c Select the Domain Controller Certificates tab d Click Install Domain Controller Certificate LAPTG e Click the Browse button and mn arr Es navigate to the location of your Domain Controller certificates f Click Next g Continue until all required certificates have been uploaded Configure SSL 8 SSLis used to provide a secure connection between your computer and the MFD when security certificates are configured on the MFD SSL is automatically enabled on the device If you do not want to configure SSL proceed to Configure Certificate Validation on page 25 a Inthe Properties tab select the Connectivity link b Select Setup c Inthe Protocol list select HTTP Si En Edit E re d If you want to Force Traffic over SSL select Yes All HTTP requests will be switched to HTTPS e Select the required certificate from the Choose Device Certificate drop down menu f If you have changes to apply select Save and the device will reboot automatically If you have not made any changes select Cancel 24 Installation and Configuration Guide Smart Card Installation Configure Certificate Validation 9 If you do not require certificate validation proceed to Configure Smart Card Inact
12. art cards The MFD will automatically determine which type of smart card type is inserted in the card reader and use the appropriate software libraries to communicate with the specific card Authentication settings are configured on the MFD according to the network infrastructure Hold All Jobs Xerox offers a feature called Hold All Jobs This feature ensures all jobs are held securely at the MFD and are only available for release after a user has authenticated at the MFD The MFD holds the jobs for a specified period of time and releases them only when the user releases them at the MFD It is not necessary to enter a secure print PIN to use this feature To use Hold All Jobs the print driver needs to be configured to either pull the user s name alias from the smart card certificate or from the Windows Operating System See the instructions in this document to configure the print driver This feature provides the following benefits e Banner Pages are not required to separate jobs which reduces waste e Users can manage their held jobs more efficiently Users can select only the jobs they want to print and delete older versions of documents that they no longer wish to print e Confidential documents are held in the queue for the owner to release them rather than waiting in the output tray to be picked up E mail Signing and Encryption With Smart Card authentication the MFD has full access to the user s public and private keys a
13. ce 7 Connect the card reader to the Xerox device Insert the USB connection into the slot provided on the rear of the network controller Use the cable ties provided to ensure the cabling is neat and tidy The hardware installation is now complete Installation and Configuration Guide ie Installation Smart Card Software Configuration Enter the Smart Card Enablement Key Before you configure the Smart Card solution you need to enable the Smart Card feature on your Xerox device using Internet Services The Feature Enablement Key is printed on the inside cover of the Enablement guide provided within the Smart Card kit Follow the instructions below to enable the device software 1 Access Internet Services a Open the web browser from your Workstation b Inthe URL field enter http followed by the IP Address of the device For example If the IP Address is 192 168 100 100 enter the following into the URL field http 192 168 100 100 c Press Enter to view the Home page 2 Access Properties a Select the Properties tab b If prompted enter the Administrator User ID and Password The default is admin and 1111 c Select the Login button 3 Enable the Smart Card software a Select the Properties link b Select the Login Permissions Accounting link c Select the Login Methods link Select the Touch UI Method button 18 Status Ow ena aar E http 192 168 100 100 EL
14. e Properties tab select the Security link b Select Certificates gt Security Certificates c Select the Xerox Device Certificate tab d Select Create New Xerox Device mean Diocese TE unke Certificate Gra a e Complete the Self Signed Certificate fields f Select Finish a w n Ee g Proceed to Configure SSL on page 24 __ eae qk ee Import a Certificate Authority Certificate 6 Complete these steps if you want to import a certificate from a Certificate Authority In the Properties tab select the Security link b Select Certificates gt Security Certificates c Select the Root Intermediate Trusted Certificate s tab ar SSS TT TI TTIT TT TTTIITTTITTT d Click Install external a Root Intermediate trusted certificates e Click the Browse button and navigate to the location of your cera ies ee en ofan li el veke et ei i a Certificate Authority certificates f Click Next g If the certificate is encrypted enter the password at the Password Required screen h Click Next Secunty Certficales Breer Path b certian a E Note Both RootCA and Intermediate CA certificates need to be imported to the MFD to establish a Chain of Trust for the certificates located on the operator s smart card i Proceed to Configure SSL on page 24 Installation and Configuration Guide 23 Installation Smart Card Install a Dom
