Distributed Document Imaging: Maximizing Your Investment in Microsoft Technology Integration with Active Directory



Similar documents
Distributed Document Imaging: Maximizing Your Investment in Microsoft Technology Integration with SQL Server and Access

Distributed Document Imaging: Maximizing Your Investment in Microsoft Technology

Distributed Document Imaging: Maximizing Your Investment in Microsoft Technology Integration with Exchange

Addressing Security Issues The ecopy solution for document imaging

An IT Manager s Guide for Moving Toward the Paperless Office

WHITE PAPER. ecopy and the Health Insurance Portability and Accountability Act (HIPAA)

WHITE PAPER. Integrating Paper Documents Into Digital Workflows

Unleashing BPM: Eliminate process bottlenecks created by paper

Securing MFPs in a CAC Environment: Today and Tomorrow Critical Considerations

Tips for Evaluating Scanning Solutions Before You Buy A White Paper For Purchasing A Scanning Solution For Your Digital Copier or Scanner

Integrating paper-based information for Sarbanes-Oxley Section 404 compliance The ecopy solution for document imaging

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4

Active Directory Integration Guide

Meeting Compliance and Privacy Requirements Distributing paper documents electronically in an age of increased regulatory pressures

How to Secure a Groove Manager Web Site

Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004

Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper

Authentication Methods

Configuring Sponsor Authentication

Enabling single sign-on for Cognos 8/10 with Active Directory

Deciding When to Deploy Microsoft Windows SharePoint Services and Microsoft Office SharePoint Portal Server White Paper

Nuance ecopy ShareScan 5 and ecopy PDF Pro Office 5 Reviewers' Guide

Redeploying Microsoft CRM 3.0

Keeping Tabs on the Top 5 Critical Changes in Active Directory with Netwrix Auditor

efficient workflow security capability streamlined productivity SOFTWARE SOLUTIONS

How to monitor AD security with MOM

LDAP Directory Integration with Cisco Unity Connection

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Creating Home Directories for Windows and Macintosh Computers


PowerCAMPUS Portal and Active Directory

efficient workflow security capability streamlined productivity SOFTWARE SOLUTIONS

How-to: Single Sign-On

Veeam Backup Enterprise Manager. Version 7.0

ecopy ShareScan v4.3 Pre-Installation Checklist

User Management Tool 1.5

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

FTP Help Guide

Authentication in Apache Lenya

Security Assertion Markup Language (SAML) Site Manager Setup

QLIKVIEW DESKTOP INSTALLATION GUIDE

efficient workflow security capability streamlined productivity SOFTWARE SOLUTIONS

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

GlobalScan NX. Server 32/Server 750. Intelligent scanning for smarter workflow

User Management Tool 1.6

Simplify essential workflows with dynamic scanning capabilities. GlobalScan NX Server 32/Server 750 Capture & Distribution Solution

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Configuring User Identification via Active Directory

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

efficient workflow security features streamlined productivity SOFTWARE SOLUTIONS

Windows Server 2012 Hyper-V Cookbook

ThinManager and Active Directory

How To Secure Your Data Center From Hackers

Employee Active Directory Self-Service Quick Setup Guide

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On

Active Directory Compatibility with ExtremeZ-IP. A Technical Best Practices Whitepaper

9. Database Management Utility

Addressing document imaging security issues

TIBCO Spotfire Platform IT Brief

AT&T Global Network Client Domain Logon Guide. Version 9.6

Table of Contents Introduction... 2 Azure ADSync Requirements/Prerequisites:... 2 Software Requirements... 2 Hardware Requirements...

MassTransit Leveraging MassTransit and Active Directory for Easier Account Provisioning and Management

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

How to Back Up and Restore an ACT! Database Answer ID 19211

Overview of Active Directory Rights Management Services with Windows Server 2008 R2

Quick Start Guide for VMware and Windows 7

Installing Exchange and Extending the Active Directory Schema for Cisco Unity 8.x

ecopy Connector for Interwoven WorkSite

CA ARCserve and CA XOsoft r12.5 Best Practices for protecting Microsoft Exchange

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

Smart Card Authentication. Administrator's Guide

Configuring IBM Cognos Controller 8 to use Single Sign- On

Initial Setup of Microsoft Outlook 2011 with IMAP for OS X Lion

Z-Term V4 Administration Guide

Joining a workstation to the TAMU IT Domain and Profile Migration

Lizenzbestimmungen für Windows Server 2003

SSO BDC is Easy! By Brett Lonsdale, MCTS, MCSD.NET, MCT Lightning Tools 1/12/2008

