Internet Services Help

Settings and Operation

Settings and Operation
 1. This manual may not be copied or modified in whole or part, without the written consent of the publisher.
2. Parts of this manual are subject to change without prior notice.
3. The screen shots and illustrations in this manual is an example. It may vary depending on the using model,
software and OS version.

HN1425E5-2
©FUJIFILM Business Innovation Corp. All rights reserved.

2
Table of Contents

1 Feature Settings using Internet Services

Configuring Wi-Fi Connection Settings using IEEE802.1X Authentication Method .............................. 5
Configuring of My Folder in Scan Feature ..................................................................................................... 7
Configuration to Use Device Setup Tool of Job Flow ................................................................................... 8
Encryption and Digital Signature Settings ..................................................................................................... 9
Configuration of HTTP Communications Encryption ..................................................................... 9
Configuration of Encryption Using IPsec .......................................................................................10
Configuration of Email Encryption/Digital Signature ..................................................................12
Configuration of PDF Signature .......................................................................................................15
Configuring of Microsoft Entra ID .................................................................................................................17
Precautions when operating Microsoft Entra ID authentication ...............................................17
Connection Settings to the Microsoft Entra ID .............................................................................17
Other Settings (Device) ....................................................................................................................21
Other Settings (Microsoft Entra ID) ................................................................................................24
Exchange Online POP3 Server Settings .......................................................................................................26
Administrator Consent on Microsoft Entra ID ..............................................................................26
Settings using Internet Services ......................................................................................................26

2 Feature Operation using Internet Services

Print ....................................................................................................................................................................28
Printing using Internet Services .......................................................................................................28
Print via NFC .......................................................................................................................................28
AirPrint .................................................................................................................................................29
Mopria Print Service ..........................................................................................................................31
Universal Print ....................................................................................................................................32
Scan ....................................................................................................................................................................35
Importing Using Internet Services ...................................................................................................35
User Authentication Operations ....................................................................................................................36
Changing Password by Login Users ................................................................................................36
Cloning the Configuration Information of Add-on Applications ..............................................................37
Displaying the Settings Screen ........................................................................................................37
Exporting Settings ..............................................................................................................................37
Importing Settings .............................................................................................................................38
Job History Export ............................................................................................................................................39
Environmental Settings .....................................................................................................................39
Displaying the Setting Screen ..........................................................................................................40
Format Setting of Job History File ...................................................................................................40

3
 Automatically Exporting the Job History .......................................................................................41
Exporting Job History ........................................................................................................................43
Re-export of Job History ...................................................................................................................43
How to Obtain Activity History ........................................................................................................44

4
 1 Feature Settings using Internet Services

1 Feature Settings using Internet

1

Services

Configuring Wi-Fi Connection Settings using

IEEE802.1X Authentication Method
Connecting to the High Security Network
The Wi-Fi connection feature on the device supports IEEE802.1X authentication. To use IEEE802.1X
authentication method, which requires a certificate, get the necessary certificate issued by the
certificate authority and import it to the device from Internet Services.

Note
In order to import certificates via Internet Services, the settings for encrypting HTTP communications must
be configured. For more information on Internet Services operation and how to set encryption for HTTP
communication, refer to "Configuration of HTTP Communications Encryption" (p. 9).

1. Log in to Internet Services as system administrator.

2. Import a certificate.
1. Click [System] > [Security] > [Certificate Settings].
2. Click [Import].
3. Click [Browse] to specify the name of the file to import.
4. Enter the password of the certificate for [Password].
5. Enter the password again for [Retype Password].
6. Click [Start].
7. Refresh the web browser.

3. Configure Wi-Fi connection and security settings.

Note
The procedure varies depending on the selected certificate method.

1. Click [Network] > [Wi-Fi].

2. Enable [On].
3. Enter the SSID in [SSID].
4. Select [WPA2 Enterprise] in [Encryption Settings].
5. Select [Authentication Method].
6. Enter the EAP-Identity value in [Identity].
When EAP-TLS is selected for the authentication method, proceed to step 11.

Note
Ask your RADIUS server administrator for the EAP-Identity.

5
Settings and Operation

7. For PEAPv0 MS-CHAPv2, EAP-TTLS/PAP, EAP-TTLS/CHAP, or EAP-TTLS/MS-CHAPv2, enter the

login user name and password for WPA-Enterprise authentication in [User Name] and [Password].
8. Retype the password in the [Retype Password] field for confirmation.
9. Select the imported CA certificate in [Root Certificate].
10. When EAP-TLS is selected, select the imported client certificate in [Client Certificate].
11. Click [Save].
12. Click [Restart Now].

The device is rebooted and the settings are applied.

6
 1 Feature Settings using Internet Services

Configuring of My Folder in Scan Feature

Enabling the Service and Configuring the Forwarding Method
Configure the My Folder service using Internet Services.

1. Log in to Internet Services as system administrator.

2. Click [App] > [Scan] > [Scan to My Folder].
3. Click [Enabled] > [Save].
4. Click [Change My Folder Location].
5. Select either [Disabled] or [Enabled], and then click [Save].
6. Click [My Folder Settings].
7. Set each item and click [Save].
8. Click [My Folder Login Credentials].
9. Select the login credentials to access the destination, and then click [Save].

7
Settings and Operation

Configuration to Use Device Setup Tool of Job Flow

To create the job flow sheets using Device Setup Tool, the SNMP port setting is required.

Configuring the SNMP Port

1. Log in to Internet Services as system administrator.

2. Click [Network] > [Protocols] in the menu.
3. Click [SNMP], and enable the [Port].
4. Enable the [Authentication Failure Generic Traps].
5. Click [Save].

8
 1 Feature Settings using Internet Services

Encryption and Digital Signature Settings

Configuration of HTTP Communications Encryption
Step1 Certificate Arrangement
Prepare for the certificate used for encrypting the HTTP communication. To set up a certificate using
Internet Services, you can have the device create a self-signed certificate for the SSL server or can
import any registered certificate (issued by another CA) to the device.

Note
You cannot import a certificate that already has been registered either as [Device Certificate] or [Other
Certificates]. Delete the registered certificate beforehand.

