New Policy

By pressing the NewButton button on the top of the screen, a new policy can be created. The same dialog is displayed when editing policies from the list.

The left hand side menu shows the available settings section. Settings are displayed according the current installation and current license.

General

Name
The distinguish name of this policy which will be displayed anywhere the policy can be used.

Description
Enter a distinguish personal description for your policy, the description is not shown anywhere.

Assignments

Assignments section controls the objects to which the current policy is assigned, hence it is enforced.

Clients

In this section you can define to which clients the current policy will apply, based on its order within other policies which matches the same clients.

Apply to all
If enabled it will automatically enforce the policy to all configured clients, otherwise a selection of the clients will be displayed.

Selected clients
The list of available configured clients is loaded. Single or multiple clients may be selected with the checkbox at the left hand side of each row. Otherwise the full group can be selected with the same checkbox next to the group row.

When a group is selected also all new clients created or moved inside will be enforcing the policy.

Users

In this section you can define to which users the current policy will apply, based on its order within other policies which matches the same users.

Apply to all
If enabled it will automatically enforce the policy to all configured users, otherwise a selection of the users will be displayed.

Selected users
The list of available Scanshare configured users is loaded (no external users is displayed here). Single or multiple users may be selected with the checkbox at the left hand side of each row. Otherwise the full group can be selected with the same checkbox next to the group row.

When a group is selected also all new users created or moved inside will be enforcing the policy.

User Single Sign On

In this section you can define to which User Single Sign On profiles the current policy will apply, based on its order within other policies which matches the same profiles.

Apply to all
If enabled it will automatically enforce the policy to all configured User Single Sign On profiles, otherwise a selection of the profiles will be displayed.

Selected profiles
The list of available configured User Single Sign On profiles is loaded. Single or multiple profiles may be selected with the checkbox at the left hand side of each row.

Assigning a policy to a User Signe On profile means that all logged in user under that profile will be enforcing the policy.

Accounting

Accounting section controls managed central settings for the Accounting module independently from the used client.

Authentication

In this section you can define which settings applies when authentication is used on the embedded clients. Since part of the Accounting module settings are used for clients with Complete Device Authentication enabled.

Enable Username & Password
If enabled the authentication application will display controls to enter username and password which will be validated as a general User authentication (Users and Single Sign On profiles).

Enable ID
If enabled the authentication application will render the username field as User ID field as well and login can be performed by entering manually the ID of the users. ID’s can be the assigned Card ID’s or manually numeric ID’s assigned to the users.

Request PIN (for User ID authentication)
If enabled the authentication application will require the PIN for validation when a valid User ID is provided, otherwise only the User ID will validate and authenticate the user. PIN’s can be assigned automatically via User Single On or manually via User settings.

Enabled Card
If enabled the authentication application will accept Cards to perform login, a Card logo is rendered on the screen to show that cards are accepted.

Cards are pre-registered and assigned to every user. Behavior of registration and unknown cards is given by the next settings below.

Warning

Make sure you have correctly configured a Card reader on the used device.

Allow card self registration (for Card authentication)
If enabled and a unknown card is badged on the card reader the authentication application will show an error message and request to login with a valid user account (full username and password) to self register the used card to that user account, if login successfully.

When disabled a unknown card will just not make any action and a login error might appear on certain devices.

Allow login after registration (for Card authentication)
If enabled it will auto login automatically after a new card is registered to a valid authenticated user. The option works in combination of Allow card self registration previous one otherwise it has no action.

When disabled and a new card is self registered the authentication application will return to the default login screen.

Billing

In this section you can define which settings applies when authentication is used and jobs are executed on the embedded clients. Since part of the Accounting module settings are used for clients with Complete Device Authentication enabled.

Info

Jobs Billing applies automatically for enabled clients based on the policy assignment, to disabled it set the Billing Type to None for all (default policy) or the target clients.

Default credit
Enter the default credit, intended in the specified Currency, for all new users which will use for the first time the Accounting module.

The default credit is applied to the new user the first time the user will login through the Scanshare Authentication embedded application.