Collaboration Technology Support Center Microsoft Collaboration Brief

How to Logon with Domain Credentials to a Server in a Workgroup

Installation & Configuration Guide User Provisioning Service 2.0

Active Directory Compatibility with ExtremeZ-IP

How Office Copiers Can Pay for Themselves and Then Some

White Paper. Support for the HIPAA Security Rule PowerScribe 360

Single Sign-on (SSO) technologies for the Domino Web Server

Quick Start Guide for Parallels Virtuozzo

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

IPedge Feature Desc. 5/25/12

ecopy Connector for EMC Documentum

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure

Setting Up Resources in VMware Identity Manager

Bill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support

Active Directory and DirectControl

Single Sign-On for Kerberized Linux and UNIX Applications

Malwarebytes Enterprise Edition Best Practices Guide Version March 2014

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

EMR Link Server Interface Installation

Hosted Exchange 2010

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

Transcription:

WHITE PAPER Distributed Document Imaging: Maximizing Your Investment in Microsoft Technology Integration with Active Directory

Contents Introduction...1 Distributed Document Imaging in Microsoft IT Infrastructures...2 Authentication and security...2 Lowering total cost of ownership...2 Implementing access controls...3 Personalization at the device...3 Handling complex environments...4 Summary...4 ii

Introduction Given the fundamental role of Active Directory (AD) in the IT infrastructure, any distributed document imaging solution must integrate with AD for purposes of security, administration, and ease-of-use: The authentication process at the device must mirror the authentication process at the Windows desktop, using the same AD logon credentials and secure protocols. Having logged on, users must be able to access the applications they are authorized to use without logging on again. To do this, the solution must leverage AD s single sign-on feature, which automatically unlocks applications, including 3rd-party applications, which use Windows integrated authentication. The user s existing AD profi le must determine the level of access to various network resources from the scanning device. Users must be able to scan documents to the same libraries, databases, folders, etc. they use from their desktop, but must be prohibited from accessing those for which they do not have access rights. This ecopy technology brief is one in a series of four briefs that examine the requirements for successfully integrating a distributed document imaging application into your existing Microsoft-focused IT environment. Other technology briefs in this series include: Exchange SharePoint SQL Server / Access The other three technology briefs in this series can be downloaded from our Web site. 1

Distributed Document Imaging in Microsoft IT Infrastructures Distributed document imaging solutions enable knowledge workers to convert paper documents into electronic fi les. As a result, these solutions offer signifi cant benefi ts, including: Making paper-based information available throughout the organization Speeding up the processing of paper documents while simultaneously reducing the associated costs Enabling administrators to apply policies for compliance with records management and security regulations Safeguarding paper documents through electronic backup to offsite facilities To achieve these benefi ts, the imaging application must be easy to use and must integrate with the applications people already use on a daily basis for communication, collaboration, and document storage. Users must be able to walk up to any scanning device and store, distribute, and share paper documents the same way they handle electronic fi les at their desktop by browsing the network, storing fi les to pre-confi gured locations, selecting recipients from address lists, and indexing documents for quick retrieval. For organizations with Microsoft-focused IT infrastructures, this means integrating with the Microsoft technologies and applications already in place, such as Active Directory, Exchange, SharePoint, and SQL Server -based business management applications. Dynamic integration with back-end servers (domain controllers, Exchange servers, SharePoint servers, etc.) through programmed interfaces ensures that the user interface refl ects the latest changes to the underlying applications, directories, and site structures. It also eliminates the need for preconfi gured scanning cover sheets that some imaging solutions require. The application interfaces must be sophisticated enough to handle the infi nite variety of complex network environments involving multiple domains, multiple forests, outsourced IT management, and internet-hosted services. Authentication and security An ideal distributed imaging application uses the Security Support Provider Interface (SSPI) to negotiate the best protocol (frequently Kerberos or NTLM) based on the security policies in place. If capturing user credentials on a non-windows platform (for example, an imaging client running on the MFP s embedded computing engine), the client must use a secure protocol, like Triple DES or SSL, to ensure the credentials cannot be intercepted during transfer over the network. Lowering total cost of ownership Some distributed imaging solutions require manual account setup for each user. This adds signifi cantly to the administrative workload, since IT staff must continually add, modify, and delete accounts as employees transition throughout the organization. 2