How to create the self-signed certificate (for SSL server)

1. Log in to Internet Services as system administrator.

2. Click [System].
3. Click [Security] > [Certificate Settings].
4. Click [Create] > [Generate Self-Signed Certificate].
5. Set each item as necessary.
6. Click [Start].
7. Click [Close] after the certificate has been generated.
How to import the certificate issued by another CA
Before importing the certificate issued by another CA, create the self-signed certificate and make the
settings so that HTTP communication is encrypted.

1. Log in to Internet Services as system administrator.

2. Click [System].
3. Click [Security] > [Certificate Settings] > [Import].
4. Click [Browse] and select the file to import on the displayed dialog box, then click [Open].
Note
You can also directly enter the path of the file to import.

5. Enter the password of the certificate to [Password].

6. Enter the same password as the previous step to [Retype Password].
7. Click [Start].
8. Click [Close] after the import has finished.

9
Settings and Operation

Step2 Certificate Settings

Register the certificate for the server with the device.

Note
Until making the setting of this section, a self-generated certificate is automatically set as the server
certificate.

1. Log in to Internet Services as system administrator.

2. Click [System].
3. Click [Security] > [SSL/TLS Settings].
4. Select a certificate at [Device Certificate - Server].
Important
If no certificate is selectable, confirm that the device certificate is registered with [System] > [Security] >
[Certificate Settings].

5. Set [HTTP - SSL/TLS Communication Port Number] as necessary.

Important
Do not set the same port number as other ports.

6. Click [Save].
7. Click [Restart Now] after the touch screen instructs to restart the device.
Configuration of Encryption Using IPsec
When setting [Authenticate by Digital Signature] for [IKE Authentication Method] to make IPsec
communication, register a certificate with the device. No certificate is registered with the device by
factory default. Import an IPsec certificate. After importing a certificate, configure IPsec.
When the IKE authentication method is set to [Authenticate by Preshared Key], skip the step 1
"Certificate Arrangement" and go to step 2 "Configuration of IPsec".

Important
You cannot import a certificate that already has been registered either as [Device Certificates] or [Other
Certificates]. Delete the registered certificate beforehand.

Note
If a certificate to be imported as an IPsec certificate contains V3 extension "KeyUsage", "digitalSignature" bit
must be asserted.

Step1 Certificate Arrangement

To configure a certificate using Internet Services, configure the encryption settings for HTTP
communications, and then import a certificate issued by another CA to use it for the IPsec certificate.

Note
The public key of the certificate that can be imported to the device shall be either of RSA® public key (up to
4096 bits) and ECC public key P-256/P-384/P-521.
You cannot use a self-signed certificate created with Internet Services for IPsec.

10
 1 Feature Settings using Internet Services

See
For details on how to configure the encryption settings for HTTP communication, refer to "Configuration of
HTTP Communications Encryption" (p. 9).

1. Log in to Internet Services as system administrator.

2. Click [System].
3. Click [Security] > [Certificate Settings] > [Import].
4. Click [Browse] and select the file to import on the displayed dialog box, then click [Open].
Note
You can also directly enter the path of the file to import.

5. Enter the password of the certificate to [Password].

6. Enter the same password as the previous step to [Retype Password].
7. Click [Start].
8. Click [Close] after the import has finished.
Step2 Configuration of IPsec
The following describes configuration procedures to set up IPsec on the device.

1. Click [Network] > [Protocols] > [IPsec].

2. Enable the [Enable].
3. Click [IKE Authentication Method] to set the IKE authentication method.
 For Digital Signature Method
1. Select [Digital Signature].
2. Click [Device Certificate].
3. Select the certificate to use for authentication, then click [Save].
 For Preshared Key Method
1. Select [Preshared Key].
2. Enter the text string to become the preshared key, then click [Save].

4. Configure other settings as required.

Step3 Communication Destination Device Settings
This section explains the settings of the party being communicated with.
The necessary settings are as follows:
 Create an IP security policy
 Assign the IP security policy

See
For information on how to set above settings, refer to the help of the communication destination device.

11
Settings and Operation

Configuration of Email Encryption/Digital Signature

Installation Overview

Note
To encrypt emails and attach a digital signature to emails between the device and a computer, a personal
or device certificate for S/MIME of a recipient and the device certificate of the device must be set on the
computer. To configure the digital signature, the device certificate of the device is necessary. Configure the
following settings to the certificates.
- Email address
- If the certificate contains V3 extension "keyUsage", "digitalSignature" and "keyEncipherment" must be
asserted.
- If the certificate contains V3 extension "extendedKeyUsage", "emailProtection" must be set.
Up to 100 addresses can be encrypted with S/MIME.

Configuration on Sender and Recipient

To transmit emails encrypted by S/MIME and with digital signatures attached, register the required
certificate on equipment of a sender and a recipient.
The following shows the certificate settings necessary to encryption and digital signature.
Encryption Digital Signature
Sender Recipient Certificate to required for the
Certificate required for the sender recipient
The device Computer Personal certificate of the computer Device certificate for S/MIME of the
device
Another device Device certificate for S/MIME of Device certificate for S/MIME of the
another device device
Computer The device Device certificate for S/MIME of the Personal certificate of the computer
device
Another device Device certificate for S/MIME of the Device certificate for S/MIME of
device another device

Step 1 Certificate Arrangement

Prepare for the certificate used for encrypting the email communication and for making the digital
signature. To set up a certificate using Internet Services, you can have the device create a self-signed
certificate for the SSL server or can import any registered certificate (issued by another CA) to the
device.

To Generating Self-Signed Certificate (for S/MIME)

1. Log in to Internet Services as system administrator.

2. Click [Details] located on [Device Information] of Home screen.
3. Confirm that [Device Email Address] is input.
4. Click [System].
5. Click [Security] > [Certificate Settings].
6. Click [Create] > [Generate Self-Signed Certificate].
7. Set each item as necessary.
8. Click [Start].
12
 1 Feature Settings using Internet Services

9. Click [Close] after the certificate has been generated.

To import the certificate issued by another CA

Before importing the certificate issued by another CA, create the self-signed certificate and make the
settings so that HTTP communication is encrypted.

See
For details on how to configure the encryption settings for HTTP communication, refer to "Configuration of
HTTP Communications Encryption" (p. 9).
The device supports to import RSA public key (up to 4096 bits) or ECC public key (P-256/P-384/P-521).

