Integration with MFP authentication

This type of authentication is called also as SSO or Single Sign On. While AutoStore authentication only impacts access to AutoStore, device authentation impacts access to the entire MFP. If the device has been setup with authentication, either provided by Kofax or another third party like CAC, the Unified Client uses this information to authenticate AutoStore.

This type of authentication has the following properties:

  • ~SenderRRT variables use device credentials if the Unified Client has access to that information. It does not depend on the authentication method selected in AutoStore

  • The Launcher screen of the Unified Client is shown as the start page after logging in and starting the Unified Client application. Some platforms allow you to automatically start the Unified Client after login.

  • If the MFP authentication mechanism does not populate all the required fields, the user may see Windows prompts or the Launcher screen upon starting the Unified Client

  • If the AutoStore authentication uses a custom script, and the authentication is successful, the Launcher screen appears as the start page after starting the Unified Client. If the authentication fails, an error message is shown, and the user can enter the credentials.

  • On MFPs where the Unified Client controls device authentication, the starting screen can be selected. For more details, see the client specific guides.

The following options are available:

  • Using no authentication (option None in the Authentication tab):
    • The user will be taken directly to the device menu.
    • ~SenderRRT variables will use device credentials.
  • Using Windows authentication ~SenderRRT variables will use device credentials and the user will be taken directly to the device menu in the following cases:
    • The device has been configured to use Windows authentication.
    • The device has been configured to use third-party authentication that passes valid Windows credentials (name and domain). If the domain is not passed, then the user must be in the default domain that has been configured for Windows authentication.

    In any other cases the user will be prompted for credentials.

  • Using an authentication method based on a Custom Script:
    • If the custom script has prompts configured, the user will be shown a login screen where the specified prompts must be re-entered. The associated script will have access to device credentials in addition to the prompt information.
    • If the custom script does not have prompts configured, the initial login screen is skipped and the associated custom script is invoked immediately and the associated script will have access to the device credentials. If the result of the script is that authentication is not valid, then the user will see an error message. At this time the only option for the user will be to Exit. If the authentication is valid, ~SenderRRT variables will use credentials based on the results of the script execution.