solution Contentsolution Content

HP LaserJet Enterprise, HP PageWide Enterprise - Configure Access Control settings for walk-up features

Learn how to configure Access Control settings for walk-up printing features using the Embedded Web Server (EWS).

Introduction

Use the Access Control page to manage the device features users can access:

  • Enable and Configure Sign-In Methods – set up how users log in at the printer control panel or from the computer to access device features

  • Sign-In and Permission Policies – set up access restrictions for user types, access types, and sign-in methods

  • Device User Accounts – create, edit, import, export, and delete user and group accounts for accessing printer features

The following steps explain how to use the Access Control feature.

Step one: Set up the sign-in methods

The Access Control sign-in methods can be enabled for the printer, but only one can be the default sign-in method. If more than one method is enabled, access the non-default method from the printer control panel by touching Sign In, and then touch Advanced.

Sign-in methods

  • Windows

  • LDAP

  • Installed third-party sign-in solutions – See the documentation that came with the third-party solution for information about setting up that sign-in method.

Windows sign-in setup

Use the following steps to set up Windows sign-in.

  1. Using the EWS top navigation tabs, click Security.

  2. In the left navigation pane, click Access Control.

  3. To configure the Windows sign-in method, click the Setup link for this method on the Access Control page.

  4. Select the Enable Windows Sign In (Kerberos and NTLM) check box.

  5. Add Windows domains to be recognized by the printer:

    1. Enter the Fully Qualified Domain Name (FQDN) or IP address in the Trusted Domains field.

    2. Click Add.

    Enter the fully-qualified host name or an IP address in dotted-decimal notation.

    Note:

    If DNS settings are not set appropriately, a fully-qualified domain name might be required.

    By default, the first domain added to the trusted domain list is automatically selected as the Default Windows Domain. If other trusted domains have been added, they can be selected as the default domain in the Default Windows Domain field.

  6. Select the Show Preferred Domain Servers check box to create a list of preferred domain servers.

    The specified Preferred Domain Servers will be used first, and if these servers do not work, the firmware will find domain servers based on the Trusted Domains list.

    1. Enter the FQDN or IP address in the Preferred Domain Servers field.

    2. Click Add.

  7. Verify the match and retrieval default attributes and update if necessary.

    Note:

    The Enable reverse DNS lookups option is selected by default. Use a secure connection (SSL) is disabled by default.

    Match and retrieve attribute fields

    • Match the name entered with this attribute: The sAMAccountName attribute is entered by default. This attribute retrieves the Windows Active Directory account name to verify the user names.

    • Retrieve the user's e-mail address using this attribute: The mail attribute is entered by default and is the recommended attribute. This attribute retrieves the Windows Active Directory user's email address to pre-populate address fields as appropriate.

    • Retrieve the device user's name using this attribute: The displayName attribute is entered by default. This attribute retrieves the Windows Active Directory display name.

  8. To verify that the sign-in method is working correctly, enter a valid Username and Password in the Test Windows Sign in area, and then click Test.

  9. At the bottom of the page, click OK to save the settings.

Note:

To remove a domain, select the domain, and then click Remove.

LDAP sign-in setup

Use the following steps to set up LDAP sign-in.

  1. Using the EWS top navigation tabs, click Security.

  2. In the left navigation pane, click Access Control.

  3. To enable the LDAP sign-in method, click the Setup link for this method on the Access Control page.

  4. Select the Enable LDAP Sign In check box in the Setup area.

  5. Enter an LDAP address in the LDAP Server Address field. The address can be a fully-qualified host name or an IP address in dotted-decimal notation.

  6. Select Use a secure connection (SSL) to use SSL when connecting, and then enter the port number on the LDAP server in the Port field.

    Note:

    When using TLS or SSL, port 636 is used by default.

  7. Specify the authentication requirements in the Server Authentication Requirements area.

    1. Select Use Device User's Credentials, and then enter the Bind Prefix.

    2. Select Use LDAP Administrator's Credentials, and then enter values in the LDAP Administrator's DN and Password fields.