1. Log in to Internet Services as system administrator.

2. Click [Details] located on [Device Information] of Home screen.
3. Confirm that [Device's Email Address] is input.
Note
[Device's Email Address] must be same as the email address that the certificate mentions.

4. Click [System].
5. Click [Security] > [Certificate Settings] > [Import].
6. Click [Browse] and select the file to import on the displayed dialog box, then click [Open].
Note
You can also directly enter the path of the file to import.

7. Enter the password of the certificate to [Password].

8. Enter the same password as the previous step to [Retype Password].
9. Click [Start].
10. Click [Close] after the import has finished.
Step2 S/MIME Settings

1. Log in to Internet Services as system administrator.

2. Click [Network] > [Protocols] > [S/MIME].
3. Enable the [Enable].
4. Select a certificate at [Device Certificate].
Important
If no certificate is selectable, confirm that the device certificate is registered with [System] > [Security] >
[Certificate Settings].

5. Configure the encryption settings.

 Message Digest Algorithm
Set the message digest algorithm to use.

13
Settings and Operation

Note
If a certificate of an RSA 512-bit public key is used, selecting [SHA-512] may cause an incorrect email.

 Message Encryption Algorithm

Set the encryption method of the email body for sending email from the device.

6. At [Certificate Auto Store], select whether to store the certificate automatically.

Note
If set to [On], the certificate will be stored when receiving the email to which an S/MIME certificate is
attached.
If "digitalSignature" and "keyEncipherment" are not asserted to the V3 extension (KeyUsage) of the
certificate, the certificate will not be stored automatically even if set to be stored automatically.

7. Click [Save].
Step3 Configuration on Sender and Recipient
Transmitting emails with encryption or a digital signature requires more than importing the device
certificate to the device. Both devices to make the transmission need to pass the device certificates or
personal certificates with each other.
This section describes, when regarding each device as a sender, certificates required for sender and
recipient, and registration procedures.
For information on the settings necessary to encryption and digital signature, refer to the table in
"Configuration on Sender and Recipient" (p. 12).

Note
You need to import all the trusted root certificate authorities and intermediate certificate authorities that are
registered in the path of a certificate to use.

When the device sends and a computer receives

The personal certificate of a computer must be registered with the device and the device certificate of
the device must be registered with a computer.
To register the computer's personal certificate, use Internet Services.
The followings are the available methods to register the device certificate to a computer.
 Send an email with S/MIME digital signature to a computer from the device and register it with the
certificate store of an email application in the computer.
To send an email with S/MIME digital signature, log in to the System Administrator mode and select
[Always add signature] or [Select When Sending] for [Digital Signature - Email] under [Device] >
[Network Settings] > [Security Settings] > [S/MIME Settings] in advance.
 Export the certificate of the device to a computer using Internet Services, and register it with the
certificate store of an email application in the computer.

See
For how to register a certificate with the certificate store of an email application, refer to the manual of your
email application.

When the device sends and another multifunctional device receives

The device certificate of another multifunctional device must be registered with the device and the
device certificate of the device must be registered with another multifunctional device.
To register the device certificate of another multifunctional printer, start Internet Services of another
multifunctional device through a computer and export the certificate to the computer. And then, start
Internet Services of the device and import the exported certificate.

14
 1 Feature Settings using Internet Services

To register the device certificate of the device with another multifunctional device, perform the same
procedure as described above.

When a computer sends and the device receives

The device certificate of the device must be registered with a computer. The registration of the personal
certificate of a computer to the device is not required.
The following methods are available to register the device's device certificate to a computer.
 Send an email with S/MIME digital signature to a computer from the device (or another
multifunctional device) and register it with the certificate store of an email application in the
computer.
To send an email with S/MIME digital signature, log in to the System Administrator mode and select
[Always add signature] or [Select during send] for [Digital Signature - Email] under [Device] >
[Connectivity &Network Setup] > [Security Settings] > [S/MIME Settings] in advance.
 Export the certificate of the device to a computer using Internet Services, and register it to the
certificate store of an email application in the computer.

See
For how to register a certificate with the certificate store of email application, refer to the manual of your
email application.

Configuration of PDF Signature

This section describes the settings to send scanned documents in PDF format with a digital signature
(PDF) attached.

Important
You cannot import a certificate that already has been registered either as [Device Certificates] or [Other
Certificates]. Delete the registered certificate beforehand.

Step1 Certificate Arrangement

Configure the encryption settings for HTTP communications, and then import a certificate issued by
another CA to enable S/MIME.

See
For details on how to configure the encryption settings for HTTP communication, refer to "Configuration of
HTTP Communications Encryption" (p. 9).

1. Log in to Internet Services as system administrator.

2. Click [System].
3. Click [Security] > [Certificate Settings] > [Import].
4. Click [Browse] and select the file to import on the displayed dialog box, then click [Open].
Note
You can also directly enter the path of the file to import.

5. Enter the password of the certificate to [Password].

6. Enter the same password as the previous step to [Retype Password].
7. Click [Start].

15
Settings and Operation

8. Click [Close] after the import has finished.

Step2 Configuration of PDF Signature

1. Log in to Internet Services as system administrator.

2. Click [App].
3. Click [Scan].
Note
The same settings are available on [Send as Email].

4. Click [PDF Signature Settings].

5. Set each item.
6. Select the registered certificate at [Device Certificate].
Important
If no certificate is selectable, confirm that the device certificate is registered with [System] > [Security] >
[Certificate Settings].

7. Click [Save].
8. Click [Restart Now] after the touch screen instructs to restart the device.
Step3 Configuration on the Computer
Sending a PDF signature file from the device to a computer
Make sure that the root certificate of the certificate to be used for the scan file signature of the device is
registered with the recipient's computer.

16
 1 Feature Settings using Internet Services

Configuring of Microsoft Entra ID

This section describes the setting procedures when using Microsoft Entra ID on the device.

Note
Log In to Remote Accounts Kit option is required.