Type
Select the type of billing strategy to use for the current policy. Available options are:

  • None: no billing is applied for the clients / users assigned by this policy. All jobs are only tracked but not billed and no jobs will be forbidden.
  • Basic: basic billing is applied for the clients / users assigned by this policy. A standard unique defined price is applied to all jobs no matter which type or properties they have.
  • Standard: standard pricelist billing is applied for the clients / users assigned by this policy. Jobs are billed according the specified pricelist based on their type and / or their properties.1
  • Quote: billing is applied for the clients / users assigned by this policy based on quotes rather than credit. The default credit is intended as quotes (clicks) and jobs are accounted according the defined quotes (clicks) for each job type / properties.

Based on the selected type available settings will change.

When a billing type different than None is specified jobs are forbidden if the current user has no enough credit / quotes left to cover the current job, according the selected type / pricing.

Currency
Select the target currency in which credits and prices are expressed.

Available currencies are: AED, AUD, BRL, CAD, CHF, CLP, CNY, COP, CZK, DKK, EUR, GBP, HKD, HUF, IDR, ILS, JPY, KRW, MXN, MYR, NOK, NZD, PHP, PLN, RON, RUB, SAR, SGD, THB, TRY, TWD, USD, ZAR.

Info

Currency is for reporting expression purpose only but it doesn’t affect the prices.

Example: credit of 20 could be 20 EUR or 20 USD and a billing of 0.1 EUR or 0.1 USD will not make differences on the final credit.

Basic

Cost per page
Enter the cost per page to bill for every type of job performed by any user and / or clients assigned by this policy.

Standard

Scan cost
Enter the cost to bill for every scan job performed by any user and / or clients assigned by this policy.

Cost per page
If enabled the Scan cost is calculated per page, otherwise per job.

Fax cost
Enter the cost to bill for every fax job performed by any user and / or clients assigned by this policy.

Cost per page
If enabled the Fax cost is calculated per page, otherwise per job.

Costs table
Define rules to bill for every print / copy job performed by any user and / or clients assigned by this policy.

Info

At the moment only one single rule is allowed with Default size.

For every rule you can customize the following settings:

  • Size: the paper size to which this rule applies.
  • Black: the cost to bill print / copy jobs done in black and white on single page.
  • Black (duplex): the cost to bill print / copy jobs done in black and white in duplex mode.
  • Grayscale: the cost to bill print / copy jobs done in grayscale, where supported, on single page.
  • Grayscale (duplex): the cost to bill print / copy jobs done in grayscale, where supported, in duplex mode.
  • Color: the cost to bill print / copy jobs done in color on single page.
  • Color (duplex): the cost to bill print / copy jobs done in color in duplex mode.

When a paper size is not defined it falls into the Default paper size.

Info

Default paper size rule cannot be removed.

Quote

Quotes table
Define rules to bill for every print / copy job performed by any user and / or clients assigned by this policy.

Info

At the moment only one single rule is allowed with Default size.

Rules define the quote (clicks) to bill for every type of job, they are per page and in case of duplex jobs they apply x 2.

For every rule you can customize the following settings:

  • Size: the paper size to which this rule applies.
  • Black: the quote (click) to bill print / copy jobs done in black and white.
  • Grayscale: the quote (click) to bill print / copy jobs done in grayscale, where supported, on single page.
  • Color: the quote (click) to bill print / copy jobs done in color on single page.

When a paper size is not defined it falls into the Default paper size.

Info

Default paper size rule cannot be removed.

Printing

In this section you can define which settings applies when pull print is used on the embedded clients. Since part of the Accounting module settings are used for clients with Complete Device Authentication enabled.

User preferences

Show preferences on print
If enabled will allow customization of the print preferences anywhere it is possible. When disabled jobs will use automatically policy pre-defined / default printing settings.

Default printer profile
Select the printer profile to use for any user / client assigned by this policy. The selected printer profile will be applying in both Desktop Print Client (or Extension) and Embedded Pull-Print Client. The printer profile gives the available printing options available (e.g. based on the target device brand / type).

Available profiles are:

  • HP
  • Konica Minolta
  • Toshiba

Client preferences

Finishing on Client
If enabled will allow customization of the print preferences on the embedded pull print client at the time of the job release. When disabled jobs will use automatically policy pre-defined / default / print customized printing settings.

Warning

When this option is enabled the printing preferences on the pull print clients may override the job preferences.

Delete job on print
If enabled a successfully released (printed) job will be automatically deleted, otherwise not.

Auto delete interval (h)
Specify the interval time within the printed job needs to be automatically deleted. Default interval is 8, the value is expressed in hours since the time of printing.