15. e mails e E mail Filtering allows you to send internal e mail without the need to add corporate name This option requires your e mail server to be configured to allow this b Select Save 23 If you want to configure restrictions on email recipients click Edit in the User Policies area a Select the required settings for User Permissions b Save your changes EEE If required click Edit in the Only Ei mm Send to Self area CT toa tne aange G enn rat at d Select the required settings for User Policies e Save your changes The Smart Card settings are now configured Installation and Configuration Guide 31 Installation Smart Card Printing Features The Hold All Jobs and Secure Print features can be configured to ensure jobs are held securely at the MFD until the user authenticates at the Control Panel Configure Hold All Jobs Hold all Jobs allows you to configure the MFD to require users to release print jobs manually at the Control Panel If you want to configure Hold all Jobs follow these instructions 1 Access Internet Services and select Properties Refer to Access Internet Services on page 18 for instructions a Select Services gt Printing gt Hold All Jobs b Select the required Enablement option e Hold Jobs in a Private Queue the MFD holds jobs in a locked folder Users must log in at the Control Panel to view print and delete jobs e Hold Jobs in a Public
16. evice being installed and ensure it has been configured Note The System Administrator should configure the cards prior to the card reader being installed on the machine Installation and Configuration Guide 13 Installation Smart Card 3 Attach the ferrite bead to the reader cable Note The ferrite bead should be clipped onto the cable directly behind the connector 14 Installation and Configuration Guide Smart Card Installation 4 Attach the fasteners to the card reader device Fasteners have been provided to secure the card reader to the Xerox device Peel back the fastener backing strip Position the fastener on the under side of the card reader as shown Repeat for each of the fasteners supplied Installation and Configuration Guide 15 Installation Smart Card 5 Remove the fastener backing strips When all the fasteners have been attached to the card reader remove the backing strips on each of the fasteners 16 Installation and Configuration Guide Smart Card Installation 6 Place the card reader on the Xerox device Gently place the card reader on the device do not fix in place at this point Position the card reader in a suitable location ensure it does not obstruct any access points or the opening of doors or covers Check the cable has sufficient length to connect to the rear of the network controller Once it is in a suitable location press firmly on the card reader to fix it in pla
17. he IP address or Host Name for each applicable Windows Domain Controller NUN 2 If Domain controller certificate validation is required obtain the DC certificate for each applicable controller including all intermediate certificates up to the root cert Note This is typically only required for CAC 3 If Online Certificate Status Protocol OCSP is available obtain the IP address or Host Name for the OCSP server 4 Ifa 4 If a software upgrade is required obtain and install the required software release 4 If a software upgrade is required obtain and install the required software release is required obtain and install the required software release 5 Mount the smart card reader to the MFD and connect the USB cable to one of the rear ports See Connect the USB Smart Card Reader to the MFD on page 12 6 Install the Smart Card software Feature Enablement Key See Enter the Smart Card Enablement Key on page 18 7 Configure Smart Card Authentication NTP optional and Alternate Login optional See Configuring the Smart Card on page 20 8 Install any required certificates and configure validation settings See Configure a Security Certificate on page 22 9 Configure the MFD LDAP settings See Configure Acquiring Logged In User s E mail Address on page 26 10 Configure the MFD SMTP E mail and Signing Encryption settings See Configure SMTP E mail Settings on page 27 11 Configure Hold All Jobs Secure Print policy if required See
