Xerox AltaLink EIP configuration - After installation of Dispatcher Paragon Embedded Terminal

Creating color copy rule

Color copy restriction rules documented below are used only when property XeroxAccessDefinitionMethod is set to LDAP and property enableXeroxAccessDefinition is set to Enabled. Rules for application restriction are created during Dispatcher Paragon installation.

Go to Properties > Login/Permissions/Accounting > User Permissions and then edit User Permission Roles. Then change tab to Logged-In Users.

1) Restrict color copy for user with copy rights:

a) Press Edit user mapping for __EIP__Copy and __EIP__ID Card Copy (application names are generated by MFD)

b) In tab choose Apps & tools and change Color copy to Not allowed

images/download/attachments/284929603/image2018-7-4_14-7-9-version-1-modificationdate-1573128948153-api-v2.png

c) Press Apply and then Close

2) Create new rule for user with allowed color copy:

a) Press Add new Role. Fill role name (e.g. copycolor) and press Create.

b) In tab Assign Groups to Role into Find / Add Groups input copycolor and press Add. In list of Assigned Groups should be visible item copycolor.

Inserted group name in this step has to be set to copycolor.

images/download/attachments/284929603/image2018-10-26_11-34-56-version-1-modificationdate-1573128948193-api-v2.png

c) In tab choose Apps & tools and then set all applications except Copy and ID Card Copy to Not Allowed. Copy and ID Card Copy should be set to Allowed if not.

images/download/attachments/284929603/image2018-7-4_13-33-3-version-1-modificationdate-1573128948210-api-v2.png

d) Press Apply and then Close

Install Certificate Authority certificate

Go to Properties > Security > Certificates > Security Certificates.

Select tab Root/Intermediate Trusted Certificate(s).

Press Install Certificate.

images/download/attachments/284929603/properties_certificates_root-version-1-modificationdate-1573128948230-api-v2.png

Choose a certificate file path. Enter decryption password. Press Next and follow instructions to complete installation process.

images/download/attachments/284929603/install_certificate-version-1-modificationdate-1573128948250-api-v2.png

Secured LDAP

By default secured LDAP (without server certificate validation) is configured during installation of the device. You can disable it by enabling property internalLdapAllowNonsecureProtocol and manually disable secured LDAP on device. But you can allow an attacker to bypass access restrictions for operations on Xerox devices.

Enable server certificate validation for secured LDAP

Issuer of server certificate (CA certificate) has to be uploaded at first.

Go to Properties > Login/Permissions/Accounting > Login Methods. and edit LDAP Servers.

images/download/attachments/284929603/properties_login_methods-version-1-modificationdate-1573128948267-api-v2.png

Press Edit... on selected LDAP server.

Only LDAP server with images/download/thumbnails/284929603/LDAP_icon-version-1-modificationdate-1573128948287-api-v2.png is used for authentication or access restrictions control.

images/download/attachments/284929603/properties_login_LDAP-version-1-modificationdate-1573128948303-api-v2.png

Scroll to section Secure LDAP Connection.

Enable Validate Server Certificate (trusted, not expired, correct FQDN).

Select issuer of the server certificate from dropdown menu Root/Intermediate Trusted Certificates.

LDAP server certificate is the same which is configured in Terminal Server for secured connection with devices. Follow these instructions Configuring secured connection between terminals and Terminal Server.

images/download/thumbnails/284929603/LDAP_server-version-1-modificationdate-1573128948323-api-v2.png

Press Apply.

Some devices need reboot. If notification appears on the screen then press OK.