Authentication tab

Authentication type and parameters for the selected type are specified on this tab.

Option Description
Authentication Type Choose the authentication method to be used.
  • None — No authentication method will be used.
  • Standard — Uses Active Directory or an LDAP server to authenticate users. After you select this option, configure the Standard Authentication and User Info Lookup settings.
  • NetWare — Uses NetWare authentication. After you select this option, configure the NetWare Authentication settings.
  • CustomPlugin — Administrator defines prompts for authentication for a custom application. After you select this option, configure the Plug-in Authentication settings.
When authentication is enabled, the Use SSL option located on the Preferences tab is automatically selected.
Standard Authentication Standard authentication is used to authenticate a user in the following cases:
  • Against the Active Directory domain which the AutoStore server is a member
  • Against the local user database of a standalone AutoStore server (workgroup environment)
  • Against another LDAP server

Choose the correct option for your authentication environment:

  • Windows Bind — This option is selected by default. If authentication occurs within the same Active Directory domain, the entry for Server or LDAP Path can be omitted. If authenticated against the local user database, the LDAP path should contain WinNT://AutoStore_server_NETBIOS_name.
  • Simple Bind —This option is used for third party LDAP servers. The full LDAP path is required in the format LDAP://ldap_server:port. Check with your system administrator if you are uncertain about what path to use. These are the default LDAP ports:
    • Standard LDAP: 389
    • Active Directory Global Catalog: 3268
    • LDAP over SSL: 636
    • Active Directory Global Catalog over SSL: 3269

For either Simple Bind or Windows Bind, you can select the following options:

  • Fast Bind — Select this check box to have the Active Directory or LDAP server return a limited set of user attributes to the workflow. If you do not select this check box, all user attributes are returned to the workflow server.
  • Use SSL — Select this check box to encrypt communications between the workflow server and the Active Directory or LDAP server. If you do not select this check box, the connection will not be encrypted. To use this option, a server certificate for the LDAP server has to be installed on the server.
  • Server Bind — If this option is disabled, the Active Directory Server will attempt to connect to the DNS server in order to resolve the IP address of the Workflow server.
NetWare Authentication This authentication method prompts the user for a NetWare user name, password, context and tree.
  • NDS Tree — Enter the default NDS tree.
  • NDS Context — Enter the default NDS context.
If the device uses its own/custom OpenAPI authentication application, the user name is passed to the server and made available in the corresponding RRT.
Plug-in Authentication When CustomPlugin is selected for Authentication Type, the administrator defines prompts that are displayed to the user. An event is sent to the server when a user logs in. The administrator must provide the .NET plug-in DLL that responds to the event.
  • Snap-In path — This is the path to the compiled Snap-In (.NET assembly) that contains the code to respond to form and field events. You can click the browse button (...) to locate a .NET assembly file containing an existing Snap-In.
  • Source path — This is the path to the source code of the Snap-In created by the built-in Snap-In editor. You can use this option to compile a source file at startup instead of using the Snap-In path for a compiled assembly.
  • Create/Edit Snap-In — Click this button to create or edit a Snap-in DLL. A sample custom script is available with this component. For details about the code editor window and the object model, click the Help button in the code editor to refer to the Konica-Minolta Capture Component Snap-in Documentation.
  • Prompt — Enter the prompts that will be displayed to the user.
    • Name — The name of the prompt.  This is also serves as the reference to the prompt.  It is used to access the collection of prompts in the script.
    • Label — The label that will be displayed on the MFP for the prompt.  If no label is given, the Name will be used.
    • Default — The default value for the prompt.
    • Required — If the option is checked, an entry for the prompt is mandatory.
    • Masked — If the option is selected, the text box for the prompt will be in masked mode.
Use MFP Authentication to obtain User Credentials Select this check box to prevent the AutoStore authentication dialog box from being displayed on the MFP if MFP native authentication or third-party authentication is used (such as card authentication), but at the same time allows the use of custom authentication scripting capabilities for authorization purposes.

This can be useful when the MFP is using third-party card authentication. In the authentication script we are checking whether the provided user name belongs to a certain group and we want to be able to use the name of this group in the Restricted Access section of the form.

In order to achieve this, we need to:

  1. Select custom authentication.
  2. Enable Use MFP Authentication to obtain User Credentials by checking the box.
  3. Create a snap-in script.
  4. Perform the necessary checks inside "authenticate" method (the user name is passed as a parameter).
  5. Add the desired group name to the Groups collection of UserInfo object.
  6. Use the desired group name in the Restricted Access section of the form.
Use LDAP Search to Retrieve Email Select this check box to have the server look up the email address and other attributes of the authenticated user on a designated LDAP server. Click the Configure button to configure the LDAP settings in the LDAP Lookup Settings dialog box. For information about specifying the LDAP server settings, see LDAP Lookup Settings Dialog Box.