![background image](http://html2.mh-extra.com/html/xerox/workcentre-7755/workcentre-7755_information-manual_4280368018.webp)
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper
18
Ver. 1.01, April 2010
Page
18 of 40
3.
System Access
3.1.
Authentication Model
The authentication model allows for both local and network authentication and authorization. In the local
and network cases, authentication and authorization take place as separate processes: a user must be
authenticated before being authorized to use the services of the device.
If the device is set for local authentication, user account information will be kept in a local accounts
database (see the discussion in Chapter 4 of Xerox Standard Accounting) and the authentication process
will take place locally. The system administrator can assign authorization privileges on a per user basis.
User access to services will be provided based on the privileges set for each user in the local accounts
database. .
When the device is set for network authentication, the user’s network credentials will be used to
authenticate the user at the network domain controller. User’s can be entered into groups created at the
domain controller. At this time support is provided for a System Administrator group. Any user listed in the
System Administrator group will be granted sys admin privileges at the device. Use of network credentials
for system administrator login provides more security than the legacy model based on a sys admin PIN,
allowing for better tracking of sys admin logins by individual users.
Figure 3-1 provides a schematic view of the authentication and authorization subsystem. Use of the local
accounts database or the network can be set independently for both authentication and authorization,
meaning that it is possible to enable network authentication and local authorization, or vice versa. Usually
the device will be set for both authentication and authorization to take place against the same database,
either local or network.