User Guide

Operation Guide for the Administrator

Tenant Info

You can access this function from Utility under Admin Mode.

Overview

Tenant Info allows you to view tenant information and configure login and other settings for each user or device belonging to the tenant.

Menu Sub-menu Description
Basic Settings You can check the registered tenant information.
You can also change the language of automatic emails sent.
Login Login Settings You can change the login method for this site.
MFA Settings Configure the setting for MFA.
SAML Coordination Settings You can configure the SAML coordination settings.
Password Password Policy You can configure a set of login password policies.
Password Expiration Date Policy You can configure a set of login password expiration date policies.
Device Login Method on Device You can configure a set of the login method on the device to be used by tenant administrators for their tenants.
External Use of RICOH Account SAML ID Provider Settings You can configure an SAML ID provider.
Logs and Licenses Login Logs Displays the login history for all users currently logged in on the tenant
System Operation Logs Displays the system operation log for the tenant being logged in
License Information List You can check a list of the services licensed to the tenant to which the user belongs, with their status.
Customization Header Customization Settings You can customize this site header.

Basic Settings

Allows you to view basic information about the tenant that you belong to and to specify the language to be used for email notification.

Viewing the tenant information

Allows you to view the tenant ID, tenant name, country and region, and the time zone for the tenant that you are currently logged into

Setting Reply Email Language

Allows you to specify the language to be used for email notification automatically sent by the system; initially, the specified language is used for user registration. For the available languages, see Operating Environment.

Login Settings

Allows you to specify a login method to be used for the tenant that you belong to.

Login Method to be Used

You can select the login method as follows:

  • Email Address/Password

  • Tenant ID/User ID/Password

  • Microsoft 365 account

  • SAML

  • All

  • Microsoft 365 are external services. Separately, you need to create an account for these.

  • To use SAML-based login, an account for the external service supporting it is required.

  • "SAML" is displayed only when SAML coordination is set to be enabled. For information about how to enable SAML coordination, see SAML Coordination Settings.

  • If "All" is selected, all of the login methods (Email Address/Password, Tenant ID/User ID/Password, Microsoft 365 account, and SAML) are made available.

  • Initially, this option is set to "All".

    • Forced MFA (Multi Factor Authentication)

    To display "Forced MFA (Multi Factor Authentication)", MFA Settings is enabled on the "Login Settings" screen. Specify whether to forcibly use MFA (multi-factor authentication) at login. If you selected "Active", select the checkbox of a type of user for which MFA (multi-factor authentication) is forced.

    MFA Settings

    Appears when you enable the MFA settings on the "Login Settings" screen.

    Configure the MFA settings to use MFA (multi-factor authentication). MFA can be used to let the user log in or reset their password.

    The user needs to configure an authentication application in the "MFA Settings" of "My Account Settings". For more details, see MFA Settings.

    • MFA can be used to log in with a combination of "Email Address/Password" or "Tenant ID/User ID/Password". To use MFA for login with an external service, configure the MFA settings on the external service.

    MFA Settings

    Enable or disable MFA. Initially, MFA is disabled.

    You can send an email to all users who have not configured an authentication application.

    Click [Send email from here] to send a bulk invitation email for authentication application configuration to all users who have not configured an authentication application.

    You can use "Send Bulk Emails" on the [User Management] screen to send bulk setting guidance e-mails for the authenticator application setting. For details, see Sending a setting guidance e-mail to users who have not completed the authenticator application setting.

    If you do not want to use MFA on a tenant-registered multifunction printer:

    Click [Click here for the settings] to display the Login Method on Device screen. On this screen, you can configure whether or not to skip MFA on the tenant-registered multifunction printer. For information about how to configure this, see Login Method on Device.

    If you want to always use MFA to log in from the web:

    Click [Click here for the settings] to display the Login Settings screen. You can specify whether to use MFA to log into this site. For information about how to configure this, see Login Settings.

    SAML Coordination Settings

    To use an account for an external service supporting SAML (SAML ID provider) to log into this site, configure the "SAML Coordination Settings". Follow the on-screen instructions to specify the ID provider.

    SAML Coordination Settings

    Shows the current status of SAML coordination; if the status shows "Active", you can click [Inactive] to disable SAML coordination.

    1. Set the following service provider information for the ID provider.

    Specify the on-screen information for the ID provider.

    1. Set the ID provider information.

    Specify the ID provider information for this site.

    1. Set the SAML coordination.

    Specify the SAML coordination settings.

    1. Make the other settings.

    If you specify RelayState in the settings on the ID provider side, enter the same URL to "RelayState to allow" in "4. Make the other settings.".

    • If the RelayState domain is "*.ricoh.com", no setting is required.
    1. perform the login test.

    Click [Execute Test] to check that you can successfully log in.

    If the login test succeeds, SAML coordination is enabled.

    1. Set to use SAML as the login method.

    Specify use of SAML for logging in.

    To use the web to log in, see Login Settings.

    Delete SAML Coordination Information

    To delete the ID provider information or SAML coordination settings, click [Delete]. Before deletion, be sure to disable SAML coordination.