It also compromises security, since manual processes are error-prone and subject to delayed implementation. Integration with AD eliminates the need to manage separate user lists and passwords, dramatically reducing the need for IT intervention and thereby lowering the total cost of ownership. When an IT administrator creates a new user account, that user is automatically confi gured to use the scanning device, subject to any restrictions associated with existing group policies. AD maintains links between user accounts, mailbox accounts, and applications, so a single change updates the user information for all applications and services. If the imaging application is tied into the same account management database, the rights and restrictions associated with that user propagate immediately to each scanning device. Similarly, password changes are applied automatically to all AD-integrated applications. Implementing access controls An ideal distributed imaging solution integrates with the existing AD organizational structure. The Organizational Unit (OU) is the level at which administrative controls are typically delegated, and administrators may need to limit access to devices to those within a specifi c OU. By enabling administrators to restrict access to certain branches of the organizational hierarchy, administrators can effectively control access to devices with minimal effort. For example, a college has MFP devices located in common areas. The administrator needs to restrict access so that students and faculty can use scan to email but only faculty can use scan to folder. Although students and faculty have accounts on the same domain, students are in the Students OU, while faculty members are in the Faculty OU. In this case, the administrator can provide general access to both OUs but limit scan to folder access to OU=Faculty. Personalization at the device When a user logs on through an AD-integrated imaging application, the application can access the information in the user s AD profi le. For example, the application can read the user s Home Directory attribute and make that location immediately available for storing scanned documents without requiring any folder navigation or selection. When browsing the network, personalization ensures that users can see only folders they are allowed to access. Imaging applications that support AD-integrated applications like Microsoft Exchange or SharePoint (both covered in other documents in this series) can make extensive use of personalization. Exchange integration can provide the user with access to personal contacts and distribution lists, while SharePoint integration can fi lter available destinations and pre-populate available content types and metadata based on the user s profi le. Users logging on through an AD-integrated imaging application can only see the folders they are allowed to access. 3

Handling complex environments In a multi-domain forest, each domain stores information about objects in that domain only. For example, a user in Domain A is stored only on Domain A s domain controllers, while a device in Domain B is stored only on Domain B s domain controllers. In this type of environment, a distributed imaging solution must enable users in Domain A to access devices in Domain B. In a multi-forest environment, cross-forest authentication enables secure access to resources when the user account is in one forest and the capture device is in another forest. This enables users to work securely without sacrifi cing the single sign-on and administrative benefi ts of having only one user ID and password. Access to resources in other domains or forests is supported through trust relationships and global catalog servers. In a multidomain or multi-forest environment, therefore, it is important that the distributed imaging application can communicate with global catalog servers, and not just with servers within the local domain or forest. Summary Ideally, a distributed imaging solution should bring the user s existing Windows environment to the scanning device. Integration with Active Directory makes that possible. Doing so virtually eliminates any administrative overhead, since the solution ties into the existing user management infrastructure. Considerations when selecting a distributed imaging solution: Does the authentication process at the device mirror the authentication process at the Windows desktop, using the same user credentials and the same secure protocols? Does the solution integrate with AD to restrict access to applications and resources based on the user s AD profi le and the groups to which the user is assigned? Once logged on, can users access any of the applications they are authorized to use without having to log on again? A multi-forest environment with crossforest authentication. Can the administrator restrict device access to those below a specifi ed DN (Distinguished Name) in the organizational hierarchy? Can the solution fi lter available options and pre-confi gure certain fi elds based on the user s identity? Does the solution work in complex multi-domain and multi-forest environments? Nuance and the Nuance logo, are trademarks or registered trademarks of Nuance Communications, Inc. or its affi liates in the United States and/or other countries. All other trademarks referenced herein are the property 2009 of their Nuance respective Communications, owners. Inc. All rights reserved. 4

L- The experience speaks for itself NUANCE COMMUNICATIONS, INC. ONE WAYSIDE ROAD 781 565 5000 BURLINGTON, MA 01803 NUANCE.COM

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information