How to use Ricoh AAA authentication for single sign on with ShareScan 5.x and Equitrac Office and Equitrac Express with Ricoh PCC 4.
Customer wants to achieve single sign on (SSO) with Equitrac using Ricoh PCC 4 and ShareScan Embedded for Ricoh ESA. Below is an alternative method used to achieve SSO without using the Cost Recovery protocol. Please note that this solution does not track scans.
As an alternative to using Cost Recovery (or Authentication Extender) in ShareScan and the embedded eCopy entry in Equitrac, Ricoh devices are able to share authentication information through the device. To create this workflow, select the following options:
- Ricoh MFP must be set to use static IP addresses. Ricoh has advised that using DHCP or dynamic DNS is not supported, as unreliable and inconsistent results may occur.
- In ShareScan Administration Console -> Devices -> Scanner settings -> Ricoh authentication method -> AAA (radio button)
- In the Equitrac PCC Remote Administration webpage enable the option for Ricoh AAA authentication (*) .
- Cost Recovery (or Authentication Extender) must be disabled.
- Enable Session Logon (if not already enabled)
- Set Session Logon -> Authentication method to 'Bypass authentication (authenticate user)'
- Login to ShareScan using your network credentials at least once to ensure that your credentials are securely cached.
(*) Ricoh AAA can be enabled through the Advanced configuration setting of PCC through the MFP UI in A3 class MFPs. A4 class MFPs with smaller Operation Panels must use the Remote Administration Tool page.
AAA failures have been reported when the MFP is set to DHCP. Ricoh has advised that the MFP must be set to use a Static IP address for this to work reliably.