Precautions when operating Microsoft Entra ID authentication

Microsoft Entra ID authentication feature does not support the following user accounts.
 Personal account (Microsoft account)
 Account without password
 Account with Multi-Factor Authentication (authentication method using multiple factors such as IC
card and password, biometric authentication)
 Account synchronized (federated) with on-premises Active Directory

Note
We recommend authentication using Active Directory in stead of Microsoft Entra ID when the On-premises
Active Directory is being used.
For the latest information, refer to the official website of Microsoft.

Connection Settings to the Microsoft Entra ID

The procedure of required settings for the connection between the device and the Microsoft Entra ID is
as follows.

Settings using Internet Services

1. Log in to Internet Services as system administrator.

2. Click [Permissions] > [Authentication and Accounting].

17
Settings and Operation

3. Click [Authentication/Accounting Type].

4. Select [Remote], then click [Save].

5. Select [Microsoft Entra ID] then click [Save] > [Save].

6. Click [Restart Now] after the touch screen instructs to restart the device.

18
 1 Feature Settings using Internet Services

Settings using Microsoft Entra ID

7. Enter the following URL into the address box on the browser, and then press the <Enter> key.
https://login.microsoftonline.com/common/adminconsent?client_id=ec0da6b2-efc5-4db8-8e41-
e00616e4bf44&redirect_uri=https://account-fb.fujifilm.com/consentResult.html

8. Log in as a Global Administrator.

9. The consent screen for the authority is displayed. Confirm the contents and click [Accept].
Note
In order to use Microsoft Entra ID feature on the device, the consent that the device may perform the
following process is needed.
User Authentication
Read basic information, such as user names
Read user's Email addresses
Read directory group data

10. Click the copy button in the [Tenant ID] field to copy ID, after the consent success screen is displayed.

Settings using Internet Services

11. Perform steps 1 to 4 of "Connection Settings to the Microsoft Entra ID" (p. 17) to display the [Remote
Authentication Settings] screen.

12. Select [Microsoft Entra ID] then click [Save].

13. Paste the copied ID in [Directory ID].

14. Click [Edit] of [Domain Settings].

19
Settings and Operation

15. Enter all the domain information of Microsoft Entra ID, then click [Save] > [Save].
Note
Enter with up to 50 domains.

16. Click [Change] after the touch screen instructs to restart the device.
17. Set DNS server and Proxy server as necessary.
18. When linking IC card, log in as system administrator, and set [Permissions] > [Authentication and
Accounting] > [Advanced Settings] > [Cache Login Credentials on Device] to "on".

Note
[Store Login Information on Device] is displayed when IC card connection is set.

20
 1 Feature Settings using Internet Services

Other Settings (Device)

Configuration of IC Card Reader

1. Log in to Internet Services as system administrator.

2. Click [System] > [Plug-in Settings].

3. Click of optional connected IC card reader from [Embedded Plug-ins], and then select [View].
4. Place a check mark for the using IC card and click .
5. Enter the required information and click [Apply].
Configuring of Microsoft Entra Group Permissions
The following shows the procedure to set the Microsoft Entra group account to be assigned the access
role to the copy service, for example.

See
For details on how to set the access control, refer to "Access Control" (p. 22).

1. Perform steps 1 to 4 of "Connection Settings to the Microsoft Entra ID" (p. 17) to display the [Remote
Authentication Settings] screen.

2. Select [Microsoft Entra ID] then click [Save].

3. Click [Edit] of [Group Account Permission Settings].

21
Settings and Operation

4. Click [Copy].

5. Enter the object ID (OID) of Microsoft Entra group which would be authorized for [Copy]. Enter the ID
in xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx format, where "xxxx" is a hexadecimal number.

Note
When the logged in user belongs to the group account set here, the user is assigned the access role.

See
For information on how to check the group account’s DN for Microsoft Entra ID, refer to "How to Check the
Group Object ID for Microsoft Entra" (p. 24).

6. Click [OK].
To control other services, repeat steps 4 to 6.

7. Click [Save] > [Save].

Access Control
The following shows the procedure to restrict access to the copy service, for example.

1. Log in to Internet Services as system administrator.

2. Click [Permissions] > [Permissions] > [Access Control].
3. Select [Set Individual App Access] under [App Access].

22
 1 Feature Settings using Internet Services

4. Click [Copy] and set the restricted operation of copy.

 Unlocked
The service operation is not restricted.
 Locked (Show Icon)
On the device home screen, the service is displayed with a lock icon. Authentication is required to use
this service.
 Locked (Hide Icon)
On the device home screen, the service is not displayed. Authentication is required to use this service.

5. To control other services, repeat step 4.

6. Click [Save].
Configuring Deletion of Mismatched Users
When connecting IC card, If set "Store Login Information on Device" to "On", some user details will be
retained in the device after successful authentication.
When operating Log In to Remote Accounts (Microsoft Entra ID), changing user details of Microsoft
Entra ID may cause the user details retained in the device to be mismatched.
At the time, setting "Allow Deletion of Mismatched Users" to "Off", user who has become mismatch will
not be able to authenticate. Setting "on" in the next step will delete the user details retained in the device
and allow authentication again.

1. Perform steps 1 to 4 of "Connection Settings to the Microsoft Entra ID" (p. 17) to display the [Remote
Authentication Settings] screen.

2. Select [Microsoft Entra ID] then click [Save].

3. Set [Allow Deletion of Mismatched Users] to [on].
4. Click [Save].

23
Settings and Operation

Other Settings (Microsoft Entra ID)

How to Check the Group Object ID for Microsoft Entra
The procedure to check the group object ID registered on Microsoft Entra groups is as follows.

1. Log in to Azure Portal as a Global Administrator.

2. Select the target group from [Microsoft Entra ID] > [Groups].
3. Confirm the object ID of Microsoft Entra ID in [Object ID].
How to Add Accounts to the Microsoft Entra Group
The procedure to add accounts to the existing group on Microsoft Entra ID is as follows.

1. Log in to Azure Portal as a Global Administrator.

2. Select the target group from [Microsoft Entra ID] > [Groups].
3. Select the [Members] area in [Manage], and click [Add members].
4. Select the user to add.
5. Click [Select].
When the Login Takes Time and the Login Results Vary for the Same User
It is likely to be caused by the high load to the Microsoft Entra ID or the network. Basically, your running
environment requires to be checked and adjusted.
Setting the waiting time for the connection between the device and the Microsoft Entra ID long enough
may avoid the login failure. But it is a temporary measure, because the login time is not shortened.
The procedure to set the waiting time for the connection is as follows.

