2.1 – imageRUNNER ADVANCE Controller Security
The imageRUNNER ADVANCE series is built upon a new platform that provides powerful
enhancements to security and productivity. The new architecture centers on a new operating system
powered by an embedded version of Linux, which is quickly becoming the most widely adopted
platform for sophisticated devices. The source version used by imageRUNNER ADVANCE devices has
been hardened by removing all unnecessary drivers and services so that only the ones essential to its
operation are included.
2.2 – Authentication
Canon imageRUNNER ADVANCE systems include a number of authentication options which
administrators can use to ensure that only approved walk-up and network-based users can access the
device and its functions, such as print, copy and Scan and Send features. Beyond limiting access to
only authorized users, authentication also provides the ability to control usage of color output, and
total print counts by department or user.
Devic
e-Based Authentication
Department ID Mode
An embedded feature within imageRUNNER ADVANCE systems, the Department ID
Management mode permits administrators to control device access. If Department ID
authentication is enabled, end users are required to enter a password before they are able to
access the device. Up to 1,000 Department IDs can be configured and each can be configured
with device function limitations, such as limiting, printing, copying and access to Advance
Boxes, Mail Boxes and facsimile.
Access to Advanced Boxes, Mail Boxes, and Scan and Send (if applicable) can each be turned
“On” or “Off” from the Limit Functions screen located under Department ID Management.
The settings can be made under Settings / Registration > Management Settings > User
Management > Department ID Management.
Single Sign On (SSO) and SSO Hybrid (SSO-H) Login
Single Sign On (SSO) is a MEAP login service that can be used stand-alone with user data
registered locally on the device or in conjunction with an Active Directory (AD) network
environment. SSO supports the following modes:
• Local Device Authentication – with credentials stored in the device
• Domain Authentication – in this mode, user authentication can be linked to an
Active Directory environment on the network
• Domain Authentication + Local Device Authentication
When used in Domain Authentication mode, a user must successfully authenticate using valid
credentials on the system’s control panel, Remote UI utility, or web browser when accessed via
a network prior to gaining access to any of the device functions.
SSO ships standard with MEAP capable imageRUNNER ADVANCE systems and can support up
to 200 trusted domains plus the users that belong to the same domain as the device.
5
White Paper: Canon imageRUNNER ADVANCE Security
Section 2 — Device Security
