• Introduction
• Step one: Access the HP Embedded Web Server (EWS)
• Step two: Set up the sign-in methods
• Step three: Set up print feature permissions
• Step four: Set up the Job Status Screen Behavior settings
• Step five: Set up the default permissions for each sign-in method
• Step six: Set up Device User Accounts
• Step seven: Complete the setup

Use the Access Control page to controls to manage the print features users can access:

• •

  Enable and Configure Sign-In Methods – set up how users log in at the printer control panel or from the computer to access print features

• •

  Sign-In and Permission Policies – set up access restrictions for user types, access types, and sign-in methods

• •

  Device User Accounts – create, edit, import, export, and delete user and group accounts for accessing printer features

The following steps explain how to use the Access Control feature.

1. 1.

   From the Home screen on the printer control panel, touch the Network button to display the IP address or host name.

2. 2.

   Open a Web browser, and in the address line, type the IP address or host name of the printer exactly as it displays on the printer control panel. Press the Enter key on the computer keyboard. The EWS opens.

   

   

   NOTE:If the Web browser displays a message indicating that accessing the website might not be safe, select the option to continue to the website. Accessing this website will not harm the computer.

   

The Access Control sign-in methods can be enabled for the printer, but only one can be the default sign-in method. If more than one method is enabled, access the non-default method from the printer control panel by touching Sign In, and then touch Advanced .

Sign-in methods

• •

  Windows

• •

  LDAP

• •

  Installed third-party sign-in solutions – See the documentation that came with the third-party solution for information about setting up that sign-in method.

This section provides information about the following topics:

• Windows sign-in setup
• LDAP sign-in setup

1. 1.

   Using the EWS top navigation tabs, click Security.

2. 2.

   In the left navigation pane, click Access Control.

3. 3.

   To configure the Windows sign-in method, click the Setup link for this method on the Access Control page.

4. 4.

   Select the Enable Windows Sign In (Kerberos and NTLM) check box.

5. 5.

   Add Windows domains to be recognized by the printer:

   1. a.

      Enter the FQDN or IP address in the Trusted Domains field.

      Enter the fully-qualified host name or an IP address in dotted-decimal notation.

      

      NOTE:If DNS settings are not set appropriately, a fully-qualified domain name might be required.

   2. b.

      Click Add.

      By default, the first domain added to the trusted domain list is automatically selected as the Default Windows Domain. If other trusted domains have been added, they can be selected as the default domain in the Default Windows Domain field.

6. 6.

   Verify the match and retrieval default attributes and update if necessary.

   

   NOTE:The Enable reverse DNS lookups option is selected by default. Use a secure connection (SSL) is disabled by default.

   Match and retrieve attribute fields

   • •

     Match the name entered with this attribute: The sAMAccountName attribute is entered by default. This attribute retrieves the Windows Active Directory account name to verify the user names.

   • •

     Retrieve the user's e-mail address using this attribute: The mail attribute is entered by default and is the recommended attribute. This attribute retrieves the Windows Active Directory user's email address to pre-populate address fields as appropriate.

   • •

     Retrieve the device user's name using this attribute: The displayName attribute is entered by default. This attribute retrieves the Windows Active Directory display name.

7. 7.

   To verify that the sign-in method is working correctly, enter a valid Username and Password in the Test Windows Sign in area, and then click Test.

8. 8.

   At the bottom of the page, click OK to save the settings.

1. 1.

   Using the EWS top navigation tabs, click Security.

2. 2.

   In the left navigation pane, click Access Control.

3. 3.

   To enable the LDAP sign-in method, click the Setup link for this method on the Access Control page.

4. 4.

   Select the Enable LDAP Sign In check box in the Setup area.

5. 5.

   Enter an LDAP address in the LDAP Server Address field. The address can be a fully-qualified host name or an IP address in dotted-decimal notation.

6. 6.

   Select Use a secure connection (SSL) to use SSL when connecting, and then enter the port number on the LDAP server in the Port field.

   

   NOTE:When using TSL or SSL, port 636 is used by default.

7. 7.

   Specify the authentication requirements in the Server Authentication Requirements area.

   1. a.

      Select Use Device User's Credentials, and then enter the Bind Prefix.

   2. b.

      Select Use LDAP Administrator's Credentials, and then enter values in the LDAP Administrator's DN and Password fields.