1. Log in to Internet Services as system administrator.

2. Click [Permissions] > [Authentication and Accounting].
3. Click [Advanced Settings].

24
 1 Feature Settings using Internet Services

4. Enter the appropriate time in [Server Response Timeout] and [Search Timeout].

 Server Response Timeout

Defines the maximum waiting time for the server response when the device requests the
authentication to the Microsoft Entra ID.
Change the value to reduce the network load.
 Search Timeout
Defines the maximum waiting time for the server response when the device requests the search to
the Microsoft Entra ID.
Change the value to reduce the load on the Microsoft Entra ID.

5. Click [Save].

25
Settings and Operation

Exchange Online POP3 Server Settings

Use Internet Services to set up the POP3 server of Exchange Online that uses OAuth 2.0 authentication.

Important
Only one POP3 server can be set. The latest setting will become valid.
If you have set up the POP3 server of Exchange Online that uses OAuth 2.0 authentication, the settings
made on the control panel of the machine will not be enabled.
IPv6 is not supported.

Administrator Consent on Microsoft Entra ID

You need to consent in advance to the following actions that the machine takes.
 Consulting users' basic information such as email addresses
 Accessing users' emails

Note
For Microsoft Entra ID, refer to the official website of Microsoft.

1. Enter the following URL into the address box on the browser, and then press the <Enter> key.
https://login.microsoftonline.com/common/adminconsent?client_id=a483ddb9-c576-49c4-ac31-
03b17912e92b&redirect_uri=https://opencds-fb.fujifilm.com/gen/mfp_aux/adminConsent.html

2. Log in as a Global Administrator.

3. The consent screen for the authority is displayed. Confirm the contents and click [Accept].
4. Close the browser, after the consent success screen is displayed.
Settings using Internet Services
1. Log in to Internet Services as system administrator.
2. Set DNS server and Proxy server as necessary.
3. Click [Network] > [Protocols] > [POP3] and enable [Port (Receive Email)].
4. Click [Service Provider] to select [Exchange Online].
5. Click [Save].
Important
Do not change the settings except for [Polling Interval] if there is no particular reason.

6. Click [Next], after the Enter Authentication Code screen is displayed.

7. On the input screen, enter the code that is displayed on the Enter Authentication Code screen then
click [Next].

8. On the sign-in screen, enter the email address for receiving that is to be set for the machine then click
[Next].

9. On the password screen, enter the password of the email for receiving then click [Sign In].

26
 1 Feature Settings using Internet Services

10. Close the browser, after the sign-in success screen is displayed.

27
Settings and Operation

2 Feature Operation using Internet

2

Services

Print
Printing using Internet Services
Allows you to print files without using a print driver.

Note
CMYK TIFF and JPEG (JFIF) files are not supported.

1. Start Internet Services.

2. Tap [Print File] at the bottom of the Home screen.
3. Click [Browse], and then specify the file.
4. Set each item in [Print Settings] as required.
5. Click [Print].
Print via NFC
If your mobile device supports the NFC touch print feature, holding the mobile device near the NFC area
on the control panel allows you to print files easily.
To enable the NFC feature on the device, use Internet Services.

1. Log in to Internet Services as system administrator.

2. Click [Network] > [NFC].
3. Enable [On].
4. Click [Save].

28
 2 Feature Operation using Internet Services

AirPrint
AirPrint is a printing service provided by Apple Inc. By using AirPrint, you can request a document print
instruction to the device from macOS/OS X computers or iOS installed devices such as iPad/iPhone,
without installing any print drivers or special software. You can also scan documents using macOS/OS X
computers.

Note
For the latest information of AirPrint, refer to Apple Inc. official website.

iBeacon for Printers Settings

You can instantly find nearby devices with iBeacon for Printers over Bluetooth; thus you can select the
desired device from the [Action] menu > [Print] > [Printer] on your iOS device when you print or scan
via AirPrint. PIN code entry is not required.
While Bonjour cannot search devices on the different subnet, iBeacon for Printers can find them.

1. Log in to Internet Services as system administrator.

2. Click [Network] > [Bluetooth].
3. Enable the [Port (Bluetooth Low Energy)].
4. Enable the [iBeacon for Printers].
5. Click [Save].
Note
Rebooting the device is required to enable the settings. Reboot the device following the message on the
screen.

AirPrint Settings

1. Log in to Internet Services as system administrator.

2. Click [Network].
3. Click [AirPrintTM] under [Mobile Printing] to enable the [Enable].
Note
If the device is connected via USB, also enable the [USB Connection].

4. Configure the settings as required.

5. Click [Save].
Note
Rebooting the device is required to enable the settings. Reboot the device following the message on the
screen.

29
Settings and Operation

Computer Settings (For macOS/OS X only)

The device must be registered to the computer before using AirPrint.

Note
When you use AirPrint via USB communication, this setting is unnecessary because the device is
automatically registered to the computer when the device and the computer are connected with the USB
cable.

1. From a computer connected to the network, select the [Apple] menu > [System Preferences].
2. Select [Printers & Scanners].
3. Click [+] (Add).
Note
If a drop-down menu is shown when you click [+] (Add), select [Add Printer or Scanner].

4. Select the device from the [Name] list.

Note
Printers in the network are searched automatically and listed in the [Name] list. If the device is not in the list,
check the network settings of the device and the computer.

5. Click [Use] > [Secure AirPrint] or [AirPrint] > [Add].

The device is added to [Printers] in the [Printers & Scanners] screen.

Printing
Printing from iOS
This section describes how to request a print instruction from iOS, using iPad as an example.

1. Open the document you want to print.

2. From the menu, tap [Print].
3. Tap [Select Printer].
4. Select the device and configure the print settings.
5. Tap [Print].
Printing from macOS/OS X

1. Open the document you want to print.

2. From the [File] menu, select [Print].
3. Select the device from [Printer]. Confirm the print settings, and click [Print].
Note
You can only select the print settings available for the device.

30
 2 Feature Operation using Internet Services

Scanning
This section describes how to scan documents using macOS/OS X.