18. isplayed e The Machine Serial Number is displayed on this screen Note The serial number can also be found on a metal plate inside the front door 38 Installation and Configuration Guide Smart Card Troubleshooting Troubleshooting Tips The table below provides a list of problems and the possible cause and a recommended solution If you experience a problem during the installation process please refer to the During Installation problem solving table below If you have successfully installed the Smart Card solution but are now experiencing problems refer to After Installation on page 40 During Installation Problem Possible Cause Solution Card reader is installed but no Card reader is faulty e Try a different card reader message displays on the User e Contact the System Administrator Interface Card reader connection is faulty e Check the cable is plugged in correctly Refer to Connect the card reader to the Xerox device on page 17 for instructions Unplug the card reader cable then plug back in Plug the card reader into a different USB port Card reader is not compatible Check that the card reader is on the list of compatible devices refer to Supported Card Readers on page 7 Smart Card access is not enabled on Enable Smart Card through the the machine Properties set up screens using Internet Services refer to Software Configuration on page 18 Installation and Configuration Guide 39 Troublesho
19. ivity Timer on page 26 a Inthe Properties tab select the Login Permissions Accounting link b Select Login Methods 3 Select Certificate Validation Edit eem Togni koai e om in the Configuration Settings menu d Select the required Validation iren eren mn Options B Certificate Validation e If you have selected one or more option click Next to configure further settings f If prompted enter the OCSP Server e URL to be used for certificate was B Reqwired Settings S Ta kin ceveye wecatejan betes Pah eg prions deki chap DAIR agree ik RT kj 8L Q borne ceed g If prompted select Proxy Server Configure to enter the proxy server information If the OCSP server is outside the firewall a proxy server may be required to access the server h Select the Domain Controller Certificate s to be used to validate each domain controller i Click Save Installation and Configuration Guide 25 Installation Configure Smart Card Inactivity Timer 10 Smart Card If you do not require inactivity timeout settings for Smart Card authentication proceed to Configure Acquiring Logged In User s E mail Address on page 26 d e In the Properties tab select the Login Permissions Accounting link Select Login Methods Select Smart Card Inactivity Timer Edit Enter the required number of minutes for Timer Click Save eb UE Rathod ieee Seer Pape a i Looped k r is Bored Addr Imp
20. jin Mast haa User Permismers Ageing Method Device User Cotabase Ez mi CHE Security Touch and Web User Interfaces Dii o Teweh UI Methed a m i T z Smart Corde m had n Touch ID n ihia Weer Nam j Smeets beret on th Web UI Methed ner Mar Pappwgrg Woldate on the Device Ti Personalize Touch WI iai Disabled Doman Conirol r Tush ul Required Hot Configured Ea Carti ente Vahdaben Touch UI d ortens Her Configured Fi Edta Address Mook Support Login f Permissions j Accomnting gt Login Methods a Domain Controllers The daman eerbhcabe an the users sman sard needs to be waldsted on the remote domai coctroller perver before te uber gains ae fe the Merce machine Network Time Protocol NTP The Doma n Centraier ime and the Serax echoes bina nibi te b synchronged Enabling HTE op heg recommended bo ensure bime synchronization Network Time Proteral PE Optional Not Configured E cx Status Jobs Print Scan Address Book Supponi arin Darne A veer Pera rERazTI E Aitu Herod Dantes Usar Database Sanrvlena Security Logis Parerainnizan J Accoumtieg Jr re n ET EWTA KEWTE Controfiery B Add Domain Controller Domain Comlrollar Typa af Winda Based Ganen Cosiroler 2 Fyi boiress Pt Screen Host kane Dom in e Ensure Port 88 is selected unless your Kerberos Port is different f Enter the Domain this must be the fully qualified D
