Xerox VersaLink EIP Configuration

This manual was created based on Xerox VersaLink C405DN and should be applicable to most VersaLink MFDs, although slight differences may occur.

Before installation of YSoft SafeQ Embedded Terminal

Administrator password

Go to Permissions > Login/Logout Settings.

images/download/attachments/160482912/image2017-6-7_13_24_55.png

Press Change Password button and insert new administrator password.

images/download/attachments/160482912/image2017-6-7_13_28_54.png

Log in as Admin user for next steps.

Disable Automatic print of Startup Page

Automatic print of Startup Page can block device installation. Then some installation steps fails.

Go to System > Defaults and Policies and click on Startup Page.

images/download/attachments/160482912/image2017-6-8_11_34_28.png

In new window choose Do Not Auto Print.

images/download/attachments/160482912/image2017-6-8_11_36_21.png

Enable HTTPS, SOAP and WSD

Go to Connectivity then choose HTTP from list of protocols and enable HTTPS, SOAP and WSD.

images/download/attachments/160482912/image2019-2-8_17-6-43.png

HTTP configuration:

images/download/attachments/160482912/image2019-2-8_17-4-40.png

SOAP configuration:

images/download/attachments/160482912/image2019-2-8_17-3-25.png

WSD configuration:

images/download/attachments/160482912/image2019-2-8_17-2-46.png

SNMPv3

Go to Connectivity then choose SNMP from list of protocols. New window will appear and then click on SNMPv3.

images/download/attachments/160482912/image2017-3-30_13_56_54.png

Enable SNMPv3. Then enable System Administrator Account and fill Authentication Password and Encryption password used in your organization.

images/download/attachments/160482912/image2017-3-30_14_5_16.png

Same Authentication Password and Encryption password have to be used in device configuration in YSoft SafeQ.

EIP Settings

Go to the Apps > EIP Settings and enable Export password to EIP Apps.

images/download/attachments/160482912/image2017-3-30_12_19_47.png

USB Card Reader

You will need to enable Plug-in feature in System > Plug-in Settings. Also enable Authentication on Registration. Restart device will be necessary - press Restart Now.

Please note that you can obtain the plug-in from Xerox, Y Soft Group has no rights for its distribution.

images/download/attachments/160482912/image2017-3-30_13-46-39.png

After restart open same window (System > Plug-in Settings) and press Add button.

images/download/attachments/160482912/image2017-3-30_13_31_28.png

Choose path to file with the plug-in and upload it to the printer.

images/download/attachments/160482912/image2017-3-30_13-33-27.jpg

After plugin installation restart device is needed.

images/download/attachments/160482912/image2017-3-30_13-53-22.png

Successful plugin installation and activation can be verified in System > Plug-in Settings in Status column.

images/download/attachments/160482912/image2017-3-30_13_41_40.png

Proceed with the MFD installation in YSoft SafeQ to complete the installation of YSoft SafeQ Embedded Terminal. Check the installation status and installation steps.

If there are some warnings present during the installation, you will need to do some further settings based on the messages.

How to enable Job Management API in the MFD

The option is available in Apps > EIP Settings > EIP Web Services > Job Management Extension

images/download/attachments/160482912/2.jpg

images/download/attachments/160482912/3.jpg

VersaLink does not have a “Allow open access to Job Information” setting. This is enabled by default for localhost calls.

It is important to have the latest software installed in the printer, to avoid any potential problems.

Embedded terminal with PIN only authentication configuration

In case the embedded terminal will use only PIN authentication method the following configuration is required:

images/download/attachments/160482912/image2020-5-7_8-41-33.png



After installation of YSoft SafeQ Embedded Terminal

These settings are necessary only if requested by the Embedded Terminal installation or if some customization of configuration is requested.

Network Accounting

Go to Permissions > Accounting Method and Select Network.

images/download/attachments/82812702/image2017-3-31_10_5_28.png

In new window Setup Limits. Service URL should contain address of your server and Id of printer in YSoft SafeQ. In What to Limit section all should be checked.

Pattern of Service URL is https://{ServerIP}:5012/xeroxauthentication/{DeviceId}/JobLimitsAppServer.asmx

images/download/attachments/82812702/image2017-3-31_10_9_58.png

In Tracking Information click on Edit and configure accounting according to the image below.

images/download/attachments/82812702/image2017-3-31_10_7_54.png

Lock Guest Access

Go to Permissions and in Guest Access click on Edit > Device User Role.

images/download/attachments/160482912/image2017-3-30_14-16-0.png

In new window choose No Access option.

images/download/attachments/160482912/image2017-3-30_14-17-17.png

Install Certificate Authority certificate

Go to System > Security and select Security Certificates

images/download/attachments/160482912/system.png

images/download/attachments/160482912/system_security_certificates.png

Select Trusted Root CA Certificates from dropdown menu and press Import.

images/download/attachments/160482912/security_certificates.png

Press Select to select a certificate from file system. Enter decryption password.

images/download/attachments/160482912/import_certificate.png

Press Import to import certificate to the device.