Important
When you are away from the device to operate a computer with the original sheets left on the device, be
aware that other users may operate the device. If another user operates the device accidentally or instructs
to scan from the computer, there is a risk of losing documents and leaking information.
Use a computer that is as close to the device as possible. Ensure that other users do not touch the original
while you are away from the device. When the scan process is complete, check that you have all the pages of
the original sheets.

1. Load the original you want to scan on the document feeder or the document glass.
Note
Place the top of the original to the left. The orientation cannot be changed.

2. Select the [Apple] menu > [System Preferences].

3. Click [Printers & Scanners] > [Scan] > [Open Scanner].
4. Click [Scan].
Mopria Print Service
Mopria Print Service is a service that allows printing to a Mopria authentication printer from an Android
smart phone or tablet (Android 4.4 or later). You can use this service without any special settings.
First, you need to download and install the Mopria Print Service application to your Android devices from
the Google Play Store.
To print, connect your mobile device to the same network with the device, or connect to the device using
the Wi-Fi Direct feature.

Note
When the Authentication and Accounting feature is enabled, you need to set [Unlocked] for [Permissions] >
[Permissions] > [Access Control] > [Non-Account Print] on Internet Services.

Configuring Mopria Print Service

1. Log in to Internet Services as system administrator.

2. Click [Network].
3. Click [Mopria®] under [Mobile Printing], and enable the [Enable].
Printing from Mopria Print Service
See
For details, refer to the following URL.
http://mopria.org/

31
Settings and Operation

Universal Print
Universal Print is a cloud printing service provided by Microsoft Corporation. Without having to install a
printer driver or special software, you can print documents sent from a Windows computer (Windows
10 Version 1903 and later) with your device.

Note
To use this feature, a Universal Print license is required.
Only the Global Azure Cloud is supported by Universal Print. Sovereign Cloud is not supported.
For the latest information on the Universal Print and the Azure cloud service in each country, refer to the
Microsoft official website.

Administrator consent on Microsoft Entra ID

You need to consent in advance to the following actions that the device takes.
 Registering printer to Universal Print
 Accessing Universal Print
 Referencing basic information such as directory ID of tenant the user belongs

Note
For Microsoft Entra ID, refer to the official website of Microsoft.

1. Enter the following URL into the address box on the browser, and then press the <Enter> key.
https://login.microsoftonline.com/common/adminconsent?client_id=37f0eff4-a9ee-400d-94c4-
116ec3b48137&redirect_uri=https://opencds-fb.fujifilm.com/gen/mfp_aux/adminConsent.html

2. Log in as a Global Administrator.

3. The consent screen for the authority is displayed. Confirm the contents and click [Accept].
4. Close the browser, after the consent success screen is displayed.
Registering printer to Universal Print

Important
IPv6 is not supported.

1. Log in to Internet Services as system administrator.

2. Set DNS server and Proxy server as necessary.
3. Click [Network] > [Mobile Printing] > [Universal Print], and then enable [Enable].
4. Click [Save] and then restart the device.
5. After restarting the device, log in to Internet Services as system administrator.
6. Click [Network] > [Mobile Printing] > [Universal Print], and then click [Register].
7. On the [Register Printer] screen, click [Register].
Important
Unless there is a special reason, do not make changes to setting items.

8. After the Enter Authentication Code screen is displayed, click [Next].

32
 2 Feature Operation using Internet Services

9. On the input screen, enter the code that was displayed on the Enter Authentication Code screen, and
then click [Next].

10. On the sign-in screen, enter the account of the Microsoft Entra ID printer administrator or Global
Administrator to register the Universal Print for the device, and then click [Next].

Note
When [Remote Authentication Settings] is set to [Microsoft Entra ID], the account to be entered needs to
belong to the same directory.

11. Enter the password on the password screen, and click [SignIn].
12. After the sign-in success screen is displayed, close the browser.
Settings using Azure Portal

1. On the browser, access the Universal Print Administration page of the Azure Portal.
2. From the printer list, click on the name of the device.
Note
The name of the device will be shown as the printer name that is set in the Internet Services system
administrator menu under [Network] > [Protocols] > [Bonjour].

3. Click [Share].
4. Change the shared name as necessary.
5. Select the member to grant access, and then click [Share Printer].
Windows settings

1. In the Windows settings, click [Account] > [Access work or school].

2. Click [Connect], and sign in using the user account of Microsoft Entra ID.
3. In the Windows settings, select [Devices] > [Printers & scanners].
4. Click [Add a printer or scanner].
From the search results, click on the name of the device, and then click [Add device].

Note
The name of the device displayed in the search results is the shared name that was set in the Azure Portal.

33
Settings and Operation

Printing with Universal Print

For printing with the Universal Print, refer to the Microsoft official website.

Important
When you save as the authorized print or private print, the job state becomes as completed on the Azure
Portal at the time of you saving the printing job.

Note
In the job results of the device, the name of the job printed with Universal Print is shown as a string
combining the last 4 digits of Universal Print job ID and the file name.
When the device is set for the authorized print, the job is saved in the authorized print without a user ID.
When you set [Remote Authentication Settings] to [Microsoft Entra ID], the Universal Print job can be saved
to the private print.

Unregistering printer from Universal Print

1. Log in to Internet Services as system administrator.

2. Click [Network] > [Mobile Printing] > [Universal Print], and then click [Edit].
3. Click [Unregister].
4. On the [Edit] screen, click [Unregister].
5. Click the name of the device on the Azure Portal, and click in the order of [Delete Printer Share] then
[Unregister].

Note
Unregister from the Azure Portal as necessary. You can also switch to another printer without unregistering.

34
 2 Feature Operation using Internet Services

Scan
Importing Using Internet Services
When the device is installed in a TCP/IP environment, Internet Services allows you to import files stored
in a device's folder by accessing the device from a computer via a web browser. You can also use a
macOS/OS X computer to import files via a web browser.

Note
You can retrieve scanned data in PDF format, but cannot encrypt the PDF files and cannot attach a signature
to the files when retrieving them.

1. Start Internet Services.

Note
If the authentication feature is enabled on the device, enter a user ID and passcode in the [User Name] and
[Password] fields. Ask your system administrator for the user ID and passcode.