21. k kk kk a 22 c c cog sere rates mm mmm HH H hm r r ll oe 24 Configure Certificate Validation 0 KK KK KK KK KK KK KK KK KK KK kk k 25 Configure Smart Card Inactivity Timer 0 0 ccc ccc eee een enn K eens 26 Configure Acquiring Logged In Users E mail Address RRA KS 26 a nao aa rO rd _ BB db_bY TT TrTRTRTR_5oirMi mm n bb mm a an 32 Configure Hold All Jobs WL KK KK KK KK EK KK KK KK KK KK KK kk kk kk kk k a 32 Configure Secure Print Driver Defaults LR KK KK KK KK KK KK ees 33 Configure the Print Diver i s y sun ye x seaweeds N r wa ban l3 sees seals rab n ela 33 Confiim the InstalatioN osese 20224 sa aa a ay a h ens 3 4l144 34108042 4 020 ka 2412 244 h2 4y 8 22 4 34 Usmo Smat CONG us sika y ya x ies on oes boas 5444145 ae ee ana Wi raN We RH di di 35 4 Troubleshooting Faut 9 0 9 lt a ee ee ee ee 38 Locating the Serial Number 0 ccc ccc cee KK KK KK KK KK kk kk eee e 38 Troubleshooting L S c lt s s Ase 5445450402422224 40944 W D W WD WNN A n DD 2 y W CA A disti r 39 date e zewwooo gt w gt D DTD O O T TrrrrrmmeJJl t t cJTTTTETHTH r r rr r r rr ma 39 After IiistdllltlG 1 cs s s s ae e n H050 000 EARANN RANOR W4 40 Installation and Configuration Guide 3 Smart Card Ins
22. m the machine s touch ean get eoecepemmt or me mane aa een interface select Logged in User sp Note The Logged in user s credentials are typically used to provide authentication for the SMTP server when Smart Card authentication is enabled c Select Always Use Kerberos Tickets d Select None for automated emails e Select Save Configure Connection Encryption 14 Select SMTP Edit HI n SMTP E mail isd l Frr a Tan SMT catherine E Tere Pile Saa Manmijrrrer rd a Select the Connection Encryption i tab re E Caceyotion Mecham saad ty devices when b Select the required encryption setting c Select Save Configure File Size Management 15 Select SMTP Edit a SMTP E madl Beqired fafermalian SHIP zl bet fallik r1 b ka Dii a Select the File Size Management ta b piaia GE E oe E S NEES biji Be pMa A eed A Ele be ala rmmek Far Ich Splitting Boerdony domet Booster earan Mad Chest io seneerbla ki Note This screen defines how large email payloads are managed b Select the required settings c Select Save 28 Installation and Configuration Guide Smart Card Installation Test Configuration 16 Select SMTP Edit a Select the Test Configuration tab Note This screen allows you to send a test e mail to confirm that all e mail settings are correct b Enter a valid e mail address in the To Address field c Select Send E mail No
23. nd can use these keys for e mail signing and encryption An e mail payload can be signed via the smart card with the user s private key This enables other users to validate the signature with the user s public key which can be obtained from the user or from LDAP This assures the recipient that the content is original and has not been tampered with in transit An e mail payload can also be encrypted with the user s public key via the smart card or LDAP and then sent to the user This offers the benefit that while in transit from the MFD through the e mail infrastructure no one can decipher the contents of the mail note Once in the user s inbox the e mail can be decrypted with the user s private key making the payload readable again 6 Installation and Configuration Guide Smart Card Introduction Supported Card Readers The customer is responsible for providing a card reader for each Xerox device The following card readers are compatible with the solution e Gemplus GemPC USB SL e Gemplus GEMPC Twin e SCM Micro SCR3310 e SCM Micro SCR3311 e Omnikey Cardman 3021 USB e Omnikey Cardman 3121 USB e ActivCard USB Reader V2 with SCR 331 firmware e Cherry ST1044U Other CCID compliant readers may function with the solution but have not been validated Supported Card Types The customer is also responsible for purchasing and configuring the access cards The following card types are Supported e CAC e PIV amp
24. omain Name g Select Save 20 Installation and Configuration Guide Smart Card Installation Enable NTP Service 3 Configure the Date amp Time to update automatically a Select the Network Time Protocol Edit link Lean Serminsons necouting gt Latin Maths ry Domain Controllers The deman camicie on Sha users act card maada t valdai d fet iha Peres The Comain Qorilar jima and the Warga machina time saed fo be prnchronigped Enabling ATP ip heghiy recommended to enpara bma ywe yara nagi configuration Setting e rimary ervar statue tim PE Sete Nek Configures B a b Select the Enabled box to enable NTP c Enter the IP address or Host Name of the Primary and Alternate Time Server Often this can be the same address as the Domain Controller d Select Save Cents meas ENAR ok e View the summary screen and ensure i __ Preparer C Me e j Perwisakeka j Accousting gt tanin Hathada all settings are correct amp Domain Controllers f Select Close TEN EA Installation and Configuration Guide 21 Installation Smart Card Configure Alternate Authentication If Alternate Authentication is not required go to Configure a Security Certificate on page 22 4 If Alternate Authentication is enabled select the Authentication Servers Touch UI Alternate Edit link in the Configuration Settings list to configure the PM EE Stok server TE Q donn het Configu
