CAC Authentication and Equitrac MEAP Authentication solution

Unified Client for Canon supports Advanced Authentication Common Access Card (AA CAC) that has authentication capabilities and prevents unauthorized access to MFPs with all supported applications (AutoStore).

For more information, see relevant Canon documentation: Advanced Authentication CAC Version 1.8 Installation and Configuration Guide and Advanced Authentication CAC Version 1.8 User's Guide.

A US Department of Defense (DOD) CAC authentication solution provides US federal government customers with the ability to use their exiting ID cards with the solution, increasing user satisfaction, security and productivity.

The AA CAC authentication solution provides the following benefits:

  • Easy to use turn-key solution.

  • Holders of a valid CAC can perform copy, scan, fax, and/or document server functions.
  • Card Only/Keyboard Only and Card and Keyboard solutions are supported by AA CAC (see Advanced Authentication CAC Version 1.8 User's Guide).



  • The Equitrac Authentication is supported by the Canon Unified Client.
Upon successful authentication, the MFP is unlocked for use.

For more information on how to install and operate AA CAC or on how to install Smart Card Service in order to operate the AA CAC, see Advanced Authentication CAC Version 1.8 Installation and Configuration Guide and Advanced Authentication CAC Version 1.8 User's Guide.

For more information on how to install Smart Card Service in order to operate the AA CAC, see Smart Card Service Version 4.4 Installation and Configuration Guide.

In all cases, after the login using any third party Authentication Application (AA CAC or Equitrac), the same user name will be used by Canon UC to login into the AutoStore Workflow.

There is no required configuration option in the Canon UC client to integrate with CAC or Equitrac. Once the device is configured with AA CAC (or Equitrac) and the Canon UC client is installed and configured, the client will pick-up the User ID and email made available on the device by the login process. The Canon UC client will validate the userid with the AutoStore server and perform SSO if the userid is accepted by the AutoStore server, which will depend on the CAC server domain and AutoStore server domain and authentication configuration.

AutoStore has the following Authentication Types under Authentication in Unified Client: None, Windows, and Custom Script.



If the type is None any authenticated user can see the workflow without additional authentication.

If the type is Windows and Domain is the same domain used by the third party (or AA CAC):

  • The user is recognized and it is the same user on Windows and the user provided by the third party (no additional authentication needed) SSO.
  • The user provided by third party (or AA CAC) is not recognized - additional authentication screens are displayed by Canon UC.

If the type is Script - only the user name is provided to the Script from the third party, the password is never supplied.

  • If the user name is enough for validation and the user name is valid (no additional authentication needed) SSO.
  • If the user name is NOT enough for validation - additional authentication screens are displayed by Canon UC.

From the Canon UC point of view, there is no difference between AA CAC, EQ Login Application or any other Authentication Application.

The SSO/no SSO decision does not depend on the type of the authentication, but only on the result of authentication.