2. Click [My Page].

3. Place a check mark next to each file to be exported.
4. Click [Retrieve].
5. Click [File Format], and then specify the file format.
Note
To specify page number to retrieve, enable [Retrieve Page] then specify the page number.
To set the character recognition (OCR), enable [Searchable Text] then input any word.

6. Click [Retrieve].
7. Confirm the file name and click .
The file is downloaded to the computer.

8. Click [Close].

35
Settings and Operation

User Authentication Operations

Changing Password by Login Users
The system administrator can set or change passwords using Internet Services.

1. Log in to Internet Services as system administrator.

2. Click [Permissions].
3. Click the user to edit from [User Accounts].
4. Click [Change Password].
5. Enter the current password to [Current Password].
6. Enter the new password to [New Password] and [Retype Password].
7. Click [Save].

36
 2 Feature Operation using Internet Services

Cloning the Configuration Information of Add-on

Applications
You can use "Settings Cloning for Add-on Applications" of Internet Services to copy the configuration
information of add-on applications to another multifunctional device.

Important
The system administrator can only operate this feature. In the case of an authenticated user, even if the user
has the permission of the system administrator, the user cannot use the feature.

Note
You cannot import setting information of a particular function(s) only. All the application information in the
setting file are imported in batch.
If the version of the application which you import the settings is lower than the version of the exported
application, the settings file is not updated.
Do not turn off the power of the device during importing. If you turn off the power of the device during
importing, the settings may not be updated properly. In this case, import again.

See
For notes and restrictions specific to each application, refer to description of exporting and importing
setting information in each application's manual.

Displaying the Settings Screen

1. Log in to Internet Services as system administrator.
2. Click [Apps] > [Enable Add-on Apps] in the menu.
3. Select [Enable] and then click [Save].
4. From the Apps list, click [Settings Cloning for Add-on Applications].
5. Click [View].
The [Settings Cloning for Add-on Applications] screen appears.

Exporting Settings
This section describes how to export the settings of Add-on Application.

Note
While exporting, you cannot operate with the control panel of the device.
Depending on the amount of exporting data, it may take several tens of minutes.
0

1. Access the device which you want to export the settings, and then display the [Settings Cloning for
Add-on Applications] screen.

2. Click [Export].
3. If the login message is displayed, enter the system administrator ID and password of the device, and
then log in.

Note
This screen is displayed when the system administrator ID and password of the device are not registered
on Settings Cloning for Add-on Applications, or the ID and password are changed after the last registration.

37
Settings and Operation

4. Perform the following steps.

1. On the [Select Application] screen, check the application of which settings are exported.
2. Click [OK].

5. Operate the following procedure.

1. Confirm the displayed message, and then check [Confirmed, continuing with the operations].
2. Click [Start export].
The settings file is downloaded.
The initial value of the file name is "ApplicationConfig.bin".

Importing Settings
Import the exported file to the device, and then update the settings of the target application.

Note
While importing, you cannot operate with the control panel of the device.
Depending on the amount of the importing data, it may take several tens of minutes.
0

1. Access the device which you want to import the settings, and then display the [Settings Cloning for
Add-on Applications] screen.

2. Operate the following procedure.

1. Click [Browse], specify the setting file to be imported.
2. Click [Import].

3. If the login message is displayed, enter the system administrator ID and password of the device, and
then log in.

Note
This screen is displayed when the system administrator ID and password of the device are not registered
on Settings Cloning for Add-on Applications, or the ID and password are changed after the last registration.

4. Perform the following steps.

1. On the [Select Application] screen, check the application to import settings.

Note
If a setting information file exported by the conventional "Settings cloning for Easy UI Solution/ScanAuto"
is selected, the [Select Application] screen is not displayed.
Only the applications installed on the import target multifunction device are listed. The displayed version is
as of the date of export.
2. Click [OK].

5. Operate the following procedure.

1. Confirm the displayed message, and then check [Confirmed, continuing with the operations].
2. Click [Start import].
Importing is started, and then the settings are updated.

6. Confirm the importing results, and then click [Close].

38
 2 Feature Operation using Internet Services

Job History Export

Job History Export is a service for exporting operation history (job history) such as copying and printing
processed with a multifunction device via a web browser, or for automatically exporting the history to a
file server.
With this service, you can obtain and manage the job history of a multifunction device.

Operating Environment

Multifunction Device
Job History Export works in the following environment. If the environment of your multifunction device
does not meet the following conditions, add the required options.
 A storage is equipped inside a multifunction device.
 The system memory is more than 2 GB.
 The printer kit is equipped.
 The multifunction device is connected to a network.

File Server
The file server that can communicate in the Server Message Block (SMB) protocol. Hereafter, referred
as the SMB server.
For details of the sorts of supported SMB servers or the information related to the SMB protocol
communication, refer to the description of the SMB transfer feature in the guides provided with each
machine.

Environmental Settings
This chapter describes the environment settings of your multifunction device to use Job History Export.

Multifunction Device Settings

To use Job History Export, the following settings are required. Before using this service, check whether
each setting is set correctly.

Item Settings
SOAP - Port Status [Device] > [Network Settings] > [Port Settings] > [SOAP]
SOAP - Port Status: Enabled
SOAP - Port Number: 80
Internet Services (HTTP) [Device] > [Network Settings] > [Port Settings] > [Internet Services (HTTP)]
Internet Services - Port Status: Enabled
SMB Client*1 [Device] > [Network Settings] > [Port Settings] > [SMB Client]
SMB Client - Port Status: Enabled
Embedded Plug-ins [Device] > [System Settings] > [Plug-in Settings]
Embedded Plug-ins: Enabled

*1 Set this item when you export the job history to a SMB server.

39
Settings and Operation

Internet Services Settings

Item Settings
Enable Add-on Apps [Apps] > [App Settings]
Enable Add-on Apps: Enabled
Embedded Plug-ins [System] > [Plug-in Settings]
Embedded Plug-ins: Enabled

Displaying the Setting Screen

1. Log in to Internet Services as system administrator.
2. Click [Apps], and select [Job History Export] in [Installed Apps].
3. Click [View] in [Plug-ins].
The setting screen of Job History Export is displayed.

Format Setting of Job History File

You can set the format of a file to output the job history.
The job information of one job is output as one line.