25. onfigured the Card Reader Detected screen displays on the Xerox device local user interface Smart Card is now ready for use Note If the card reader is not detected refer to Troubleshooting Tips on page 39 for information 34 Installation and Configuration Guide Smart Card Installation Using Smart Card Once the Smart Card has been enabled each user must insert a valid card and enter their Personal Identification Number PIN on the touch screen When a user has finished using the Xerox device they are then required to remove their card from the card reader to end the session For instances where a user forgets to remove their card the machine will end the session automatically after a specified period of inactivity Follow the instructions below to use the Smart Card 1 The Authentication Required window may be displayed on the touch screen depending on your device configuration 2 Insert your card into the card reader 3 Use the touch screen and numeric keypad to enter your PIN and then select Enter 4 If the card and PIN are authenticated access is granted Note If the access attempt fails refer to Troubleshooting Tips on page 39 5 Complete the job 6 To end the session remove your card from the card reader The current session is terminated and the Authentication Required window is displayed Installation and Configuration Guide 35 Installation Smart Card 36 Installation and Configuration Guide Tro
26. ort Cormar Lago Kutheant nebor Sevara lepa Princes Jr a miang pn Meee a Smart Card Inactivity Tiner H paged jira dikl raji Re jl es IQ ee Cee Liar bel ete ity Ham pared athen the tere BE Pa HENE eel kab rane io date and a Magee m pp mal bu eed devl Teng eed det b r ee Phe er pulek ky oe e Configure Acquiring Logged In User s E mail Address 11 26 This section requires you to configure LDAP and SMTP server information If you do not want to configure Acquiring Logged In User s E mail Address settings proceed to Confirm the Installation on page 34 Sirin bakan Frist acme In the Properties tab select the Login Permissions Accounting link Select Login Methods Select Acquiring Logged In User s Address Edit Select the required option for Acquire logged in user s e mail address If you select Auto or Only Network Address Book LDAP click Network Address Book LDAP Edit to configure LDAP server settings Click Add New eline P Seat ages EHRE HAH b cee E Login Methods Tawh L bizi heal beet Laie meen L j ed ised Bere Addon impit Customer Lago juthenboshon Ferver Lege Dyramapssag dila rant g Le Sted a E mad Setup Biper Braai Frege prih bhia Bojh Installation and Configuration Guide Smart Card Installation g At the LDAP Server screen enter a Friendly Name h Enter the IP address or Host Name of the Primary and Alternate LDA
27. oting Smart Card After Installation Problem Possible Cause Solution The login was successful however you LDAP not configured properly or local e Check the authorization method do not have the appropriate access to user permission roles not configured the operation you requested properly The passcode entered was incorrect Incorrect PIN has been entered e Carefully re enter the PIN Caution Consecutive incorrect entries may lead to your card being locked Authentication failed There is a Certificates cannot be read from the e Contact the Registration Authority problem with your card that is card to reload the certificates or get a preventing successful login new card Authentication failed because the Domain Controller IP Address or Host e Verify the server address is entered device was unable to access the Name is incorrect correctly remote server Domain Controller or the authentication sequence failed e Verify the Domain has been properly configured Network error e Check the network cable is firmly connected The number of attempts have been Card has been locked due to failed e Contact the Registration Authority exceeded login attempts to reset the PIN or to get a new card Server Certificate Failed This is usually because the device does Ensure all the chain of trust Authentication failed because the not trust the certificates on the Smart certificates are imported on the remote server Domain Controller