This setting works independently from the Delete job on print previous setting and it occurs also if the job hasn’t been released but the interval elapsed. If manually set the value to 0 the job won’t be automatically deleted.

Rules table
Define rules to control printing preferences / actions for every print job performed by any user and / or clients assigned by this policy.

Use the Add rule button to add a new rule in the list, use instead the red cross button to delete an existing rule.

For every rule you can customize the following settings:

  • Rule
  • Type
  • Action
  • Value

Available Rules are:

Info

At the moment only Job rules are used.

  • Application: the rule matches the printing / pull printing application.
  • Document: the rule matches document properties.
  • Job: the rule matches job properties.
  • User: the rule matches printing user properties.

Based on the rule selection rule Type selection changes.

Available options for Application rule are:

  • Name: the rule checks the name of the printing / pull printing application.

Available options for Document rule are:

  • JPEG: the rule checks the source document matches a format type of JPEG.
  • Other: the rule checks the source document matches the target specified format type(s).
  • PDF: the rule checks the source document matches a format type of PDF.
  • TIFF: the rule checks the source document matches a format type of TIFF.

Available options for Job rule are:

  • Collate: the rule checks if the job Collate options matches the target action / value.
  • Color: the rule checks if the job Color options matches the target action / value.
  • Copies: the rule checks if the number of Copies of the job matches the target action / value.
  • Duplex: the rule checks if the job Duplex options matches the target action / value.
  • FitToPage: the rule checks if the job Fit To Page options matches the target action / value.
  • Fold: the rule checks if the job Fold options matches the target action / value.
  • HolePunch: the rule checks if the job Hole Punch options matches the target action / value.
  • Pages: the rule checks if the number of Pages of the job options matches the target action / value.
  • PaperOutput: the rule checks if the job Paper Output options matches the target action / value.
  • PaperType: the rule checks if the job Paper Type options matches the target action / value.
  • PaperWeight: the rule checks if the job Paper Weight options matches the target action / value.
  • Size: the rule checks if the job Size options matches the target action / value.
  • Sort: the rule checks if the job Sorting options matches the target action / value.
  • Source: the rule checks if the job Source options matches the target action / value.
  • Staple: the rule checks if the job Staple options matches the target action / value.
  • TrayPerPage: the rule checks if the job Tray selection per page matches the target action / value.
  • Type: the rule checks if the job Type options matches the target action / value.

Available options for User rule are:

  • Group: the rule checks the printing user is part of the target specified Group(s).
  • SSO: the rule checks the printing user is part of the target specified User Single Sign On profile(s) / domain(s).
  • User: the rule checks the printing user matches the target specified User(s)

Available rule Actions are:

  • Block: restrict the current rule type against the specified option(s) within the Value field.
  • Lock: lock the current rule type against the specified option(s) within the Value field.
Warning

Policy Block and Lock Job rules take priority over job user printer preferences.

Value
Enter the value to use in the selected rule. Based on the rule and its type and based on the selected action the field may propose a single (in case of Lock) or multiple (in case of Block) selection between the allowed values for the current rule type.

Info

Rules are parsed in the order they appear, a subsequent rule may override or restrict even more a specific rule type if added multiple times with different values.

Clients

Clients section controls managed central settings for each embedded client platform, where available, used in administration, management or general function behavior operations.

HP

Admin username
Customize the default MFP administrator username.

Admin password
Customize the default MFP administrator password.

Use device login
Instructs the embedded client if using silent and automatic installation by using the device logged in user (if any).

Kyocera / Olivetti

Admin username
Customize the default MFP administrator username.

Admin password
Customize the default MFP administrator password.

Web client
Here you can select which client you want to install / use (if automatic installation is supported), webclient (ON) or embedded client (OFF).

Use device login
Instructs the embedded client if using silent and automatic installation by using the device logged in user (if any).

Function Limitation

This section controls which device functions should be allowed after user login when Complete Device Authentication is enabled.

Allow copy
If enabled device copy function is allowed.

Allow print
If enabled printing function is allowed.

Allow scan
If enabled device scan function is allowed.

Allow fax
If enabled device fax function is allowed.

Allow color print
If enabled color printing function is allowed.

Allow b&w print
If enabled black and white printing function is allowed.