1. Display the setting screen of Job History Export.

2. Click [Auto Export Setup] on the navigation bar and select [File Format] at the top of the screen.
3. Set each item, and then click [Apply].
Item Description
Character Encoding Select the character encoding for outputting the job history depending on the
language setting of a multifunction device.

Important
If the language setting of a multifunction device is other than
Japanese or English, do not select [Shift-JIS].
Date/Time Format Select the date and time format for outputting the job history.

Note
The order to output the "YearMonthDay" follows the setting of
[Date Format] on a multifunction device.
Header Language Select a language of the header line output in the job history and the part of the
job attribute value.

40
 2 Feature Operation using Internet Services

Item Description
File Name As needed, enter any text string to add to a file name of the job history.
You can input only the characters that you can input with the control panel of
your multifunction device.
Append Date & Time to Select the information to add to the end of the file name.
File Name
Append Device Name, Note
Serial Number, and Date If [Append Device Name, Serial Number, and Date & Time to File
& Time to File Name Name] is enabled, the computer accesses the multifunction
device and obtains the information. At the time of accessing a
multifunction device, if the system administrator ID or password
set in [Administrator Settings] is incorrect, the service cannot
obtain the information, so that the error message is added to a file
name.

Automatically Exporting the Job History

You can export the job history stored on your multifunction device as a CSV file to a file server
automatically.
With the auto export, the job history that was finished by the start of exporting is exported only once.
Exported job history is not exported again.

Creating a Shared Folder

Create a folder on the computer for using as a SMB server, and then set as a shared folder.
Set more than one user who has the authority to write on the created shared folder.

Setting Export Destination

Set the information of a SMB server as the export destination in Job History Export.

1. Display the setting screen of Job History Export.

2. Click [Auto Export Setup] on the navigation bar and select [Destination] at the top of the screen.
3. Set each item.
Item Description
*1
Server Name / IP Address Enter the full computer name or the IP address of a SMB server as the export
destination.
Example of the full computer name:
host1.example.com
Example of an IP address:
192.0.2.1 (In the case of IPv4), 2001:DB8::1234 (In the case of IPv6)
Share Name*1 Enter the shared name of the created shared folder on a SMB server.
*1
Save Location Enter the folder name of the lower layer of the shared folder.
If this entering is skipped, the job history is exported to just below the shared
folder.
User Name Enter the user name that has the authority to write in the shared folder. In the
case of the domain user, enter in the format of "User Name@Domain Name".
If this entering is skipped, this item is regarded as "no user name" or "Guest"
depending on the multifunction device setting.
Password Enter the password of the user who has the authority to write in the shared
folder.

41
Settings and Operation

Item Description
Port Number If you select [Do Not Specify (Default Port)], the port number is set to "445".
If the port number of the SMB server from "445", select [Specify], and then
enter the port number. For the port number to enter, refer to your SMB server
administrator.

*1 The path of the export destination is created by the combination of entered text strings.
Example: \\ {Server Name / IP Address} \ {Shared Name} \ {Storage Location}/\

4. If you want to check whether the setting is correct, click [Send Empty File].
If the setting is correct, the job history file that followed the setting input and is only the header line is
exported.

5. Click [Apply].
Setting Export Method
Set the method for the auto export.

1. Display the setting screen of Job History Export.

2. Click [Auto Export Setup] on the navigation bar and select [Schedule] at the top of the screen.
3. Set each item, and then click [Apply].
Item Description
Auto Export Check if you want the auto export, and then select the export cycle or start
time.
Export Cycle Specify the frequency to export the job history.

Export Start Time Specify the time to start exporting.

Note
The time actually the export is executed is following the
setting of a multifunction device.
Threshold Value for Auto Export By monitoring the number of the job history stored on a multifunction device,
you can set whether to export automatically when the job history that is not
exported exceeded the specified number.
Frequency of Monitoring Select the hour interval to monitor the number of the job history of a
multifunction device.
Retry Attempts Select the number of the retry when accessing a SMB server failed from once
to ten times.
Retry Interval Select the interval to retry.
Auto Export at Power On if Device If this item is enabled, in the following case, the job history is exported when
Power Is Off at Specified Time the power of the multifunction device is on.
In the case that the power of a multifunction device is off at the date and
time set
In the case that the power of a multifunction device is off during the retry
process
In the case that the job history cannot be exported though the retry
executed for the set times and the power of a multifunction device is off

42
 2 Feature Operation using Internet Services

About the Retry Process

The file that is exported by the retry process is the job history that cannot be exported at the specified
date and time due to such as a communication error. The job information that is finished during the
process is not exported.
The job history that could not be exported even if the number of the retries reached the specified
number is exported at the next specified date and time.
During the process of the retry, the number of saved jobs in a multifunction device is not monitored.

Exporting Job History

You can export the job history stored on your multifunction device to a computer as a CSV file.
Specify the period, and then export the job history that is finished in the period.

Note
The job history that is being processed is not exported.
If the finished job does not exist in the specified period, a job history file which includes only the header line
is output.

1. Display the setting screen of Job History Export.

2. Select [Manual Export] on the navigation bar.
3. Set [Start Date & Time] and [End Date & Time], and then click [Export].
Re-export of Job History
You can manually re-export job history that failed to be automatically exported.
If you re-export the job history, the date that was originally set so that it was automatically exported is
added to the output file name.
For example, if you specify the export method to "Monthly, Month End, 23:00", and then if you stop the
SMB server from June 20 2017 to July 10 2017 and you re-export the job history on July 10 2017, the
date value that is added to the file name will be "20170630_2300".
The destination to be re-exported is in accordance with the Auto Export Settings.

1. Display the setting screen of Job History Export.

2. Select [Retry Failed Exports] on the navigation bar.
3. Perform the following steps.
1. Click [Send Empty File].
Check whether the empty file is sent to the SMB server specified in [Destination]. If the file has been
successfully sent to the server, go to step (2). If failed to be sent, check the condition of the server,
and try this step again.
2. Click [Export Now].

43
Settings and Operation

How to Obtain Activity History

You can check the result of auto export with the activity history.

1. Display the setting screen of Job History Export.

2. Select [Retry Failed Exports] on the navigation bar.
3. Click [Download] under [Download Activity History].
As needed, download by specifying a destination folder and a file name.

44