Xerox multifunction printers built on ConnectKey
The following multifunction printers built on ConnectKey™ have been already certified.
WorkCentre® 5845/5855/5865/5875/5890
WorkCentre® 7200 Series
WorkCentre® 7800 Series
WorkCentre® 7970
ColorQube® 8700/8900
ColorQube® 9300 Series (FW 071.180.203.05401+)
This manual was created based on Xerox WorkCentre 7835 and should be applicable to most MFPs built on ConnectKey™, although slight differences may occur.
Before installation of YSoft SafeQ Embedded Terminal
Time settings
Go to the Properties tab > General Setup > Date and Time.
Make sure to set the time to match the YSoft SafeQ server time or specify automatic time configuration via NTP server.
FTP mode
Go to the Properties tab > Connectivity > Setup. Click Edit in the FTP/SFTP Filling row, and then set the Mode to Active.
Include username with validation request
Go to the Properties tab > Services > Workflow Scanning > Validation Options. Enable the Include User Name with validation request option.
Scan services for scanning with workflows
You will need to enable Scan Template management in device configuration for scanning with workflows later.
Go to the Properties tab > Services > Printing > Printing Web Services and then enable the options Scan Template Management and Scan Extensions. Also make sure that Xerox Secure Access and Authentication & Authorization Configuration are enabled:
You might also want to check that the Confirmation Sheets for Scanning Workflows are set to print only in case of an error. Otherwise, there might be a page printed every time someone uses the Scan option in YSoft SafeQ terminal.
Go to the Properties tab > Services > Workflow Scanning > General Settings. Set Confirmation Sheet to Errors Only.
SNMP settings
Go to the Properties tab > Connectivity > Setup. Click Edit in the SNMP row, and then enable the option Enable SNMP v1/v2c Protocols.
On the same page click Edit SNMP v1/v2c Properties. Set the Community Name (Read / Write) accordingly:
Proceed with the MFP installation in SafeQ to complete the installation of YSoft SafeQ Embedded Terminal. Check the installation status and installation steps.
If there are some warnings present during the installation, you will need to do some further settings of the MFP based on the messages you see. In that case the following information should help you with configuration of your Xerox MFP.
After installation of YSoft SafeQ Embedded Terminal
These settings are necessary only if requested by the Embedded Terminal installation or if some customization of configuration is requested.
Accounting workflows, User Accounting Prompts, Validation for Accounting Codes
Go to the Properties tab > Login/ Permissions/ Accounting > Accounting methods
Then, you have to configure the Accounting workflows, User Accounting Prompts and Validation for Accounting Codes. Click the respective Edit buttons.
Accounting Workflows:
Please note note that there are two possible configurations depending on selected features. When payments are used, Pre-Authorization and Capture Usage has to be used. In other cases, Capture Usage has to be used. (Please note, that without payments, the Pre-Authorization will cause a malfunction. For example, selecting copy function and starting copying will do the scanning part of the process but then MFP will wait for user verification).
Payments are used.
Standard configuration.
User Accounting Prompts:
Validation for Accounting Codes:
Extensible Service Browser
Go to the Properties tab > General Setup > Extensible Service Setup. Enable the Extensible Services Browser option and Export password to Extensible Services option.
Xerox Secure Access
Properties tab > Services > Printing > Printing Web Services. Enable the Xerox Secure Access option.
User Permissions Roles
Go to the Properties tab > Login / Permissions / Accounting > User Permissions. In the User Permissions Roles row click Edit.
On the Non-Logged-In Users tab click Edit to edit Non-Logged-In User role.
If you use device authentication mode To device, on the Services & Tools tab check that the Role State of the Services Pathway is set to Not Allowed.
You can configure Machine Status Pathway and Job Status Pathway locks freely.
If you use device authentication mode To each application, set the options accordingly. Note that for some WorkCentre models, it is necessary to use only Per application settings for proper functionality.
Convenience Authentication
Go to the Properties tab > Login/ Permissions/ Accounting > Login Methods. Then click Edit next to Convenience Authentication Setup.
On Convenience Authentication Setup page, check that Accounting Information are applied automatically. It can be modified by selecting Automatically apply Accounting Codes from the server.
Job Limits
To enable Job Limits service, go to the Properties tab > Services > Printing > Printing Web Services and select the check box for Job Limits. Click Apply.
To proper function of native scan to email (E-mail application) on MFP
you need to disable possibility to change "From" address.
Go to the Properties tab > Services > Email > Setup. Then click Edit next to From Field.
Fill in Default From Address and set Yes next to Always use Default From Address.
Card Reader Policies
Its function is to determine whether a USB card reader needs to be plugged in for authentication to take place. For example, if this is set to yes and there is no USB Card Reader attached, you can not use pin only authentication.
Go to the Properties tab > Login/Permissions/Accounting > Login methods
Creating color copy rule
Color copy restriction rules documented below are used only when property XeroxAccessDefinitionMethod is set to LDAP and property enableXeroxAccessDefinition is set to Enabled. Rules for application restriction are created during SafeQ installation.
Go to Properties > Login/Permissions/Accounting > User Permissions and then edit User Permission Roles. Then change tab to Logged-In User and click on button Make Your Own Permission Roles.
Fill role name (e.g. copycolor) and press Create
In tab Assign Groups to Role into Find / Add Groups input copycolor and press Add. In list of Assigned Groups should be visible item copycolor.
Inserted group name in this step has to be set to copycolor.
In tab choose Services & tools and then set all applications except Copy and ID Card Copy to Not Allowed. Copy and ID Card Copy should be set to Allowed if not.
Press Apply and then Close
Install Certificate Authority certificate
Go to Properties > Security > Certificates > Security Certificates.
Select tab Root/Intermediate Trusted Certificate(s).
Press Install Certificate.
Choose a certificate file path. Enter decryption password. Press Next and follow instructions to complete installation process.
Secured LDAP
By default secured LDAP (without server certificate validation) is configured during installation of the device. You can disable it by enabling property internalLdapAllowNonsecureProtocol and manually disable secured LDAP on device. But you can allow an attacker to bypass access restrictions for operations on Xerox devices.
Enable server certificate validation for secured LDAP
Issuer of server certificate (CA certificate) has to be uploaded at first.
Go to Properties > Login/Permissions/Accounting > Login Methods. and edit LDAP Servers.
Press Edit... on selected LDAP server.
Scroll to section Secure LDAP Connection.
Enable Secure Connection (LDAPS)
Enable Validate Server Certificate (trusted, not expired, correct FQDN).
Select issuer of the server certificate from dropdown menu Root/Intermediate Trusted Certificates.
LDAP server certificate is the same which is configured in Terminal Server for secured connection with devices. Follow these instructions Selecting certificate of Terminal Server.
4. Press Apply.
Some devices need reboot. If notification appears on the screen then press OK.