Configuring authentication

By enabling authentication at this level (by selecting this tab), the user is enabling authentication at a global level. This authentication procedure will be used for all devices. The user does also have the option of enabling authentication at the group level.

These settings do not control authentication to the MFP, they are used for authentication with AutoStore.

  1. Click the Authentication tab.
  2. On the drop down menu for Authentication Type, select the authentication method you want to use:
    Option Description
    None Select this option to not have the device prompt for credentials. All users have access to all workflows.
    Windows Select this option to use Windows authentication. Unless the device is setup for SSO, this will prompt the user for a Windows user name, domain and password. In the Domain box, enter the name of a Windows domain to be used as the default domain for authentication. If attributes other than email address are needed, see LDAP Lookup Settings dialog box on how to setup LDAP.
    Custom Script The administrator has full control over the prompts that will be presented to the user as well as how the prompts are validated. In the Script File Path box, specify the script to be used for authentication.This option can be used with device SSO. For more details, see Custom Scripting authentication.
    Azure Active Directory

    Select this option to use Azure Active Directory authentication.

    Azure AD is only possible when Equitrac or Output Manager authentication is available and configured, or the device is configured to provide the user identity to ControlSuite through SSO.

    This option uses the pre-configured Azure AD configuration set in Control Suite Configuration Assistant for authentication.

    At runtime, the Unified Client retrieves user identity from the device and sends it to Auto Store. AutoStore validates it against the pre-configured Azure AD domain and user group membership. If the Unified Client cannot retrieve user identity from the device, the identification fails.

    The following information applies to all authentication types except Azure Active Directory:

    • You can restrict forms and use the same authentical level as the Windows authentication option, but you cannot prompt for credentials.

    • LDAP may be used for authentication of lookup data.

    • If a device is setup with SSO, AutoStore attempts to use that data to authenticate. If it fails, the user needs to fill in additional fields to complete the authentication process.