Authentication configuration

When used with Equitrac and Output Manager, the Unified Client for Xerox supports all authentication methods:

  • Primary PIN

  • Secondary PIN

  • Alternate Primary PINs

  • User ID and password

  • Domain user ID and password

Note the following when setting up PINs:

  • To display a single prompt, set the Secondary Prompt to Never.

  • If the Secondary PIN is a required field, make sure that you enter a valid value. If the field is ignored, the device may still log you on because null is considered as valid.

In DRS, you can configure authentication as on or off. Depending on this configuration, the following happens:

  • When authentication is on, the following happens:

    • The Unified Client for Xerox (specifically with Equitrac or Output Manager) manages authentication to the device.

    • The Unified Client for Xerox becomes the top-level authentication provider over other embedded apps loaded on the device.

    • The Unified Client for Xerox is the default embedded application on the device. When the device is powered on or returns from sleep, the Unified Client for Xerox starts automatically.

    • After users log on, they go to device's Home screen (with the default configuration for decentralized workflows) or the Unified Client for Xerox Launcher screen (with the centralized workflow option).

    • When the user logs off from the device, the device screen returns to the first screen of the Unified Client for Xerox.

    • If you are using IPv6, Xerox requires a working DNS and does not work with static IPv6 addresses with Authentication set to On. Xerox Convenience Authentication does not support IPv6 using static IPv6 addresses. Therefore, to use any supported Xerox device with the Unified Client for Xerox in control of the authentication, use either IPv4 addresses or host names for the address of DWS. Host names can resolve to an IPv6 address.

  • When authentication is off, the Unified Client for Xerox does not manage authentication, and any other third-party authentication provider must be used. If Common Access Card (CAC) authentication is used as an authentication provider, and you logged on with CAC and clicked a Unified Client for Xerox button, you may be prompted to log on to AutoStore.

    Xerox provides additional fields when Authentication is Off with device authentication, CAC or Smart Card third-party authentication. The values for these fields come from the Xerox platform and are populated by the Xerox device, such as device authentication, CAC or Smart Card. These values are not used by the Unified Client for Xerox. They are made available for customers to use custom authentication scripting when they need these values for their implementation. In this situation, customers must select Custom Authentication in AutoStore.

    The Unified Client for Xerox uses the Xerox-provided UserId, Domain, and Email address to pass to AutoStore when configured with Windows and None authentication. For Windows authentication, the information is used for authentication. For None, these values are passed.

In addition to the DRS configuration setting, you can select one of these authentication configurations for AutoStore:

  • None. No log on is required.

  • Windows. If the user credentials are valid, no log on is required. If the credentials cannot be validated, the user is prompted to log on by specifying their user name, password, and domain.

  • Custom Script. Users can configure a script in AutoStore to perform custom validation. Any authentication prompts included in the script appear. CAC typically uses Custom Script authentication.

Note the following when using an admin user:

  • If you created a Equitrac or Output Manager user with the name "admin" to have admin rights, it is handled differently by Xerox devices. If you log on as "admin" on a Xerox device, the device takes over authentication and prompts you for the device admin password. The device authentication does not communicate with ControlSuite.

  • If you change the admin password on the device, in DRS, select the Unregister Client action for the device. After the process is finished, select the Register Client action on the device again.

The Unified Client for Xerox resets if authentication has been idle for one minute.