Chapter 1111-34entered using the MEAP device touch panel display and Remote UI.SSO-H (Single Sign-On-H) overviewThis is a merger of the existing SDL and SSO login services and has the following features.- Both the domain authentication and local device authentication login services can be used.- There is no need to have a separate SA server.- Login is not via SA, so SSO-H refers directly to DNS for authentication.- Kerberos and NTML protocols are supported.- The following three authentication methods may be selected from.Domain authenticationLocal device authenticationDomain authentication + local authenticationSSO overviewThis is a login service that can be operated on the Active Directory environment network domain and on iR devices. The following user authentication methodscan be selected from.Domain authenticationLocal device authenticationDomain authentication + local device authenticationAuthentication methodsBoth SSO-H and SSO can use multiple authentication methods, and the user can toggle between them from a Web browser. (Refer to the MEAP AuthenticationSystem Settings Guide 'User Authentication Method Settings'.)Domain authenticationThis is a form of user authentication which operates in collaboration with the domain controller on the Active Directory environment network and, as soon as theiR device is logged into, carries out authentication of the domain on the network. In addition to users belonging to the domain that includes the iR device, usersbelonging to domains that have a reliable relationship with the domain (multi-domain) can also be authenticated. The domain name of the login destination can beselected by the users themselves upon login.The function makes use of options Net Spot Accountant/ iW Accounting Manager/ iW EMC Accounting MAnagement Plig-in to enable analysis and managementof the iR device usage status.Depending on the login service, different protocols are used.- SSO-H- Kerberos:LLS/RLS/ILS- NTLMV2:WLS(Web Service Login Service. WLS can only be used in collaboration with iW AMS Ver2 AMS printer driver add-in and iWEMC usermanagement plug-in.)- SSO- NMTLM onlyUser information acquisition is done by LADP, so the Active Directory LDAP port needs to be made accessible.If LDAP connection fails, the authentication will end in error.No. of supported domains: 200 (unchanged from SSO)Site access supported.Differences from conventional SSO- The system configuration is different from previous SSO, so individual management is required.- If MEAP is supported, installation into devices prior to SSO-H release is possible.- Data porting of user information that was being used with the earlier SSO local device authentication and SDL can be done by exporting/ importing. However,application settings information cannot be ported.SSO was pre-installed in earlier released devices, but from iR3245 onward it will only be provided with the Administrator's CD.The factory shipment setting is 'Domain authentication + local device authentication'. In order to provide increased security, as soon as SSO is used, it is recommendedthat the administrator's user name and password in local device authentication be changed from the factory shipment settings as soon as possible.