    Password Policy

    Configure a set of login password policies for the login passwords to be set by member users of your tenant.

    Item Description
    Minimum number of characters <6 to 128 characters>*1 Set the minimum number of characters for passwords to a value between 6 and 128.
    Symbol requirement From the drop-down list, select whether a symbol needs to be included in user passwords.
    Digit requirement From the drop-down list, select whether a numeric needs to be included in user passwords.
    Upper case character requirement Select the checkbox if one or more uppercase characters needs to be included in user passwords.
    Prohibit password reuse This is used to prohibit reuse of passwords used by a user in the past. From the drop-down list, select the number of most-recently used passwords to be prohibited from being used.
    Limit for number of incorrect password entries (number of incorrect entries before account is locked) This is used to lock an account if incorrect passwords are entered. From the drop-down list, select the allowable number of retries to enter a password before locking the account.
    • If the set number of retries has been exceeded before the value is changed, the user account is not locked.
    • The number of retries does not count for password policy violations or password expiration.
    Specification of Password Policy Change Notification Email Specify the subject and body of the email as a template to be sent to users when a password policy change occurs. The number of characters that can be used is as follows:
    • Subject: Up to 78 characters
    • Body: Up to 3,000 characters
    If no template is specified, the default template is used.
    Send password policy change notification emails to all target users within tenant Select this checkbox if you want to send a mass password policy change notification email to users within your tenant.
    *1 Must be specified

    Password Expiration Date Policy

    Configure a set of login password date policies for the login passwords to be set by member users of your tenant.

    Password Expiration Date Policy Settings

    • Password expiration date specification

      To set up the password expiration date, select "Specify the number of days", and then specify the number of days between 14 and 730 days.

    • Sending a password expiration date notification email

      To send a password expiration date notification email, select "Specify how many days in advance to send", and then specify the number of days before the expiration date, between 1 and 730 days.

    Specification of fixed phrase for password Expiration Date Notification Email

    You can save the password expiration date notification email as a template by creating a subject and a body of text. If the template is left blank, the default text is used.

    Enter the subject and the body text.

    You can save a template with the subject or body text only.

    Click [Example of entry from here] to view entry examples or parameter descriptions.

    Item Specifiable characters
    Subject Specifiable number of characters: 0 to 78 characters
    Body Specifiable number of characters: 0 to 3,000 characters
    The URL parameter ({changePasswordUrl}) for the password change screen must be specified.
    Check "Use saved fixed phrase", and then click [Save].

    • To delete a saved template, clear the entry fields, and then click [Save].

    Login Method on Device

    Login Method on Device allow you to do the following.

    Single sign-on application
    Item Description
    IC Card/Device Account Choose whether to enable the use of an IC Card/Device Account link for login.
    Initially, this option is enabled.
    Activating Login Method
    Item Description
    PIN Code Choose whether to enable the use of a PIN code for login.
    Initially, this option is disabled.
    If this option is enabled, specify the number of digits and the generation method. The number of digits must be between 4 and 16.
    The available generation methods are "Auto" and "User Entry".
    This can be specified if "PIN Code" is enabled.
    If you choose "User Entry", it allows any PIN to be specified during PIN generation via "Device Login Settings" of "My Account Settings". Regardless of whether you choose " Auto" or "User Entry", a PIN is automatically issued when a new user is added, and a PIN issuance email is sent to the added user.
    External Service Coordination Choose whether to enable the use of an external service for login.
    Initially, this option is disabled.
    If this option is enabled, specify the external service to be used for login.
    This can be specified if "External Service Coordination" is enabled.
    User Select Choose whether to enable the selection of a user for login.
    If this option is enabled, users can be logged in by selecting themselves from a user list.
    Initially, this option is disabled.
    Select login method
    Item Description
    - Selecting the login method to be used to log in from a device.
    You can choose from the following login methods:
    • Email Address/Password
    • Tenant ID/User ID/Password
    • PIN Code*1
    • External Service*1
    • User Select*1
    Initially, this option is set to "Email Address/Password".
    *1 If this option is disabled, this selection is unavailable.
    • If "IC Card/Device Account" login is enabled, this selection is not listed in the Select login method options, as users are automatically logged in based on the account used to log into the system.
    MFA Settings
    Item Description
    - When MFA is enabled, select whether or not to skip MFA on the tenant-registered multifunction printer.
    When you select "Yes", you can log in to a multifunction printer registered with the tenant without a confirmation code even if MFA is enabled for the tenant.

    • "Login Method on Device" is not listed if the tenant is not using a multifunction printer/copier.

    SAML ID Provider Settings

    Configure the settings when you use SAML for single sign-on to a service provider.

    For details about how to register service providers, see Configuring Single Sign-On (SAML Idp) that Uses RICOH Accounts.

    Item Status
    Use this to register a new service provider.
    Use this to delete service providers that you selected.
    Service provider list Shows registered service providers, their registration date and time, and their Entity IDs.
    Placing the mouse over a service provider displays the [Edit] button and the [Delete] button. You can click these buttons to edit or delete service providers.

