Xerox VersaLink EIP Configuration
This manual was created based on Xerox VersaLink C405DN and should be applicable to most VersaLink MFDs, although slight differences may occur.
Before installation of YSoft SafeQ Embedded Terminal
Administrator password
Go to Permissions > Login/Logout Settings.
Press Change Password button and insert new administrator password.
Log in as Admin user for next steps.
Disable Automatic print of Startup Page
Automatic print of Startup Page can block device installation. Then some installation steps fails.
Go to System > Defaults and Policies and click on Startup Page.
In new window choose Do Not Auto Print.
Enable HTTPS, SOAP and WSD
Go to Connectivity then choose HTTP from list of protocols and enable HTTPS, SOAP and WSD.
HTTP configuration:
SOAP configuration:
WSD configuration:
SNMPv3
Go to Connectivity then choose SNMP from list of protocols. New window will appear and then click on SNMPv3.
Enable SNMPv3. Then enable System Administrator Account and fill Authentication Password and Encryption password used in your organization.
Same Authentication Password and Encryption password have to be used in device configuration in YSoft SafeQ.
EIP Settings
Go to the Apps > EIP Settings and enable Export password to EIP Apps.
USB Card Reader
You will need to enable Plug-in feature in System > Plug-in Settings. Also enable Authentication on Registration. Restart device will be necessary - press Restart Now.
Please note that you can obtain the plug-in from Xerox, Y Soft Group has no rights for its distribution.
After restart open same window (System > Plug-in Settings) and press Add button.
Choose path to file with the plug-in and upload it to the printer.
After plugin installation restart device is needed.
Successful plugin installation and activation can be verified in System > Plug-in Settings in Status column.
Proceed with the MFD installation in YSoft SafeQ to complete the installation of YSoft SafeQ Embedded Terminal. Check the installation status and installation steps.
If there are some warnings present during the installation, you will need to do some further settings based on the messages.
How to enable Job Management API in the MFD
The option is available in Apps > EIP Settings > EIP Web Services > Job Management Extension
VersaLink does not have a “Allow open access to Job Information” setting. This is enabled by default for localhost calls.
It is important to have the latest software installed in the printer, to avoid any potential problems.
Embedded terminal with PIN only authentication configuration
In case the embedded terminal will use only PIN authentication method the following configuration is required:
After installation of YSoft SafeQ Embedded Terminal
These settings are necessary only if requested by the Embedded Terminal installation or if some customization of configuration is requested.
Network Accounting
Go to Permissions > Accounting Method and Select Network.
In new window Setup Limits. Service URL should contain address of your server and Id of printer in YSoft SafeQ. In What to Limit section all should be checked.
Pattern of Service URL is https://{ServerIP}:5012/xeroxauthentication/{DeviceId}/JobLimitsAppServer.asmx
In Tracking Information click on Edit and configure accounting according to the image below.
Lock Guest Access
Go to Permissions and in Guest Access click on Edit > Device User Role.
In new window choose No Access option.
Install Certificate Authority certificate
Go to System > Security and select Security Certificates
Select Trusted Root CA Certificates from dropdown menu and press Import.
Press Select to select a certificate from file system. Enter decryption password.
Press Import to import certificate to the device.
Application and feature (color copy, 1-sided) restrictions
Setup LDAP server
This setup should be done automatically during installation process.
Go to Connectivity > LDAP.
Select LDAP Servers/Directory Services.
Fill in IP Address, Port and Search Directory Root. Click OK.
Search Directory Root format: DC=safeq,DC=com.
Enable secured LDAP
You can enable non-secure LDAP communication by enabling property internalLdapAllowNonsecureProtocol. But you can allow an attacker to bypass access restrictions for operations on Xerox devices.
Go to System > Security and select SSL/TLS Settings.
Enable LDAP - SSL/TLS Communication and Verify Remote Server Certificate. Then click OK.
Certificate authority certificate used to sign the server certificate has to be uploaded to the device in order to secured LDAP can work.
Enable LDAP for roles permissions
Rules documented below are used only when property xeroxAccessDefinitionMethod is set to LDAP and property enableXeroxAccessDefinition is set to Enabled. Rules for application restriction are created during SafeQ installation.
Go to Permissions > Roles and select Setup LDAP Permissions Groups.
Select LDAP and click OK.
Add User Role
Create roles with appropriate permissions for all LDAP groups listed here.
copycolor | Rights to use color copy in native copy application. |
copy | Rights to use native copy application. |
fax | Rights to use native fax application. |
notrestricted | Without any restrictions. |
sq | Rights to use YSoft SafeQ application (YSoft SafeQ Terminal Application - 1st Gen). |
sqbillingcodes | Rights to use YSoft SafeQ Billing Codes application (YSoft SafeQ Terminal Application - 2nd Gen). |
sqprint | Rights to use YSoft SafeQ Print application (YSoft SafeQ Terminal Application - 2nd Gen). |
sqscan | Rights to use YSoft SafeQ Scan application (YSoft SafeQ Terminal Application - 2nd Gen). |
Go to Permissions > Roles and select Device User Roles.
Click on Edit for Basic User. Then choose Custom Permissions and press Setup.
In Custom permission Setup dialog set Access value of each application in list to Hide.
When all applications are set to Hide then close Custom permission Setup dialog and press OK button to save changes.
Click on on the right hand side. Then select Add New Role.
Write down any user role name. Select Custom Permissions and then click Setup.
Example of Copy permissions.
Set access value of others application to Hide to properly working application restriction. Allow value should be set only for role where we expect application will be enabled.
For Basic User set all application to Hide.
Add LDAP Group
Go to Permissions > Roles and select Edit LDAP Groups.
Click on on the right hand side.
Fill in the search text and click on . Select LDAP group. Click Next.
LDAP server has to be configured in order to fetch the LDAP groups.
Select previously created Device User Role and click Next.
Select default Printing User Role and click Done.