Xerox VersaLink EIP Configuration


This manual was created based on Xerox VersaLink C405DN and should be applicable to most VersaLink MFDs, although slight differences may occur.


Before installation of YSoft SafeQ Embedded Terminal

Change Administrator password

For the older printer models, go to Permissions > Login/Logout Settings press the Change Password button, and insert a new administrator password.

image2017-6-7 13:24:55.png

image2017-6-7 13:28:54.png

For the newer printer models, go to Properties > Security > Password Policies > Admin Password and change the administrator password.

image-2024-5-27_16-19-56.png

Log in as admin for the next steps.

Disable Automatic print of Startup Page

Automatic print of Startup Page can block device installation. Then some installation steps fail.

Go to System > Defaults and Policies and click on Startup Page.

image2017-6-8 11:34:28.png

In the new window, choose Do Not Auto Print.

image2017-6-8 11:36:21.png

Enable HTTPS, SOAP, and WSD

For the older printer models, go to Connectivity then choose HTTP from the list of protocols and enable HTTPS, SOAP, and WSD.

image2019-2-8_17-6-43.png

HTTP configuration:

image2019-2-8_17-4-40.png

SOAP configuration:

image2019-2-8_17-3-25.png

WSD configuration:

image2019-2-8_17-2-46.png  

For the newer printer models, go to Connectivity > Setup then choose HTTP and WSD from the list of protocols.

image-2024-5-28_13-56-21.png

SNMPv3

For the older printer models, go to Connectivity then choose SNMP from the list of protocols. A new window will appear and then click on SNMPv3.

image2017-3-30 13:56:54.png

Enable SNMPv3 and System Administrator Account. Enter Authentication Password and Encryption password used in your organization.

image2017-3-30 14:5:16.png

For the newer printer models, go to Connectivity > setup then choose SNMP from the list of protocols. A new window will appear and then enable SNMPv3.

image-2024-5-28_14-3-12.png

Then edit SNMP v3 Properties. Enable System Administrator Account and fill Authentication Password and Encryption password used in your organization.

image-2024-5-28_14-6-44.png

The same Authentication Password and Encryption password have to be used in device configuration in YSoft SafeQ.

image2017-9-12 13:46:37.png

EIP Settings

For the older printer models, go to the Apps  > EIP Settings and enable Export password to EIP Apps.

image2017-3-30 12:19:47.png

For the newer printer models, go to the General Setup  > Extensible Service Setup and enable Export password to Extensible services.

image-2024-5-28_14-16-48.png

USB Card Reader

For the older printer models, you will need to enable Plug-in feature in System > Plug-in Settings. Also, enable Authentication on Registration. Restart device will be necessary - press Restart Now.

Please note that you can obtain the plug-in from Xerox, Y Soft Group has no rights to its distribution.

image2017-3-30 13-46-39.png

After restart, open the same window (System > Plug-in Settings) and press the Add button.

image2017-3-30 13:31:28.png

Choose the path to file with the plug-in and upload it to the printer.

image2017-3-30 13-33-27.jpg

After plugin installation, the restart of the device is needed.

image2017-3-30 13-53-22.png

Successful plugin installation and activation can be verified in System > Plug-in Settings in the Status column.

image2017-3-30 13:41:40.png

Proceed with the MFD installation in YSoft SafeQ to complete the installation of YSoft SafeQ Embedded Terminal. Check the installation status and installation steps.


If there are some warnings present during the installation, you will need to do some further settings based on the messages.

How to enable Job Management API in the MFD

For the older printer models, the option is available in Apps > EIP Settings > EIP Web Services > Job Management Extension.

2.jpg

3.jpg

For the newer printer models, the option is available in General Setup > Extensible Service Setup > Extensible Service Registration.

image-2024-5-28_14-30-7.png

VersaLink does not have an “Allow open access to Job Information” setting. This is enabled by default for localhost calls.


It is important to have the latest software installed in the printer, to avoid any potential problems.

Embedded terminal with PIN only authentication configuration

In case the embedded terminal will use only the PIN authentication method the following configuration is required:

image2020-5-7_8-41-33.png

After installation of YSoft SafeQ Embedded Terminal

These settings are necessary only if requested by the Embedded Terminal installation or if some customization of configuration is requested.

Network Accounting

For the older printer models go to Permissions > Accounting Method and Select Network.

image2017-3-31 10:5:28.png

In the new window Setup LimitsService URL should contain the address of your server and the ID of printer in YSoft SafeQ. In What to Limit section all should be checked.

Pattern of Service URL is https://{ServerIP}:5012/xeroxauthentication/{DeviceId}/JobLimitsAppServer.asmx

image2017-3-31 10:9:58.png

In Tracking Information click on Edit and configure accounting according to the image below.

image2017-3-31 10:7:54.png

For the newer printer models go to Login / Permissions / Accounting > Accounting Methods > Control Panel & Website Login Methods and Select Network Accounting.

image-2024-5-28_16-10-53.png

Click on the Accounting Workflow Edit button and configure accounting according to the image below.

image-2024-5-28_16-14-30.png

In Job Limits Server (Pre-Authorization) fill Server URL.

image-2024-5-28_16-17-23.png

Pattern of Service URL is https://{ServerIP}:5012/xeroxauthentication/{DeviceId}/JobLimitsAppServer.asmx

Fill the User Accounting Prompts screen according to the image below.

image-2024-5-28_16-20-47.png

Lock Guest Access

For the older printer models, go to Permissions and in Guest Access click on Edit > Device User Role.

image2017-3-30 14-16-0.png

In the new window choose the No Access option.

image2017-3-30 14-17-17.png

For the newer printer models go to Login / Permissions / Accounting > User permissions and Edit the User permission roles configuration.

image-2024-5-28_16-35-33.png

Edit Non-Logged-In User and click Disallow all.

image-2024-5-28_16-37-38.png

Install Certificate Authority certificate

For the older printer models, go to System > Security and select Security Certificates.

system

system_security_certificates.png

Select Trusted Root CA Certificates from the dropdown menu and press Import.

security_certificates.png

Press Select to select a certificate from the file system. Enter the decryption password.

import_certificate.png

Press Import to import the certificate to the device.