28. re Secure Print Settings is available in the System Administrator Guide Configure the Print Driver Your print driver can be configured to pull the user s name alias from the smart card certificate or from the Windows Operating System To configure the print driver to pull the users name from the smart card certificate follow these instructions 1 Install your Xerox Print Driver Instructions are Merox WorkCentre 5855 PCL6 Properties am available in the System Administrator Guide a Access Properties for your print driver b Select the Administration tab FE Administration Settings a B Configuration File c Select Enabled from the Access and ae Verification drop down menu Be s Configurations Language Use System Language d Select OK Secure Print Only Disabled Secure Print via Login Name Disabled j i Document Tray Remapping Note If Hold All Jobs or Secure Print Driver Defaults Appiy AE SE ATA anes ARADA diaya na i are configured at the MFD they may override the u Earth Smart Features Show Banner Pages Option settings configured in your print driver Refer to p a Wr wan Hez kay aA OTITICAaTION Configure Hold All Jobs on page 32 and Configure Job Notification Disabled Secure Print Driver Defaults on page 33 B Hep Help Installation and Configuration Guide 33 Installation Smart Card Confirm the Installation When the card reader and the software has been installed and c
29. red Eman Card eaetiyiby Tev Teu h ij ez Dpi Cerlguared doqajarirg Logged in Users E mel address Teusch oe Cphonal Conhgered PP optional Configured Teuch UI Akkerma r Redqulr d Hot Configured a Select the Authentication Type gerties ss 7 Patan 7 Renin Hal Authentication Servers from the drop down menu b Select Add New c Enter the required Domain or Realm Select either IP Address or Host aah Parmaan Accenta Lamia Maiada Aathantcatinn Saryar Name and enter the server details owen enan E Kerberos Server For most installations the Alternate Authentication server will be the same as the Smart Card Domain Aeron Mehe a Controller l E E IF Addrana Port a e Select Save f Select Close Configure a Security Certificate If you require the MFD to be configured for certificate validation complete this section The following instructions are included e Create a Device Certificate on page 23 e Import a Certificate Authority Certificate on page 23 e Install a Domain Controller Certificate on page 24 If certificate validation is not required go to section Configure Smart Card Inactivity Timer on page 26 22 Installation and Configuration Guide Smart Card Installation Create a Device Certificate The device automatically creates a self signed certificate Complete this section if you want to create a new device certificate 5 To create a new device certificate a Inth
30. s to have an Z Scan Address Sook meee KE alternative method of TEAT Touch and Web Usar Interiaces authentication select User aanert Selo E E nan Name Password from the Alternate resin rermissions aJ Eze Touch UI Method drop down menu sn Femnazene HEBIN Aheraz n Tausch UT ratkoi D inad l z S User Hame Pasrwd Validate on the Network Wt mould Luse this g If you require the device to use the E pservices mail address registered to the ZE SA authenticated user select the ZE Personalize Touch UI checkbox Personalize Touch UI h Select Save F Automatically retrieve the following infonmaten for the suthentcated user from LOAF H me directors for thee Scan io Home pervece i In the Smart Card Enablement Sr PSE REE super area enter the unique Feature nanna vU Sal Descnecenen Enablement Enablement Key provided on the General Setup pio A Connectivity INSI de cover of th e S mM art Ca rd Lagin Permissions Thi k a purchaied option pleata enter the Feature Enablemagnt Key found in your Smart Card Desum ntati n Accounting Enablement Guide User Fermarera j Select Next reo taa nriiy A confirmation message is displayed Status iobs Print Scan Address m Sensor tegen Ji Permissions JEL Gazel ir k Select Next The Smart Card settings a Enablement are now ready for configuring Connectivity Loginf Permissions f Feature Enablement Key has been a
31. tallation and Configuration Guide ntroduction The Smart Card solution brings an advanced level of security to sensitive information Organizations can restrict access to the walk up features of a Xerox device This ensures only authorized users are able to copy scan e mail and fax information Once validated a user is logged into the Xerox device for all walk up features The system allows for functions to be tracked for an added layer of security This guide explains how to install and configure the Smart Card solution It identifies the resources and equipment required to complete a successful installation Should you require any further information please contact your local Xerox Representative Installation and Configuration Guide 5 Introduction Smart Card Smart Card Feature Overview Authentication Xerox offers a feature called Smart Card authentication This enables users who possess smart cards to use them for network authentication at the multifunction device MFD Smart cards contain the user s Identity Certificate along with their public and private key This enables the MFD to perform a Kerberos authentication to the Windows Active Domain Controller which originally issued the Identity Certificate The Smart Card feature was developed to support CAC smart cards and has been extended to support PIV NET Access Client Rijkspas and other smart cards This document describes the configuration settings for these sm