8. 8.

   In the LDAP Database Search Settings area, enter the Bind and Search Root, and then click Add.

9. 9.

   Verify the match and retrieval default attributes and update if necessary.

   Match and retrieve attribute fields:

   • •

     Match the name entered with this attribute: Enter the name of an attribute

   • •

     Retrieve the user e-mail address using this attribute: Enter the name of an attribute

   • •

     Retrieve the device user's name using this attribute: Enter the name of an attribute

   • •

     Retrieve the device user's group using this attribute: The objectClass attribute is entered by default

     

     NOTE:The Exact match on Group attribute option is selected by default.

10. 10.

    To verify that the sign-in method is working correctly, enter a valid Username and Password in the Test LDAP Sign In area, and then click Test.

11. 11.

    At the bottom of the page, click OK to save the settings.

The following instructions provide information on how to configure access restrictions for user types, access types, and sign-in methods.

1. 1.

   Determine the appropriate level of Guest access in the Device Guest column.

   • •

     Access Granted: Allows a Device Guest to use the specified print feature without signing in

   • •

     Requires Sign In: Requires a Device Guest to sign in to use the specified print feature

   1. a.

      Disable all print features by clicking the check box under Device Guest. The check boxes are now set to Requires Sign In to use the print features.

      OR

   2. b.

      To disable a specific print feature, click the check box to the right of the feature in the Device Guest column. The print feature is now set to Requires Sign In to use the feature.

2. 2.

   Determine the level of access for a Device User.

   • •

     Full Access: Allows a Device User to use the specified print feature without signing in

   • •

     Access Denied: Requires a Device User to sign in to use the specified print feature

   1. a.

      Disable all print features by clicking the check box under Device User. The check boxes are now set to Access Denied. If a print feature is set to Access Denied in the Device User column, the access in the Device Guest column automatically changes to Requires Sign In.

   2. b.

      To disable a specific print feature, click the check box to the right of the feature in the Device User column. The print feature is now set to Access Denied. If a print feature is set to Access Denied in the Device User column, the access in the Device Guest column automatically changes to Requires Sign In.

3. 3.

   Determine the Sign In Method for print features for walk-up users at the printer’s control panel.

   

   NOTE:By default, the Sign In Method is set as Local Device; however, this does not require sign in to use a print feature unless the sign-in method is changed for the specific print feature from Use Default to Local Device.

4. 4.

   To require users to use the sign-in method set for each print feature, do not check the check box for Allow users to choose alternate sign-in methods.

In the Job Status and Screen Behavior area, configure an automatic sign out from the printer.

1. 1.

   Click the Automatically sign out check box, and click the radio button for either Sign out immediately when job starts or Sign out after 10 seconds with option to stay signed in.

2. 2.

   Under Default Retain Settings Behavior, select the job types to retain settings by clicking the following check boxes:

   • •

     Copy

   • •

     Digital Send

   • •

     Fax

In the Relationships Between Network Users or Groups and Device Permissions area, configure the default permission set type for Windows or LDAP sign-in methods.

1. 1.

   Set the default permissions for all users and groups by clicking the drop-down lists for LDAP and Windows, and select the appropriate option.

2. 2.

   If specific users or groups need different permissions from the default permissions, click New.... The New User or Group to Permission Set Relationship page opens.

   1. a.

      From the User or Group drop-down list, select either User or Group.

   2. b.

      Using the Permission Set drop-down list, select either Device Administrator or Device User.

   3. c.

      From the Sign In Method drop-down list, either LDAP or Windows.

   4. d.

      In the Network User or Group Name field, enter a user or group name.

   5. e.

      Click OK.

In the Device User Accounts area, set up individual Device User Accounts that use an Access Code for the Local Device sign-in method.

1. 1.

   From the Default Permission Set for new accounts drop-down list, select either Device Administrator or Device User.

2. 2.

   Click New... to create a new Device User Account, and enter the following information:

   • •

     Display Name: Enter a Device User Account name

   • •

     E-mail Address: Enter the user e-mail address

   • •

     Network Name: Enter the network name

   • •

     Access Code: Use this generated Access Code or assign a new code

   • •

     Permission Set: From the drop-down list, select either Device Administrator or Device User

3. 3.

   Click OK.

On the Access Control page, review the selected settings, and then click Apply to complete the setup.