    Login Logs

    Displays up to past 35 days of login history for all users currently logged in on the tenant

    For information about how to export the login log, see Exporting Logs.

    Item Description
    (Menu button) Clicking displays the pull-down menu.
    Filters the login log entries to be listed by time period. Select "Past 24 hour(s)", "Past 7 day(s)", "Past 35 day(s)", or "Custom period".
    If "Custom" is selected, specify the start and end dates of the period within the range of the past 35 days.
    Filters the login log entries to be listed by login result. Select "Success" or "Failure".
    Enter a user ID to search the login log.
    Resets the search and filter criteria to their initial state so as to list the entire login log

    System Operation Logs

    Displays up to the past 35 days of system operation log for the tenant being logged in. For information about how to export the system operation log, see Exporting Logs.

    Item Description
    Enter a user ID to search the system operation log.
    Enter a target to search the system operation log.
    When clicked after entering a user ID or target's search keyword, the entered criterion is searched for.
    Resets the search and filter criteria to their initial state so as to list the entire system operation log
    Filters the system operation log entries to be listed by time period. Select "Past 24 hour(s)", "Past 7 day(s)", "Past 35 day(s)", or "Custom period ".
    If "Custom" is selected, specify the start and end dates of the period within the range of the past 35 days.
    Filters the system operation log entries to be listed by activity
    Filter the system operation log entries to be listed by result. Select "Success" or "Failure".

    Exporting Logs

    You can export the login and system operation logs in CSV format. An exported file is available for download for up to 72 hours.

    You can use either the Login Log or System Operation Log screen for export.

    • The time zone used for the date and time values exported is based on that was configured for the tenant.

    • Data and time are in the format of "YYYY/MM/DD HH:mm:ss".

    Click, the Menu button, and then select [Export].
    Select the log that you want to export.

    Initially, all logs are selected.

    If you select more than one type of log, the export status is displayed by log type.

    Click [OK].

    The exported log files are listed in the export status list. When the export of a file is complete, its status column changes to "Completed".

    Click [Download] to download the log files.
    Exported system operation log example
    Date/Time Operator (User ID) Category Activity Target Result Request ID
    2023/03/20 12:15:00 admin2 User Management Delete user yamada Success 3oxpba3-yj0g-rpuo-4l8k-2qqisnmbj6c7
    2023/03/19 10:05:00 admin User Management Add user (Role: admin) suzuki Failure gvba0ibc-njex-sr0s-uvip-x3dp7v1tvtc0
    2023/03/18 16:10:00 – System – User Management Add user (Role: admin) tanaka Success 2o6ctayl-hnb0-qr3x-tpca-kxbytpikouta
    2023/03/18 10:10:00 – System – User Management Add user (Role: user) suzuki Success 3bewk6up-hiwc-8t25-enf8-qh4vou6b5f5v
    2023/03/16 14:35:00 admin2 User Management Change role to user yamada Success iiyyw70e-lwft-8d6f-sqys-ye1bcbws4suq
    2023/03/10 9:30:00 admin2 User Management Change role to admin yamada Success ak84uolb-dw6w-rn2g-867v-yrt6c0uv7r12

    License Information List

    License Information List provides a list of the services licensed to the tenant to which the user belongs, with their status.

    1. [Status] filter

    You can narrow down the services to be displayed by choosing one of the following service use states from the drop-down list:

    • Status (no filter)

    • Not Started

    • Activated

    • Expired

    1. Service Name

    Clicking this column header toggles the table so as to display service names in ascending or descending order.

    1. Service table
    Item Status
    Service Name Shows the name of a licensed service.
    Plan Name Shows the plan name of the service. If the service has no plan, "-" is shown.
    Contract Contents Shows the type of contract that you have: License-count or pay-as-you-go.
    If you have a license-count contract, the numbers of devices and users that can use the service are also shown.
    • For an application that has no limitation on the number of users and for which it is required to manage access to it, "∞" is shown.
    • For an application that has no limitation on the number of devices or users and for which it is not required to manage access to it, "-" is shown.
    Usage Status

    • For a license-count contract:

      The number of licenses with access to an application configured is shown.

    • For a pay-as-you-go contract:

      The actual amount of usage of the month is shown along with that month.

      If the usage status is "Not Started" or " Expired", "-" is shown.
    Status Shows the status of the service.
    Subscription ID Shows the Subscription ID.
    Usage Period (Start - End) Shows the start of use and end of use dates of the service. If no period is assigned or not available for display, "-" is shown.

    Header Customization Settings

    You can change the header accent line color and logo image.

    Changing the accent line color

    You can change the header accent line color. A custom color can be also set, in addition to four basic colors.

    Changing the logo image file

    Your original logo image can be set in the header, instead of the RICOH logo. The logo image file specifications are as follows:

    Item Status
    File format jpeg, jpg, png, gif
    File size 2 MB or less
    Image size 198 pixels (width) × 72 pixels (height) or less
    When the image size is bigger than 198 pixels (width) and 72 pixels (height), it is reduced to a smaller size without changing the aspect ratio.