Configuring Xerox MFD Built on ConnectKey

This manual was created based on Xerox WorkCentre 7835, and should be applicable to most MFDs built on ConnectKey™, although slight differences may occur.

Before Installing YSoft SafeQ Embedded Terminal

Time settings

Go to the Properties tab > General Setup > Date and Time.

Make sure you set the time to match the YSoft SafeQ Server time or specify automatic time configuration via an NTP server.

images/download/attachments/160482521/image2015-4-8_13_42_39.png

FTP mode

Go to the Properties tab > Connectivity > Setup. Click Edit in the FTP/SFTP Filling row, and then set the Mode to Active.

images/download/attachments/160482521/image2015-4-8_13_43_56.png

Include User Name with validation request

Go to the Properties tab > Services > Workflow Scanning > Validation Options. Enable the Include User Name with validation request option.

images/download/attachments/160482521/image2015-4-8_13_44_48.png

Scan services for scanning with workflows

You will need to enable Scan Template Management in device configuration for scanning with workflows later.

Go to the Properties tab > Services > Printing > Printing Web Services, and then enable the options Scan Template Management and Scan Extensions. Also make sure that Xerox Secure Access and Authentication & Accouting configuration are enabled:

images/download/attachments/160482521/image2015-4-8_13_45_47.png

You might also want to check that the Confirmation Sheets for Scanning Workflows are set to print only in case of an error. Otherwise, there might be a page printed every time someone uses the Scan option in the YSoft SafeQ terminal.

Go to the Properties tab > Services > Workflow Scanning > General Settings. Set Confirmation Sheet to Errors Only.

images/download/attachments/160482521/image2015-4-8_13_46_36.png

SNMP settings

Go to the Properties tab > Connectivity > Setup. Click Edit in the SNMP row, and then enable the option Enable SNMP v1/v2c Protocols.

images/download/attachments/160482521/image2015-4-8_13_47_13.png

On the same page, click Edit SNMP v1/v2c Properties. Set the Community Name (Read/Write) accordingly:

images/download/attachments/160482521/image2015-4-8_13_47_45.png

Proceed with the MFD installation in YSoft SafeQ to complete the installation of YSoft SafeQ Embedded Terminal. Check the installation status and installation steps.

If there some warnings appear during the installation, you will need to do some further settings of the MFD based on the messages you see. In that case, the following information should help you with configuring your Xerox MFD.

After the Installation of YSoft SafeQ Embedded Terminal

These settings are necessary only if requested by the YSoft SafeQ Embedded Terminal installation or if customization of the configuration is requested.

Accounting Workflow, User Accounting Prompts, Validation for Accounting Codes

Go to the Properties tab > Login / Permissions / Accounting > Accounting Method

Then, configure the Accounting Workflow, User Accounting Prompts and Validation for Accounting Codes. Click the respective Edit buttons.

images/download/attachments/160482521/image2015-4-8_13_48_24.png

Accounting Workflows:

Please note that there are two possible configurations depending on the selected features. When payments are used, Pre-Authorization and Capture Usage must be used. In other cases, Capture Usage must be used. (Please note that without payments, the Pre-Authorization will cause a malfunction. For example, selecting the copy function and starting copying will perform the scanning part of the process, but then the MFD will wait for user verification.)

  • Payments are used

images/download/attachments/160482521/image2015-4-8_13_49_11.png

  • Standard configuration

images/download/attachments/160482521/image2015-4-8_13_49_32.png

User Accounting Prompts:

images/download/attachments/160482521/image2015-4-8_13_50_17.png

Validation for Accounting Codes:

images/download/attachments/160482521/image2015-4-8_13_51_22.png

Extensible Service Browser

Go to the Properties tab > General Setup > Extensible Service Setup. Enable the Extensible Services Browser option and the Export password to Extensible Services option.

images/download/attachments/160482521/image2015-4-8_13_52_7.png

Xerox Secure Access

Properties tab > Services > Printing > Printing Web Services. Enable the Xerox Secure Access option.

images/download/attachments/160482521/image2017-11-23_10_45_4.png

User Permissions Roles

Go to the Properties tab > Login/Permissions/Accounting > User Permissions. In the User Permissions Roles row, click Edit

images/download/attachments/160482521/image2015-4-8_13_52_54.png

On the Non-Logged-In Users tab, click Edit to edit the Non-Logged-In User role.

If you use the device authentication mode To device, on the Services & Tools tab, check that the Role State of the Services Pathway is set to Not Allowed.

