Xerox® Security Guide for Office Class Products: AltaLink®
VersaLink®
November 2018
Page 28
Some examples of third party convenience authentication providers include:
Pharos print management solutions:
https://pharos.com/
YSoft SafeQ:
https://www.ysoft.com/en
Contact your Xerox sales representative for details and other options.
Simple Authentication (non-secure)
Simple authentication is mentioned here for completeness. It is intended for environments where
authentication is not required. It is used for customization only. When in this mode, users are not
required to enter a password. (The device administrator account always requires a password).
Authorization (Role Based Access Controls)
AltaLink® and VersaLink® products offer granular control of user permissions. Users can be assigned to
pre-defined roles or customers may design highly flexible custom permissions. A user must be
authenticated before being authorized to use the services of the product. Authorization ACLs (Access
Control Lists) are stored in the local user database. Authorization privileges (referred to as permissions)
can be assigned on a per user or group basis.
Please note that Xerox products are designed to be customizable and support various workflows as well
as security needs. User permissions include security-related permissions and non-security related
workflow permissions (e.g. walkup user options, copy, scan, paper selection, etc.). Only security-related
permissions are discussed here.
Remote Access
Without RBAC permissions defined basic information such as Model, Serial number, and Software
Version can be viewed by unauthenticated users. This can be disabled by restricting access to the
device website pages for non-logged-in users.
By default, users are allowed to view basic status and support related information, however they are
restricted from accessing device configuration settings. Permission to view this information can be
disallowed.
Local Access
Without RBAC permissions defined basic information such as Model, Serial number, Software Version, IP
address, and Host Name can be viewed without authentication. This can be disabled by disallowing
access to device settings for unauthenticated.
By default, users are allowed to access the local interface, however they are restricted from accessing
device configuration settings. Roles can be configured to allows granular access to applications,
services, and tools. Users can be also restricted from accessing the local interface completely.