Configure authentication prompts

The user authentication prompts on the MFP login screen are determined by your Equitrac configuration.

  1. In System Configuration select Global Configuration Settings > Security and Authentication > User Authentication.
  2. Click Authentication Options from the left menu.
  3. In the User Input > Device clients section, set how users log in at a device.
    At least one login method must be enabled, but both can be enabled and configured.
    1. Select Allow card swipe login if you want users to be able to authenticate with a swipe card.
    2. Select how the user authenticates at the device with a registered card from the Require additional authentication with Equitrac password list.
      • Disabled - No additional Equitrac password is needed when logging on with a swipe card.
      • Enabled - The Equitrac password is needed when logging on with a swipe card. The device client displays the password prompt. If Enabled, decide if users Require password only if PIN2 available. If this PIN2 check box is selected, the user must enter a secondary PIN if they have a PIN 2 value associated with their user account. Users with a PIN 2 value will be prompted to enter it. This option only applies to select legacy devices.
    3. Select Allow keyboard login if you want users to enter their credentials using the MFP keyboard.
    4. Select how the user authenticates at the device with the keyboard from the Equitrac authentication list.
      The keyboard login cannot be set to less strict than the card swipe login. For example, if the password prompt is enabled for card swipe login, then login without password cannot be set for the keyboard. However, if login with password is enabled for the keyboard, then login without password can be set for card swipe.
      • Enabled with password prompt - The Equitrac password is needed when logging on with the keyboard. The device client displays the password prompt.

        If using the Enabled with password prompt, you can select one or both of the available options.

        • Require password only if PIN2 available. If this check box is selected, the user must enter a secondary PIN if they have a PIN 2 value associated with their user account. Users with a PIN 2 value will be prompted to enter it. This option only applies to select legacy devices.
        • Deny login with empty password. If this check box is selected, the user must enter a password in order to access the device. If the password field is empty, then authentication fails.
      • Enabled without password prompt - No additional Equitrac password is needed. The device client displays only the username prompt.
  4. In the User Input > Workstation clients and Web client section, set the client authentication methods.
    At least one authentication method must be enabled, but both can be enabled and configured.
    1. Select the client login options from the Equitrac authentication list.
      • Disabled - Login with Equitrac credentials is not allowed. The workstation client Prompt for Login dialog and the Web Client user login page do not display the username prompt.
      • Enabled with password prompt - The Equitrac password for the user is needed for authentication. The workstation client Prompt for Login dialog and Web Client user login page display the password prompt.
      • Enabled without password prompt - No additional Equitrac password is needed. The workstation client Prompt for Login dialog and Web Client user login page display only the username prompt.
      Mac clients require Equitrac authentication. Therefore, if the Disabled option is selected, the Enabled with password prompt is used by default for the Mac Clients.
    2. Select how Azure AD authentication works from the Identity provider list.
      • Disabled - Azure AD authentication is not allowed.
      • Enabled - Azure AD authentication is allowed. The workstation client Prompt for Login dialog and Web Client user login page display the Azure AD login option.
      If both Equitrac and identity provider authentication are enabled, the workstation client Prompt for Login dialog and Web Client user login page display both the username prompt and the Azure AD login option. The user can use one of them.
  5. In the Equitrac Authentication section, select one or more authentication method.
    At least one authentication method must be enabled, but any combination can be selected.
    • Equitrac primary or alternate PIN with secondary PIN - This allows login with only Equitrac PINs. The username can be either the primary PIN or the alternate PIN (typically used at card swipes) and the password is the secondary PIN.
    • External username and password - This allows login with an external user account outside of Equitrac. The credentials are validated with the configured AD/LDAP external authentication settings.
    • Equitrac primary or alternate PIN with external password - This allows a mixed login. The username can be either the primary PIN or the alternate PIN (typically used at card swipes). The password is validated with the configured AD/LDAP external authentication settings.
    Equitrac cross-checks the database for the corresponding Equitrac account name, then verifies the credentials against the selected external authority for network logon. See External User Authentication for details.
  6. In the Card Registration section, select what type of authentication is needed to register a new card.
    At least one login method must be enabled, but both can be selected.
    • Equitrac authentication - This allows Equitrac authentication for card registration. The device client displays the username and password prompts.
    • Identity provider - This allows Azure AD authentication for card registration. The device client displays the Azure AD login option.
    If both the Equitrac and identity provider authentication are allowed, the device client displays both the Equitrac username/password prompts and the Azure AD login option. The user can use either one for authentication.
    Even if Equitrac authentication is not set for card registration, it will be enabled by default for older clients that do not support Azure AD only if card registration is enabled. The regular card registration screen (Equitrac PINs or Windows) will display for older clients.
  7. Select where to store the number of a newly registered card from the Card number storage list.
    • Do not allow card registration - If an unknown card is swiped, an authentication error occurs.
    • Store as primary PIN - The card number is stored in the primary PIN field.
    • Store as alternate PIN - The card number is stored in the alternate PIN field.
  8. Select Store secondary PIN encrypted check box if you want the secondary PIN to be encrypted in the database.
  9. Click Card Setup from the left menu, and determine the User authentication card setup. For details on entering the decoding parameters, see HID Decoding.
  10. Click Save to save the settings.