If your printer is located in a public space such as a lobby, and you wish to prevent the general public from using it, a password or PIN can provide simple protection right at the device. Administrators can assign a single password or PIN for all authorized users of the device, or separate codes to protect individual functions. The key to remember is that anyone who knows a password or PIN can access any functions protected by that code.
From the MarkVision Professional Home screen, select Security - Access Controls from the All Tasks list.
Select a device using the Quick Find or Folders tabs.
| Note: When a device managed by MVP is not supported by a specific task, its name will appear with a black line through it in the Quick Find or Folders tabs. Password-protected network devices are displayed in red. Enter the device password to gain access to the device. |
Select an available password or PIN from the drop-down lists.
| Note: For more information about creating passwords, see Creating or editing a device password (advanced). For more information about creating PINs, see Creating a PIN. |
Click Apply.
From that point on, users will have to enter the appropriate password or PIN to access the protected functions on the selected device(s).
If you do not use an authentication server to grant users access to devices, Internal Accounts can be created and stored on devices for authentication, authorization, or both.
From the MarkVision Professional Home screen, select Security - Internal Accounts from the All Tasks list.
Select devices using the Quick Find or Folders tabs.
Use Ctrl + click and Shift + click to select multiple devices.
Click Setup Groups, and configure as needed.
For more information on configuring individual user accounts, see Using internal accounts.
Once configured, one or two building blocks can be combined with a unique name of up to 128 characters to create a security template. Each device can support up to 140 security templates. Though the names of security templates must be different from one another, building blocks and security templates can share a namė.
From the MarkVision Professional Home screen, select Security - Security Templates from the All Tasks list.
Select devices using the Quick Find or Folders tabs.
Use Ctrl + click and Shift + click to select multiple devices.
Click Add.
Type a name for the security template, and then choose the appropriate building block from the Authentication Setup and Authorization Setup lists.
| Note: It can be helpful to use a descriptive name, such as ”Administrator _ Only”, or “Common _ Functions _ Template.” |
Select groups as necessary from the Groups list.
Click OK.
The final step in is to apply the security template, which will secure access to various functions on a device.
From the MarkVision Professional Home screen, select Security - Access Controls from the All Tasks list.
Select devices using the Quick Find or Folders tabs.
Use Ctrl + click and Shift + click to select multiple devices.
Select the newly created security template from any of the available function access drop-down lists, and then click Apply.
Users will now be required to enter the appropriate credentials in order to gain access to a function controlled by the security template.
| Note: The function access drop-down lists become text fields when you apply a security template to multiple devices at the same time. In that case, you must type the name of the security template into each of the relevant function access text fields. |
On networks running Active Directory, administrators can use the LDAP+GSSAPI capabilities of MVP to take advantage of authentication and authorization services already deployed on the network. User credentials and group designations can be pulled from the existing network, making access to the printer as seamless as other network services.
Before configuring MVP to integrate with Active Directory, you will need to know the following:
Kerberos configuration information:
Character encoding (used for passwords)
Location of the Kerberos file on the network (if importing a krb5.conf file)
If creating a Simple Kerberos Setup:
The IP address or hostname of the Key Distribution Center (KDC)
The KDC port (the default KDC port is 88)
The name of the Realm (or domain) where the KDC is located
| Note: In Windows Active Directory environments, the Kerberos Realm is the same as the Windows domain name, such as company.com. |
The Kerberos username and password assigned to the printer
LDAP server information:
The IP address or hostname of the LDAP server
| Note: In Windows Active Directory enviornments, the Kerberos KDC and LDAP servers are on the same machine—the Domain Controller. |
The LDAP server port (the default port is 389)
A list of up to three object classes stored on the LDAP server, which will be searched for user credentials during authentication. This is optional only when the “Person” object class is not selected. Because “person” is the default object class for Windows AD user accounts, you will have to use the “Custom” object class to specify other object classes defined on the server.
A list of up to 32 groups stored on the LDAP server that will be used to authorize user access to printer functions
From the MarkVision Professional Home screen, select Security - Kerberos (Advanced) from the All Tasks list.
Select devices using the Quick Find or Folders tabs.
Use Ctrl + click and Shift + click to select multiple devices.
| Note: When a device managed by MVP is not supported by a specific task, its name will appear with a black line through it in the Quick Find or Folders tabs. Password-protected network devices are displayed in red. Enter the device password to gain access to the device. |
Configure Kerberos settings using the information gathered in step 1.
For more information on configuring Kerberos, see Using Kerberos authentication (advanced).
From the MarkVision Professional Home screen, select Security - LDAP + GSSAPI from the All Tasks list.
Select devices using the Quick Find or Folders tabs.
Use Ctrl + click and Shift + click to select multiple devices.
Click Add.
Configure LDAP+GSSAPI settings using the information gathered in step 1.
For more information on configuring LDAP+GSSAPI, seeConfiguring LDAP + GSSAPI settings.
From the MarkVision Professional Home screen, select Security - Security Templates from the All Tasks list.
Select devices using the Quick Find or Folders tabs.
Use Ctrl + click and Shift + click to select multiple devices.
Click Add.
Type a name for the security template, and then choose the appropriate building block from the Authentication Setup and Authorization Setup lists.
| Note: It can be helpful to use a descriptive name, such as ”Administrator _ Only”, or “Common _ Functions _ Template.” |
Select groups as necessary from the Groups list.
Click OK.
From the MarkVision Professional Home screen, select Security - Access Controls from the All Tasks list.
Select devices using the Quick Find or Folders tabs.
Use Ctrl + click and Shift + click to select multiple devices.
Select the newly created security template from any of the available function access drop-down lists, and then click Apply.
Users will now be required to enter the appropriate credentials in order to gain access to a function controlled by the security template.
| Note: The function access drop-down lists become text fields when you apply a security template to multiple devices at the same time. In that case, you must type the name of the security template into each of the relevant function access text fields. |