User Authentication

If your Equitrac deployment uses Client Billing, or embedded devices, you can configure CAS to validate user accounts against primary and secondary accounts PINs. PIN information connects an Equitrac printing account with user logon information when a user logs onto a control terminal or releases a print job.

The primary PIN is the alpha-numeric sequence that uniquely identifies the user, and can be data encoded on a magnetic swipe card or entered via a keypad. The secondary PIN acts as a device password, and is entered via a keypad.

To configure user authentication settings, do the following:

  1. In System Configuration select Global Configuration Settings > Security and Authentication > User Authentication.
  2. Click Authentication Options from the left menu, and select one or more Authentication Mechanisms:
    • Equitrac PINs - Leave selected only if you want to connect an Equitrac printing account with logon information.
    • External user ID and password - Select to verify all user information outside of Equitrac.
    • Equitrac PIN with external password - Enable if users swipe their cards for identification, and must also enter their domain user account password.

Equitrac cross-checks the database for the corresponding Equitrac account name, then verifies the credentials against the selected external authority for network logon. See External User Authentication for details.

  1. Select Store secondary PIN encrypted check box if you want the secondary PIN to be encrypted.
  2. In the User Input section, select the Authentication options:
    1. Set the Input type to determine how users are authenticated.
      • Card swipe only - Users authenticate with a swipe card.
      • Card swipe or keypad entry - Users authenticate with a swipe card or a the MFP front panel.
      • Keypad only - Users authenticate at the MFP front panel.
    2. Set the Secondary prompt to determine when users are prompted for a secondary PIN.
      • Always - User must enter a secondary PIN.
      • If PIN2 available - User must enter a secondary PIN if they have a PIN 2 value associated with their user account. Users with a PIN 2 value will be prompted to enter it. This applies for both keyboard and card swipe logins. This option only applies to select embedded devices.
      • If PIN2 available or keyboard login - User must enter a secondary PIN if they have a PIN 2 value associated with their user account, or if they entered their primary PIN or network ID via the keyboard (rather than with a swipe card). Users with a PIN 2 value will be prompted to enter it, while users who login via the keyboard and do not have a PIN 2 will be prompted to enter a network password. This option only applies to select embedded devices.
      • Never - Secondary PIN is not required.
      • Only with keyboard login - User must enter a secondary PIN or password if they entered their primary PIN or network ID via the keyboard (rather than with a swipe card). This option prevents users from typing in someone else’s primary PIN while still allowing valid users to login without a card.
      Note: Use either If PIN2 available or keyboard login or Only with keyboard login when two-level authentication is required to register new cards. In order to register the card, the user is required to manually enter the primary and secondary login credentials. Regardless which of the above options is selected, if a user has a PIN 2 value associated with their Equitrac user account, they must enter it in order to successfully login. If any users have a PIN 2 value, select If PIN2 available or keyboard login. Do not select Only with keyboard login.
    3. Select Auto-register primary PINs check box to enable users to register an unrecognized swipe card for future use. To complete the card registration, the user is required to login with a valid user ID and password. Optionally, you can select Register as alternate PIN to record the PIN as the Alternate PIN instead of the Primary PIN.
      Note: If the Auto-register primary PINs option is not selected, then the user cannot register their card, and must login manually.
  3. Click Card Setup from the left menu, and determine the User authentication card setup. For details on entering the decoding parameters, see HID Decoding.
  4. Click CAS offline behavior from the left menu, and set the following:
    1. Select Disabled or Enabled from the Login caching drop-down list.
      • Disabled – Prevents user login when CAS is offline.
      • Enabled – Allows only previously CAS-validated users to login when CAS is offline.

      DCE login caching determines whether a user login is accepted or denied when CAS is offline. If DCE caching is disabled when CAS is offline, then users cannot login. If DCE caching is enabled when CAS is offline, then DCE allows users to login only if they had previously logged in when CAS was online.

      For example, if DCE caching is enabled, and User1 authenticated while CAS was online, but User2 did not, then if CAS goes offline, User1 can still login, but User2 cannot login until CAS comes online again. Once CAS is back online, then User2 can login, and continue to login even if CAS goes offline again.

      Note: Account limits are not enforced, and Billing Codes are not validated when DCE is operating without a connection to CAS.
    2. From the Print behavior drop-down list select one of the following options to determine how DRE servers handle print jobs when CAS is offline:
      • Auto select - If account limits are enforced, then the Do not print option is used. If account limits are not enforced, then the Print, charge accounts later option is used.
      • Do not print - Users cannot print, and must wait until CAS is back online in order to print.
      • Print, charge accounts later - Users can print, and then the print job is charged to their account when CAS is back online.
  5. Click Save to save the settings.