For the newer printer models, go to Security > Certificates > Security Certificates, select Root/Intermediate Trusted Certificate(s), and press Install certificate.

image-2024-5-28_17-2-5.png

Press Select to select a certificate from the file system. Enter the decryption password if encrypted.

Application and feature (color copy, 1-sided) restrictions

Setup LDAP server

This setup should be done automatically during the installation process.

For the older printer models go to Connectivity > LDAP.

connectivity_LDAP.png

Select LDAP Servers/Directory Services.

LDAP_configuration.png

Fill in IP Address, Port and Search Directory Root. Click OK.

Search Directory Root format: DC=safeq,DC=com.

LDAP_servers.png

For the newer printer models go to Connectivity > Setup > LDAP and press the Edit button.

image-2024-5-28_17-42-27.png

Add a new LDAP server.

image-2024-5-28_17-43-55.png

Fill in IP Address, Port and Search Directory Root. Click Apply.

Search Directory Root format: DC=safeq,DC=com.

image-2024-5-28_17-45-40.png

Enable secured LDAP

You can enable non-secure LDAP communication by enabling the property internalLdapAllowNonsecureProtocol. However, you can allow an attacker to bypass access restrictions for operations on Xerox devices.

For the newer printer models go to System > Security and select SSL/TLS Settings.

system

system_security.png

Enable LDAP - SSL/TLS Communication and Verify Remote Server Certificate. Then click OK.

The certificate authority certificate used to sign the server certificate has to be uploaded to the device for the secured LDAP to work.

system_security_sslsettings.png

For the newer printer models, go to Connectivity > Setup > LDAP and press the Edit button.

image-2024-5-28_17-42-27.png

Edit LDAP configuration.

image-2024-5-29_11-0-54.png

Enable Enable Secure Connection and Validate Server Certificate. Then click Apply.

image-2024-5-29_11-2-10.png

Enable LDAP for roles permissions

Rules documented below are used only when property xeroxAccessDefinitionMethod is set to LDAP and property enableXeroxAccessDefinition is set to Enabled. Rules for application restriction are created during SafeQ installation.

For the older printer models, go to Permissions > Roles and select Setup LDAP Permissions Groups.

permissions_roles.png

Select LDAP and click OK.

permissions_server.png

For the newer printer models, go to Login / Permissions / Accounting > User Permissions and edit Control Panel & Website Login Methods.

image-2024-5-29_13-51-50.png

Select Remotely on the Network using LDAP and save.

image-2024-5-29_13-52-32.png

Add User Role

Create roles with appropriate permissions for all LDAP groups listed here.

copycolor

Rights to use color copy in native copy application.

copy

Rights to use native copy application.

fax

Rights to use native fax application.

notrestricted

Without any restrictions.

sq

Rights to use YSoft SafeQ application (YSoft SafeQ Terminal Application - 1st Gen).

sqbillingcodes

Rights to use YSoft SafeQ Billing Codes application (YSoft SafeQ Terminal Application - 2nd Gen).

sqprint

Rights to use YSoft SafeQ Print application (YSoft SafeQ Terminal Application - 2nd Gen).

sqscan

Rights to use YSoft SafeQ Scan application (YSoft SafeQ Terminal Application - 2nd Gen).


For the older printer models go to Permissions > Roles and select Device User Roles.

permissions_roles.png

Click on Edit for Basic User. Then choose Custom Permissions and press Setup.

image2018-7-9_13-59-2.png

In the Custom permission Setup dialog, set the Access value of each application in the list to Hide.

image2018-7-9_14-1-35.png

Aftercall applications are set to Hide, close the Custom permission Setup dialog and press OK to save changes.

image2018-7-9_14-6-4.png

Click button_plus.png on the right side. Then select Add New Role.

device_user_roles_add.png

Write down any user role name. Select Custom Permissions and then click Setup.

add_new_device_user_role.png

Example of Copy permissions.

copy_permissions.png

copy_permissions_selection.png

Set access value of others application to Hide to properly working application restriction. Allow value should be set only for role where we expect application will be enabled.


For Basic User set all application to Hide.

For the newer printer models, go to Login / Permissions / Accounting > User Permissions and edit User Permission Roles.

image-2024-5-29_14-4-2.png

Switch to Logged-In Users and click on Make Your Own Permission Roles.

image-2024-5-29_14-5-40.png

Fill in the required information and click on Create.

image-2024-5-29_14-8-19.png

Add LDAP Group

For the older printer models, go to Permissions > Roles and select Edit LDAP Groups.

permissions_roles_edit_LDAP_user_groups.png

Click button_plus.png on the right side.

new_ldap_group.png

Fill in the search text and click magnifier.png . Select LDAP group. Click Next.

LDAP server has to be configured to fetch the LDAP groups.

add_ldap_group.png

Select the previously created Device User Role and click Next.

select_device_user_role.png

Select default Printing User Role and click Done.

select_printing_user_role.png

For the newer printer models continue with the role creation or go to Login / Permissions / Accounting > Logged-In users and edit created group.

image-2024-5-29_14-14-28.png

Assign LDAP groups and click on Apply.

image-2024-5-29_14-11-44.png