Authentication (access) methods
PaperCut MF offers several methods to authenticate users. The authentication methods supported by the device are listed on the Device Details page in the External Device Settings area, under Access methods:
Username and password - This is the default authentication method. Users authenticate using their domain/ network username and password as specified in an external user directory source such as Active Directory or LDAPThe Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and modify Internet directories. The LDAP directory service is based on a client-server model. (except for internal users; see Internal users (users managed by PaperCut NG/MF)).
Identity number - Users authenticate using their ID number. For more information, see User card and ID numbers.
- Require PIN - Users authenticate using their ID number and the PIN associated with the ID number. Users can use an ID number with or without a pre-set and associated PIN. If using an ID number without a pre-set and associated PIN, users are prompted to set a valid PIN to associate with the ID number. You might also want to set the advanced config keyA config key stores information about a specific advanced setting in PaperCut. Config keys are editable by an administrator in the Config Editor. ext-device.allow-new-pin-for-id-num Using the Advanced Config Editor.
- Mask identity number - You can set the Identity number to be masked as the user enters it into the copier (like masking a password when it's entered). This is particularly useful when the user doesn't have a PIN.
- Swipe card - Users authenticate using their registered swipe card (for example, magnetic strip, smart card, or RFID).
Require PIN - With this method, users use their registered swipe card and the PIN associated with the card. Users can use a swipe card with or without a pre-set and associated PIN. If using a swipe card without a pre-set and associated PIN, users are prompted to set a valid PIN to associate with the swipe card.
Enable self-association with existing user accounts - With this method, users can use a registered swipe card or a new, unregistered swipe card. If using new, unregistered swipe cards, users are prompted to complete card self-association using their username and password (that is, associating a new unregistered card with a relevant, valid user account). After card self-association is completed, subsequent use of the registered swipe card does not require users to enter their credentials. You may also set the advanced config keys ext-device.card-self-association.use-secondary-card-number and ext-device.self-association-allowed-card-regex Using the Advanced Config Editor.
The vast majority of devices have two related options: Require PIN and Enable self-association with existing user accounts, which are described below, however some devices have one or more additional options. For more information, see User card and ID numbers. Other devices might have device-specific option, in which case they are described in the devices Embedded guide.
Guest or anonymous access
Allow guest/anonymous access - This access method lets you choose to activate guest access or anonymous access (one or the other), which enables users to be authenticated as per the user specified in the Inherit settings from user field.
- Guest access - To activate this access method, one of the User Authentication access methods must be selected: Username and password, Identity number, or Swipe card.
- A Guest button, which can be customized on most devices, is displayed on the device's PaperCut MF Login screen along with the other options. For more information about customization instructions on devices, refer to the individual embedded device guides or contact your Reseller or Authorized Solution Center.
- A user who clicks the Guest button is authenticated as a guest user, as per the user specified in the Inherit settings from user field.
- Anonymous access - To activate this access method, no User Authentication access methods must be selected. (All three checkboxes are blank.)
- A user is authenticated as an anonymous user, as per the user specified in the Inherit settings from user field.
- The anonymous user can view held print jobs belonging to all users.
Inherit settings from user: Enter the username of the PaperCut MF user’s profile that is used while authenticating users as a guest user or an anonymous user on the device.
With this access method:
With this access method:
While Anonymous access is available on all devices, Guest access is currently available only on some devices. For more information about devices that support this, contact your Reseller or Authorized Solution Center.:
Server or network downtime usually means that the PaperCut Application ServerAn Application Server is the primary server program responsible for providing the PaperCut user interface, storing data, and providing services to users. PaperCut uses the Application Server to manage user and account information, manage printers, calculate print costs, provide a web browser interface to administrators and end users, and much more. is unavailable and copiers cannot be used. Offline mode, if available, offers continued use of copiers without a server connection.
When the copier is working in offline mode, users can log in to the copier with a swipe card, and activity is logged against the card number. This activity is not restricted. When connection to the server is restored, the activity is logged against the user with that card number. If no user is found for the card number, the activity is logged against the username unknown (edit ext-device.unknown-offline-username to change this; see Using the Advanced Config Editor). A warning is displayed in the App.Log when this happens. If there is no account for the unknown user, one is created automatically.
It is important to note that in offline mode, the copier is not able to:
authenticate users anonymously or via username, identity number or PIN
associate swipe cards or PINs with users
access shared accounts
check account balances
apply restrictionsRestrictions are a type of print filter that ensures jobs meet certain criteria (denying those that don't). For example, you can restrict access to one or more printer, define a maximum number of pages allowed in a single job, or allow only duplex.
release print jobs
You can specify a delay between the time the copier first fails to contact the server and the copier going offline. This is useful to avoid switching to offline mode just for brief periods of server unavailability, e.g. a server reboot.
Carefully consider offline mode before it is enabled as it allows overrunning of account balances on restricted user accounts. You can configure offline mode based on the environment, including an option to set up an administrative unlock code. This allows offline mode to be set up in environments such as schools where administrative oversight is required before each activation of offline mode.
You can set up offline mode for commercial environments where the tracking of print usage to users, groups or departments is important and charging is not a factor. You can configure the copier to go into offline mode automatically when it fails to contact the Application Server.
For added security, you can require offline mode to be unlocked before users can log in to the copier with a swipe card. Unlocking offline mode involves entering the specified code at the copier and choosing to unlock the copier for a single use or until connection to the server is restored. This is specifically useful for education organizations where a supervisor or teacher can enter this code before users can use the copier in offline mode.