You can configure the Machine Status Pathway and Job Status Pathway locks freely.

images/download/attachments/160482521/image2015-4-8_13_53_23.png

If you use the device authentication mode To each application, set the options accordingly. Note that for some WorkCentre models, it is necessary to use only Per application settings for proper functionality.

images/download/attachments/160482521/image2015-4-8_13_53_53.png

Convenience Authentication Setup

Go to the Properties tab > Login/Permissions/Accounting > Login Methods. Then click Edit next to Convenience Authentication Setup.

images/download/attachments/160482521/image2015-4-8_13_54_44.png

On the Convenience Authentication Setup page, check that Accounting Information is applied automatically. It can be modified by selecting Automatically apply Accounting Codes from the server.

images/download/attachments/160482521/image2015-4-8_13_55_25.png

Job Limits

To enable the Job Limits service, go to the Properties tab > Services > Printing > Printing Web Services, and select the check box for Job Limits. Click Apply.

images/download/attachments/160482521/image2015-4-8_11_25_2.png

Email

For the proper functioning of the native scan to email (E-mail application) on the MFD, you need to disable the possibility to change the "From" address.

Go to the Properties tab > Services > Email > Setup. Then click Edit next to From Field.

images/download/attachments/160482521/email_settings_1.png

Fill in Default From Address and select Yes next to Always use Default From Address.

images/download/attachments/160482521/email_settings_2.png

Card Reader Policies

Its function is to determine whether a USB card reader needs to be plugged in for authentication to take place. For example, if this is set to yes and there is no USB Card Reader attached, you can not use pin only authentication.

Go to the Properties tab > Login/Permissions/Accounting > Login methods

images/download/attachments/160482521/card_reader_policies.png

Creating color copy rule

Color copy restriction rules documented below are used only when property xeroxAccessDefinitionMethod is set to LDAP and property enableXeroxAccessDefinition is set to Enabled. Rules for application restriction are created during product installation.


Go to Properties > Login/Permissions/Accounting > User Permissions and then edit User Permission Roles. Then change tab to Logged-In User.

  1. Deleting generated copy rule

    1. Ask Xerox field technician for assistance. Generated Copy rule assigned to Copy application(s) has to be deleted. This action can be done using Access configuration client contained in Xerox EIP.

  2. Creating Copy rule

    1. Click on button Make Your Own Permission Roles.

    2. Fill role name (e.g. copy) and press Create.

    3. In tab Assign Groups to Role into Find / Add Groups input copy and press Add. In list of Assigned Groups should be visible item copy.

      Inserted group name in this step has to be set to copy.

      images/download/attachments/160482521/image2018-11-28_10-20-39.png

    4. In tab choose Services & tools and then set all applications except Copy and ID Card Copy to Not Allowed. Copy and ID Card Copy should be set to Allowed if not. Color Copy should be set to Not al lowed.

      images/download/attachments/160482521/image2018-11-28_10-23-13.png
    5. Press Apply and then Close.

  3. Creating Copy color rule

    1. Fill role name (e.g. copycolor) and press Create

    2. In tab Assign Groups to Role into Find / Add Groups input copycolor and press Add. In list of Assigned Groups should be visible item copycolor .

      Inserted group name in this step has to be set to copycolor .

      images/download/attachments/160482521/image2018-10-26_11-34-56.png

    3. In tab choose Services & tools and then set all applications except Copy and ID Card Copy to Not Allowed. Copy and ID Card Copy should be set to Allowed if not.

      images/download/attachments/160482521/image2018-11-14_9-28-48.png

    4. Press Apply and then Close

Install Certificate Authority certificate

Go to Properties > Security > Certificates > Security Certificates.

Select tab Root/Intermediate Trusted Certificate(s).

Press Install Certificate.

images/download/attachments/160482521/image2018-11-14_9-41-1.png

Choose a certificate file path. Enter decryption password. Press Next and follow instructions to complete installation process.

Secured LDAP

By default secured LDAP (without server certificate validation) is configured during installation of the device. You can disable it by enabling property internalLdapAllowNonsecureProtocol and manually disable secured LDAP on device. But you can allow an attacker to bypass access restrictions for operations on Xerox devices.

Enable server certificate validation for secured LDAP

Issuer of server certificate (CA certificate) has to be uploaded at first.

Go to Properties > Login/Permissions/Accounting > Login Methods. and edit LDAP Servers.

images/download/attachments/160482521/image2018-11-14_9-33-14.png

Press Edit... on selected LDAP server.

images/download/attachments/160482521/image2018-11-14_9-35-49.png

Scroll to section Secure LDAP Connection.

  1. Enable Secure Connection (LDAPS)

  2. Enable Validate Server Certificate (trusted, not expired, correct FQDN).

  3. Select issuer of the server certificate from dropdown menu Root/I ntermediate Trusted Certificates.

LDAP server certificate is the same which is configured in Terminal Server for secured connection with devices. Follow these instructions Configuring secured connection between terminals and Terminal Server.

images/download/attachments/160482521/image2018-11-14_9-37-30.png

Press Apply.

Some devices need reboot. If notification appears on the screen then press OK.