When the AccessManagement System has been enabled, users mustlog in to the device using SSO
user authentication. AccessManagement System supports authentication through local device
authentication aswell as Active Directory using SSO-H*, which includes support for Kerberos
Authentication. Once a user logsinto the device with their user name and password, the device
can determine which rolesare assigned to that particular user. Restrictions are applied based on
the assigned roles. Ifan entire function is restricted, it will appear grayed out to the user after
authentication.
Function LevelAuthentication
Canon imageRUNNER ADVANCEsystems offer the ability to limit the use of specific functionsby
authorized usersby requiring authentication to use sensitive functions with Function Level
Authentication. Function LevelAuthentication is a part of Access Management System and workswith
SSO-H for authentication. Itenables administrators to choose precisely which functions are permitted
bywalk-up and network users without entering credentials versus the ones that require a user to
login. For example, administratorsmay choose to allow all users to make black-and-white copies
while prompting usersto login if they choose to output color or use the Scan and Send function.
Scan and Send Security
On devicesthat have Scan and Send enabled, certain information such as faxnumbers and e-mail
addressesmay be considered confidential and sensitive. For these devices, there are additional
securityfeatures to prevent confidential information from being accessed.
AddressBook Password
Administrative and individualpasswords can be set for Address Book Management functions.
A system administrator can define the specificAddress Book data that can be viewed byusers,
effectivelymasking private details. This password may be set separately so individuals other
than the System Manager can administer the AddressBook.
Bysetting a password for an Address Book, the ability to Store, Edit, or Erase individual and
group e-mailaddresses in the Address Book is restricted. Therefore, only individuals with the
correctpassword for an Address Book will be able to make modifications.
Thissame password is also used for the Address Book Import/Export function through the
Remote UI utility.
9
White Paper: Canon imageRUNNER ADVANCE Security
* Requires imageWARE Enterprise Management Console and the Access Management System Plug-In when authenticating through
Active Directory.
Section 2 — Device Security