Xerox Xerox Secure Access Unified ID System Support & Software Administrator's Guide
Configuration & Management
Xerox Secure Access Administration Guide
28
Setting Authentication Parameters
Before you import user accounts, you need to configure the Core Authentication Server to validate the
accounts against primary and secondary accounts PINs. PIN information connects a Secure Access
user account with the information on a swipe card.
accounts against primary and secondary accounts PINs. PIN information connects a Secure Access
user account with the information on a swipe card.
The primary PIN is the numeric sequence that uniquely identifies the user, and is typically the card
number. To enter the primary PIN, the user simply swipes their card.
number. To enter the primary PIN, the user simply swipes their card.
If you prefer an additional layer of security, you can also enable secondary PINs. When enabled, the
user must first swipe their card, then they need to enter an additional “password” on the front panel of
the MFP. Only when both the data on the swipe card and the secondary PIN password is
authenticated, will the user have access to the MFP.
1. In Secure Access Manager, select Configuration > Authentication device settings.
2. In the Authentication mechanisms section, select one or more authentication mechanisms:
user must first swipe their card, then they need to enter an additional “password” on the front panel of
the MFP. Only when both the data on the swipe card and the secondary PIN password is
authenticated, will the user have access to the MFP.
1. In Secure Access Manager, select Configuration > Authentication device settings.
2. In the Authentication mechanisms section, select one or more authentication mechanisms:
• Leave Secure Access PINs selected only if you want to connect a Secure Access printing
account with logon information.
• Enable External user ID and password only if you are using swipe cards to verify all user
information outside of Secure Access.
• Enable Secure Access PIN with external password if users will swipe their cards for
identification, but must also enter their Secure Access domain user account password. Secure
Access will cross-check the database for the corresponding account name, then verify the
account against the selected external authority for network logon.
Access will cross-check the database for the corresponding account name, then verify the
account against the selected external authority for network logon.
Note:
If you select an external authentication mechanism, the Enable secondary prompt field is
enabled automatically. External authentication cannot occur if the Secondary PIN information is
empty.
empty.
3. In the External authorities section, select one or more external authorities only if you selected a
corresponding authentication method:
• Select Windows to validate accounts against a default Windows domain. Type the domain
name in the Default domain field.
• Select NetWare to validate accounts against a default NetWare context. Enter the name in the
Default context field.
Note:
You must install the Novell NetWare client for Windows on the Core Authentication Server if
you plan to validate against a NetWare context.
• Select LDAP to validate accounts against a default LDAP server. Type the LDAP server name,
then choose an LDAP type from the list. Select Force SSL encryption if you want use Secure
Socket Layer encryption.
Socket Layer encryption.
4. In the Card setup section, do the following:
a.
Enter the start and stop data position in the respective fields. The data retrieved from these
positions will be used as the primary PIN.
positions will be used as the primary PIN.
b.
Click <None> beside HID decoding if you are using an HID Proximity card reader. The
Authentication Devices must be configured to return card information in a standard format.
Authentication Devices must be configured to return card information in a standard format.
For details on entering the decoding parameters, see