Allow color copy
If enabled color device copy function is allowed.

Allow b&w copy
If enabled black and white device copy function is allowed.

OpenAPI

Button name
Customize the default embedded client button name on the device panel. Leave empty for the default naming.

Machine password
Customize the default MFP administrator password.

Web client
Here you can select which client you want to install / use (if automatic installation is supported), webclient (ON) or embedded client (OFF).

Pull print
Here you can select if the pull print embedded client needs to be enabled as well for the current MFP. The option is visible only if Accountin is available in the current license. Pull print embedded client will be automatically pushed at the time of Saving settings or when using Push & Update.

Use device login
Instructs the embedded client if using silent and automatic installation by using the device logged in user (if any).

Authentication function version
Customize authentication OpenAPI function version if needed. Leave default for automatic selection: highest MFP supported version.

Pull Print function version
Customize Pull Print OpenAPI function version if needed. Leave default for automatic selection: highest MFP supported version.

Setup function version
Customize Setup OpenAPI function version if needed. Leave default for automatic selection: highest MFP supported version.

Scan function version
Customize Scan OpenAPI function version if needed. Leave default for automatic selection: highest MFP supported version.

Function Limitation

This section controls which device functions should be allowed after user login when Complete Device Authentication is enabled.

Allow copy
If enabled device copy function is allowed.

Allow print
If enabled printing function is allowed.

Allow print without authentication
If enabled guest (without authentication) printing function is allowed.

Allow scan
If enabled device scan function is allowed.

Allow fax
If enabled device fax function is allowed.

Allow box
If enabled device box function is allowed.

Allow print send
If enabled device print send function is allowed.

Allow scan to USB
If enabled device scanning to USB function is allowed.

Allow color print
If enabled color printing function is allowed.

Allow color send
If enabled device color sending function is allowed.

Ricoh

Admin username
Customize the default MFP administrator username.

Admin password
Customize the default MFP administrator password.

Use device login
Instructs the embedded client if using silent and automatic installation by using the device logged in user (if any).

Samsung

Admin username
Customize the default MFP administrator username.

Admin password
Customize the default MFP administrator password.

Web client
Here you can select which client you want to install / use (if automatic installation is supported), webclient (ON) or embedded client (OFF). The setting is exclusive with the Smart UX selection.

Smart UX
Here you can select if a Smart UX client version is used. The setting is exclusive with the Web Client selection.

Sharp

Use device login
Instructs the embedded client if using silent and automatic installation by using the device logged in user (if any).

Toshiba / OKI

Machine username
Customize the default MFP administrator username.

Machine password
Customize the default MFP administrator password.

Use device login
Instructs the embedded client if using silent and automatic installation by using the device logged in user (if any).

Function Limitation

This section controls which device functions should be allowed after user login when Complete Device Authentication is enabled.

Allow copy
If enabled device copy function is allowed.

Allow print
If enabled printing function is allowed.

Allow scan
If enabled device scan function is allowed.

Allow fax
If enabled device fax function is allowed.

Allow EWB
If enabled device EWB function is allowed.

Allow list
If enabled device list function is allowed.

Allow user func
If enabled device user function is allowed.

Allow USB direct print
If enabled USB direct printing function is allowed.

Xerox

Machine password
Customize the default MFP administrator password.

Info

Administrator credentials are used for any administrative communication operations are required to be done with the target device, such as embedded client automatic installation or device authentication enablement where supported.

Info

When administrator credentials, where available, are left empty, default device administrator username / password are used.

Info

Client Type checkboxes such as Web Client, where available, are used only for the automatic embedded client installation at the time of Saving settings or Push & Update function, if supported and available for the selected MFP / type.

Info

Administrator credentials are used for any administrative communication operations are required to be done with the target device, such as embedded client automatic installation or device authentication enablement where supported.

Info

When administrator credentials, where available, are left empty, default device administrator username / password are used.

Info

Client Type checkboxes such as Web Client, where available, are used only for the automatic embedded client installation at the time of Saving settings or Push & Update function, if supported and available for the selected MFP / type.

Info

Use Device Login option, where available, supposes that the logged in use on the device which is used for automatic silent authentication is available on the Scanshare server by either a standalone user or part of any SSO profile otherwise authentication will not work (reported in the network logs) and Use Device Login will not produce any effect.

Previous Article

Dashboard