  8. In the LDAP Database Search Settings area, enter the Bind and Search Root, and then click Add.

  9. Verify the match and retrieval default attributes and update if necessary.

    Match and retrieve attribute fields:

    • Match the name entered with this attribute: Enter the name of an attribute

    • Retrieve the user e-mail address using this attribute: Enter the name of an attribute

    • Retrieve the device user's name using this attribute: Enter the name of an attribute

    • Retrieve the device user's group using this attribute: The objectClass attribute is entered by default

      Note:

      The Exact match on Group attribute option is selected by default.

  10. To verify that the sign-in method is working correctly, enter a valid Username and Password in the Test LDAP Sign In area, and then click Test.

  11. At the bottom of the page, click OK to save the settings.

Step two: Set up device feature permissions

The following instructions provide information on how to configure access restrictions for user types, access types, and sign-in methods.

Note:

By default, all device features for Device Guest are set to Access Granted and Device User are set to Full Access, which do not require a sign-in method. Sign-in is not required unless the sign-in method is changed in the Sign In Method column from Use Default to one of the three sign-in methods (Local Device, LDAP, or Windows).

  1. Determine the appropriate level of Guest access in the Device Guest column.

    • Access Granted: Allows a Device Guest to use the specified device feature without signing in

    • Requires Sign In: Requires a Device Guest to sign in to use the specified device feature

    1. Disable all device features by clicking the check box under Device Guest. The check boxes are now set to Requires Sign In to use the device features.

      OR

    2. To disable a specific device feature, click the check box to the right of the feature in the Device Guest column. The device feature is now set to Requires Sign In to use the feature.

    Options for permissions on the Access Control page

    Access Control page

  2. Determine the level of access for a Device User.

    • Full Access: Allows a Device User to use the specified device feature without signing in

    • Access Denied: Requires a Device User to sign in to use the specified device feature

    1. Disable all device features by clicking the check box under Device User. The check boxes are now set to Access Denied. If a device feature is set to Access Denied in the Device User column, the access in the Device Guest column automatically changes to Requires Sign In.

    2. To disable a specific device feature, click the check box to the right of the feature in the Device User column. The device feature is now set to Access Denied. If a device feature is set to Access Denied in the Device User column, the access in the Device Guest column automatically changes to Requires Sign In.

  3. Determine the Sign In Method for device features for walk-up users at the printer’s control panel.

    Note:

    By default, the Sign In Method is set as Local Device; however, this does not require sign in to use a device feature unless the sign-in method is changed for the specific device feature from Use Default to Local Device.

  4. To require users to use the sign-in method set for each device feature, do not check the check box for Allow users to choose alternate sign-in methods.

Step three: Set up the Job Status and Screen Behavior settings

Use the following steps to configure an automatic sign out from the printer.

  1. Click the Automatically sign out check box, and click the radio button for either Sign out immediately when job starts or Sign out after 10 seconds with option to stay signed in.

  2. Under Default Retain Settings Behavior, select the job types to retain settings by clicking the following check boxes:

    • Copy

    • Digital Send

    • Fax

Step four: Set up the default permissions for each sign-in method

Use the following steps to configure the default permission set type for Windows or LDAP sign-in methods.

  1. Set the default permissions for all users and groups by clicking the drop-down lists for LDAP and Windows, and select the appropriate option.

  2. If specific users or groups need different permissions from the default permissions, click New.... The New User or Group to Permission Set Relationship page opens.

    1. From the User or Group drop-down list, select either User or Group.

    2. Using the Permission Set drop-down list, select either Device Administrator or Device User.

    3. From the Sign In Method drop-down list, either LDAP or Windows.

    4. In the Network User or Group Name field, enter a user or group name.

    5. Click OK.

Step five: Set up Device User Accounts

Use the following steps to set up individual Device User Accounts that use an access code for the Local Device sign-in method.

  1. From the Default Permission Set for new accounts drop-down list, select either Device Administrator or Device User.

  2. Click New... to create a new Device User Account, and enter the following information:

    • Display Name: Enter a Device User Account name

    • E-mail Address: Enter the user e-mail address

    • Network Name: Enter the network name

    • Access Code: Use this generated Access Code or assign a new code

    • Permission Set: From the drop-down list, select either Device Administrator or Device User

  3. Click OK.

Step six: Complete the setup

On the Access Control page, review the selected settings, and then click Apply to complete the setup.

Additional support options

Try one of our automated tools or diagnostics
Ask a question on our HP Support Community page
Get in touch with one of our support agents

Enter a topic to search our knowledge library

What can we help you with?