SSO/SDL

Are you looking for security features

such as User Authentication?

Would you like a security feature that

can help with your compliance efforts for GLBA/HIPAA acts?

Are you looking at securing access

to your imageRUNNER devices so that a user is required to sign-on to the device?

Would you prefer that documents

sent via Universal SendTM included the senders name and reply-to-e-mail address, instead of the name of the imageRUNNER device?

Solution 3
imageRUNNER SSO/SDL Function
Enabling the Single-Sign-On and Simple Device Login (SSO/SDL) provides an end-user with the ability to sign on to imageRUNNER devices with either a unique ID/password or the same user ID/password, as his/her other networked devices. SSO and SDL can assist with security and regulatory complianceas it helps provide a secured method to sign into devices and prevents disclosure of confidential information.

SSO SDL HDD

NOTE: The features discussed may not be available for all imageRUNNER devices. They may require optional equipment. Check with your local Authorized Canon Dealer for more information.

Active Directory

How Do You Do It? 3

Set Up SDL
Activate the Log-in service 1. Log into MEAP SMS (System Management Service). Enter the following URL: http://<IP address of the machine>:8000/sms/ The default password is MeapSmsLogin (case sensitive). 2. Go to [System Management] 3. Go to [Enhanced Sys. App] 4. Select [Simple Device Login] 2

Log In
Register user information 1. Log in as Administrator to SDL setup page [http://<IP Address of the machine>:8000/sdl/] from Web browser. 1 1. Simply log-in to device with your name and password registered from the SDL set up page.

2 3

2. Enter the user name for the SDL administrator. Default user name is Administrator, and default password is password. 3. Click [User management] 2 [register].

4 5. Restart the machine. 6. Log-in screen will appear on your machine.

4. Enter necessary data 2 click [OK]

4 6

For additional details and SSO setup, please refer to the MEAP SMS administrator manual.

5. [Log out].

For additional details and SSO setup, please refer to the MEAP SMS administrator manual.

Demo Scenarios 3
Financial Services
Welsh Wealth Management LLC employs one hundred asset and wealthy family client managers, and theyre looking to strengthen their security and compliance needs for internal audits and regulatory agencies. Theyre considering devices that would allow managers to utilize their existing network User Ids/Passwords for other networked devices. With Single Sign-On (SSO)which provides direct authentication for users with Microsoft Active Directoryit provides the managers with the ability to access an imageRUNNER device using the same ID and password as they do at their PC. This can help provide better security controls over print jobs, device access, and helps leverage Welshs existing IT environment.

Banks
H&H Bank hired consultants to help revamp their data center. The data center houses confidential material such as customer information, branch profitability, and proprietary databases. Management is looking for a way to allow temporary access to the device for these consultants because theyre dealing with sensitive information. SDL with help provide authentication for these temporary employees.

Hospitals
Greater Metro Hospital wants to add security to their fleet of 125 imageRUNNER devices to help comply with HIPAA privacy and security rules by controlling the flow of confidential information and creating audit trails. Greater Metro needs to allow both permanent and temporary staff authorized and traceable access to copy, scan, and fax functions while denying access to unauthorized persons. Using SSO, the Greater Metro can allow permanent employees access to every imageRUNNER device using their regular network log-in, with minimal load on the IT department, and allow temporary workers without network rights be granted access to only the imageRUNNER devices where they work, while the hospital maintains a log of all activity on the devices.

Law Firms
The law firm of Allen, Innes, and McCann has over two hundred attorneys, three hundred and forty paralegals, one hundred and eighty administrative staff and another forty plus support staff. Using SSO will be an easy solution so all employees only have to remember one user ID and password to access both their PC and the imageRUNNER device. This will help each user easily remember their ID/password and help to eliminate the calls to IT asking them to reset their passwords.

NOTE: The scenarios listed above are fictitious and are for illustrative purposes only.

SSO/SDL Solution 3
Benefits
SSO and SDL help in securing and restricting access device, which can assist companies in their GLBA and HIPAA
regulation compliance efforts.

SSO can help create efficient sign-on policies for any organization thats looking to develop a user-friendly environment,
where multiple passwords are not needed to access networked devices.

SDL authentication can provide managers with a tool to limit the access and functionality of an imageRUNNER
device for temporary employees.

Companies can restrict access to particular devices with SSO/SDL by allowing only those employees in confidential
or restricted areas to utilize those devices.

SSO and SDL help maintain security and provide audit trails for any company.

FAQ
Q: What is the difference between SDL and SSO? A: SDL User ID/Password and Dept. ID are stored on the imageRUNNER devices hard disk and authentication is done internally through the machine. SSO uses the same User ID and Password that the user uses to log in to their PC. SSO requires a Security Agent to go out from the device to the Active Directory Server to authenticate the information. Q: Are there any limits to the number of users that utilize SDL on the device? A: Yes. You can register up to 1,000
users per device.

Q: Can I use any software to help track my print costs in addition to running SDL and SSO authentication? A: Yes. Canons NetSpot Accountant 4.0 can be

Q: How are SSO and SDL functions set up and maintained? A: Generally, the IT department of a business sets up both functions. The person must have access to the System Manager area of the imageRUNNER device. When using SDL for temporary workers, it may be beneficial to have someone in the local department be authorized to make user additions and deletions.

utilized in conjunction with SDL to track print activity down to the user level. Tracking a users activity is helpful in accounting for usage of the machine and assessing the associated costs and maintenance. NetSpot Accountant 4.0 can be can purchased separately and provides cost conscious managers a means to effectively control the costs Q: What if the user does not want the name of the device to show up when of printing, copying, and faxing.

sending via Universal Send?

Q: Does SSO and SDL help with GLBA/HIPAA compliance?*

A: By using SSO and SDL, the users name

can be set up so that its displayed as the

Q: If I change my SSO password at my computer, do I have to change my imageRUNNER password? A: No. SSO will look to the back-end server
(Active Directory) for the new password and authenticate it at the device. This means that if you change your password at your PC, the new password will be authenticated and recognized when you use the device.

A: This function only permits access to the device sender and reply-to address instead of the
through the user ID and personal passwords. name of the device. User IDs/passwords are unique and should not be shared between coworkers. This means that print/scan/copy/send jobs have enhanced security, which guards against unauthorized access or disclosure. The added protection helps ensure that confidential information is secure, which is an important measure for GLBA and HIPAA.

* Statements made in this document are the opinions of Canon U.S.A. None of these statements should be construed to customers or Canon U.S.A.s dealers as legal advice, as Canon U.S.A. does not provide legal counsel or compliance consultancy, including without limitation, Sarbanes-Oxley, HIPAA, GLBA, Check 21 or the USA PATRIOT Act. Each customer must have its own qualified counsel determine the advisability of a particular solution as it relates to regulatory and statutory compliance.
Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries. CANON, IMAGERUNNER, and NETSPOT are registered trademarks of Canon Inc. in the United States and may also be registered trademarks or trademarks in other countries. REMOTE UI is a trademark of Canon U.S.A., Inc. IMAGEANYWARE is a trademark of Canon. All referenced product names and other marks are trademarks of their respective owners. 2006 Canon U.S.A., Inc. All rights reserved.

1-800-OK-CANON www.usa.canon.com Canon U.S.A., Inc. One Canon Plaza Lake Success, NY 11042

0707R-SSO/SDL-PDF-NW