Application and feature (color copy, 1-sided) restrictions

Setup LDAP server

This setup should be done automatically during installation process.

Go to Connectivity > LDAP.

images/download/attachments/160482912/connectivity_LDAP.png

Select LDAP Servers/Directory Services.

images/download/attachments/160482912/LDAP_configuration.png

Fill in IP Address, Port and Search Directory Root. Click OK.

Search Directory Root format: DC=safeq,DC=com.

images/download/attachments/160482912/LDAP_servers.png

Enable secured LDAP

You can enable non-secure LDAP communication by enabling property internalLdapAllowNonsecureProtocol. But you can allow an attacker to bypass access restrictions for operations on Xerox devices.

Go to System > Security and select SSL/TLS Settings.

images/download/attachments/160482912/system.png

images/download/attachments/160482912/system_security.png

Enable LDAP - SSL/TLS Communication and Verify Remote Server Certificate. Then click OK.

Certificate authority certificate used to sign the server certificate has to be uploaded to the device in order to secured LDAP can work.

images/download/attachments/160482912/system_security_sslsettings.png

Enable LDAP for roles permissions

Rules documented below are used only when property xeroxAccessDefinitionMethod is set to LDAP and property enableXeroxAccessDefinition is set to Enabled. Rules for application restriction are created during SafeQ installation.


Go to Permissions > Roles and select Setup LDAP Permissions Groups.

images/download/attachments/160482912/permissions_roles.png

Select LDAP and click OK.

images/download/attachments/160482912/permissions_server.png

Add User Role

Create roles with appropriate permissions for all LDAP groups listed here.

copycolor

Rights to use color copy in native copy application.

copy

Rights to use native copy application.

fax

Rights to use native fax application.

notrestricted

Without any restrictions.

sq

Rights to use YSoft SafeQ application (YSoft SafeQ Terminal Application - 1st Gen).

sqbillingcodes

Rights to use YSoft SafeQ Billing Codes application (YSoft SafeQ Terminal Application - 2nd Gen).

sqprint

Rights to use YSoft SafeQ Print application (YSoft SafeQ Terminal Application - 2nd Gen).

sqscan

Rights to use YSoft SafeQ Scan application (YSoft SafeQ Terminal Application - 2nd Gen).

Go to Permissions > Roles and select Device User Roles.

images/download/attachments/160482912/permissions_roles.png

Click on Edit for Basic User. Then choose Custom Permissions and press Setup.

images/download/attachments/160482912/image2018-7-9_13-59-2.png

In Custom permission Setup dialog set Access value of each application in list to Hide.

images/download/attachments/160482912/image2018-7-9_14-1-35.png

When all applications are set to Hide then close Custom permission Setup dialog and press OK button to save changes.

images/download/attachments/160482912/image2018-7-9_14-6-4.png

Click on images/download/thumbnails/160482912/button_plus.png on the right hand side. Then select Add New Role.

images/download/attachments/160482912/device_user_roles_add.png

Write down any user role name. Select Custom Permissions and then click Setup.

images/download/attachments/160482912/add_new_device_user_role.png

Example of Copy permissions.

images/download/attachments/160482912/copy_permissions.png

images/download/attachments/160482912/copy_permissions_selection.png

Set access value of others application to Hide to properly working application restriction. Allow value should be set only for role where we expect application will be enabled.

For Basic User set all application to Hide.

Add LDAP Group

Go to Permissions > Roles and select Edit LDAP Groups.

images/download/attachments/160482912/permissions_roles_edit_LDAP_user_groups.png

Click on images/download/thumbnails/160482912/button_plus.png on the right hand side.

images/download/attachments/160482912/new_ldap_group.png

Fill in the search text and click on images/download/thumbnails/160482912/magnifier.png . Select LDAP group. Click Next.

LDAP server has to be configured in order to fetch the LDAP groups.

images/download/attachments/160482912/add_ldap_group.png

Select previously created Device User Role and click Next.

images/download/attachments/160482912/select_device_user_role.png

Select default Printing User Role and click Done.

images/download/attachments/160482912/select_printing_user_role.png