32. te If the SMTP settings are correct the screen will display a success message and an e mail will be received at the address d Select the Required Information sems o o ee tab seer tat Qn a es Ge ee e Required Settings Configured displays to confirm required settings are configured f Select Save Configure General E mail Settings 17 Inthe E mail Setup screen select the General tab a Enter the required information to display in the Subject of an e mail sent from the MFD Papas ope Te etched Ki e yareb b Select the required information to ww za ver Lager Hera Kama n displqy in the Messqge Body an eat strana A eis of eae ore c Enter the information to be included sans i Tye Tye in the Signature d Select the required option for printing a Confirmation Sheet from the drop down menu Select Enabled for Auto Add Me if you want the MFD to automatically add the logged in user s e mail address to the To field f Select Enabled for Only Send to Self if you want the MFD to only send e mails to the user who is logged in at the MFD g Select Apply Installation and Configuration Guide 29 Installation Smart Card Configure Address Books 18 Select the Address Books tab a LDAP was configured in a previous step If you require the Device Address Book select the Device m Address Book Edit link panem taraen neyen aam nici coor E b Configure the Device Address Book
33. ubleshooting For optimal performance from your card reader ensure the following guidelines are followed e The Card Reader is only compatible with network connected products e Ensure the Card Reader is plugged into the Network Controller Refer to Connect the card reader to the Xerox device on page 17 for instructions e Do not position the Card Reader in direct sunlight or near a heat source such as a radiator e Ensure the Card Reader does not get contaminated with dust and debris Installation and Configuration Guide 37 Troubleshooting Smart Card Fault Clearance When a fault occurs a message displays on the User Interface which provides information relating to the fault If a fault cannot be resolved by following the instructions provided refer to Troubleshooting Tips on page 39 If the problem persists identify whether it is related to the card reader device or the Xerox device e For problems with the card reader device contact the manufacturer for further assistance e For problems relating to the Xerox device contact the Xerox Welcome and Support Center The Welcome and Support Center will want to know the nature of the problem the Machine Serial number the fault code if any plus the name and location of your company Contact Xerox using the numbers 1 800 ASK XEROX or 1 800 275 9376 Locating the Serial Number e Press the Machine Status button on the Control Panel The Machine Information tab is d
34. uthorized Accouniing Smart Card z n w enabled Note No services will be restricted until faa ies raed Services Smart Card has been fully configured using sesa Internet Services Selat Next to complehe required configuration steps Installation and Configuration Guide 19 Installation Configuring the Smart Card Smart Card Once the Smart Card feature has been enabled on the device it can be configured using Internet Services Configure Smart Card Authentication Follow the instructions below to enable and configure the Smart Card 1 Inthe Internet Services Login Permissions Accounting menu ensure you have the Login Methods link selected 2 Enter the Domain Controller details for the authentication server a Select Domain Controller s Edit from the Configuration Settings list Note Initially the Domain Controller s will be empty and the NTP server will not be set b Select Add Domain Controller c Select Windows Based Domain Controller or leave this box unchecked to select Linux Based Domain Controller d Select either IP Address or Host Name and enter the Domain Controller details If you enter the Host Name this must be the fully qualified Host Name Conhgurttes tees Gescniption General Setup Connectivity Login Permissions pee m Permipsions Accounbreg Hetrod Dad Umer Dab bA Services Security Conkgurstion Swerve General Setup orange inity Login g
Download Pdf Manuals
Related Search