Canon Paper Shredder 2.1 imageRUNNER ADVANCEController Security, 2.2 Authentication

2.1 – imageRUNNER ADVANCEController Security

The imageRUNNER ADVANCEseries is built upon a new platform that provides powerful

enhancementsto security and productivity. The new architecture centers on a new operating system

powered byan embedded version of Linux, which is quickly becoming the most widely adopted

platform for sophisticated devices. The source version used byimageRUNNER ADVANCEdevices has

been hardened byremoving all unnecessary drivers and services so that only the ones essential to its

operation are included.

2.2 – Authentication

Canon imageRUNNER ADVANCEsystems include a number of authentication options which

administratorscan use to ensure that only approved walk-up and network-based users can accessthe

device and itsfunctions, such as print, copy and Scan and Send features. Beyond limiting accessto

onlyauthorized users, authentication also provides the ability to control usage of color output, and

totalprint counts by department or user.

DepartmentID Mode

An embedded feature within imageRUNNER ADVANCEsystems, the Department ID

Managementmode permits administrators to control device access. If Department ID

authentication isenabled, end users are required to enter a password before they are able to

accessthe device. Up to 1,000 Department IDs can be configured and each can be configured

with device function limitations, such aslimiting, printing, copying and access to Advance

Boxes, MailBoxes and facsimile.

Accessto Advanced Boxes, Mail Boxes, and Scan and Send (ifapplicable) can each be turned

“On” or “Off” from the LimitFunctions screen located under Department ID Management.

The settingscan be made under Settings / Registration > Management Settings > User

Management> Department ID Management.

Single Sign On (SSO) and SSO Hybrid (SSO-H) Login

Single Sign On (SSO) isa MEAP login service that can be used stand-alone with user data

registered locallyon the device or in conjunction with an Active Directory (AD) network

environment. SSO supportsthe following modes:

• Local Device Authentication – with credentials stored in the device

• Domain Authentication – in this mode, user authentication can be linked to an

Active Directoryenvironment on the network

• Domain Authentication + Local Device Authentication

When used in Domain Authentication mode, a user mustsuccessfully authenticate using valid

credentialson the system’s control panel, Remote UI utility, or web browser when accessed via

a networkprior to gaining access to any of the device functions.

SSO shipsstandard with MEAP capable imageRUNNER ADVANCE systems and can supportup

to 200 trusted domainsplus the users that belong to the same domain as the device.

White Paper: Canon imageRUNNER ADVANCE Security

Section 2 — Device Security