Configuring Secure Scan

Secure Scan enables administrators to easily manage printing and MFP scanning across their organization and provides users with a simplified and consistent user experience across all the supported manufacturers.

Key Features

  • Provides simple scan to email functionality: With just a few clicks, users can send scanned documents to their email address because the following fields are pre-set.

    • To and From fields: These fields are pre-filled with the user’s email address.
    • Subject: This shows the scanned document’s file name (e.g. Secure Scan_7_3_2022.jpg)
    • Message: This shows the accompanying message in the email (e.g. Please find the scanned file in the attachment)
  • With Scan-to-email, users can scan documents and send them directly to a fax machine destination.
  • Integrates with OneDrive and SharePoint. Users can upload their scanned documents to OneDrive or SharePoint.
  • Supports saving scanned document to a network folder.
  • Uses the same authentication method as Secure Release. Secure Scan requires users to authenticate to access the Secure Scan function.
  • Scanned documents are encrypted via TLS 1.2 while in transit to their destination - scanned documents are never stored at rest on Pharos Cloud.
  • Scan job metadata is sent to Pharos Cloud for reporting purposes based on the user's data privacy settings.

Supported Printer Manufacturers

  • HP
  • Canon
  • Konica Minolta
  • Ricoh
  • Toshiba
  • Xerox

Scan Destinations

Users can send or upload their scanned documents to the following destinations:

  • Email – Scanned documents are sent as email attachments to the logged-in user’s email address.

Note: Scan to Email also allows users to scan documents and send them directly to a fax machine destination. To enable this feature, IT admins will need to select the Enable editable To: field setting in the Secure > Settings > Secure Scan Settings of the web console.

  • OneDrive – Upload scanned documents to the user’s OneDrive folder.
  • SharePoint – Upload scanned documents to a SharePoint location.
  • Network Folder - Save scanned documents to a shared folder on your internal work.

Scan Options

If the default scan settings are not suitable, users can change them before scanning the document.

  • File Format: JPEG (default), PDF, TIFF
  • Quality (DPI): 100 (default), 300, 400, 600
  • Color Mode: Auto (default), Color Glossy Photo, Mono Text, Mono Text Photo, Mono Text Lineart, Mono Photo, Grayscale
  • Paper Size: Auto (default), Letter, Invoice, A3, A4, 11x17, B5, B4, Legal, Mexico Oficio, Tabloid
  • Orientation: Portrait (default), Landscape
  • Two-sided/One-sided: One-sided (default), Two-sided

The available scan options depend on the attributes supported by the printer. For example, if Auto is not supported, it won't appear as an option.

Konica Minolta Default Scan Options

Konica Minolta devices come with a predefined set of default scan options, which are not currently accessible to other printer manufacturers. The default scan options for Konica Minolta devices are as follows:

  • File Format: JPEG
  • Color Mode: Color
  • Paper Size: A4 Short Edge Feed
  • Two-sided/One-sided: Simplex
  • Quality: DPI 200x200
  • Orientation: Landscape

Basic Workflow

  1. An IT administrator enables Secure Scan on the web console and configures the scan destination settings.
  2. The user logs in to a secure printer and selects the Scan Document option.
  3. The user places the document to be scanned in the automatic document feeder (ADF) or the scanner glass.
  4. The Scan Options screen is displayed. The user selects desired scan options if the default values are not suitable.
  5. The user clicks Done. This opens the Scan Destinations screen. The user selects their preferred destination (Email, OneDrive, SharePoint, or Network Folder).

Note: Microsoft OneDrive and SharePoint destinations may require users to authorize the Secure Scan app access to their Office 365 folders depending on whether the site is configured to use user-based authentication.

  1. The user clicks the Scan Document to start the scan operation. If the scan is successful, the user sees the Scan Request complete message. Otherwise, the user sees an error message.
  1. The scanned document is sent to the user’s selected scan destination.

Important Notes:

  • KM, Canon, and Ricoh printers need to be resecured to initialize scan.
  • Toshiba: For Secure Scan to work on Toshiba MFPs, the following needs to be configured via the Toshiba printer’s TopAccess web interface
    • Enable the SSL/TLS setting under the Network > WSD section
    • Disable User Authentication for Scan under Security > Authentication > User Authentication section.
  • Konica Minolta: For Secure Scan to function properly, the latest firmware must be installed on KM printers.

Limitations and Known Issues

  • Toshiba: Multi-Page scanning from Platen glass is not supported.
  • Canon: Scanned documents in PDF format cannot be opened at the destination (e.g. email, network folder, or OneDrive).

Configuring Secure Scan

Step 1: Enable Secure Scan

  1. Navigate to the Secure > Settings screen on the Pharos Cloud web console.
  2. In the Secure Scan Settings section, enable Secure Scan by turning the toggle switch on.

Step 2: Configure Scan Destination Settings

In this step, you will be configuring how to send scanned documents to users. Scanned documents can either be sent to the user's email address, uploaded to OneDrive, SharePoint, or a network folder.

Scan to Email Settings

To send scanned documents to email the logged-in user’s email address, you will need to configure the Pharos Cloud to communicate with your organization’s SMTP email server.

Note: Contact your IT administrator to get details of your SMTP server.

Setting Description
SMTP Server Name Enter the name of your organization's SMTP server. This may be in the form smtp.company.com.
SMTP Server Port Enter the SMTP port number provided by your administrator. The default SMTP port value is 25.
SMTP Username The user name used to authenticate with the SMTP account.
SMTP Password The password associated with the SMTP Username used to authenticate to the SMTP server.
Enable SMTP SSL/TLS Protocol Select this option if your SMTP Server uses SSL/TLS protocol.
Max file size This enables IT administrators to define the maximum file size for scan to email. The default value is 5MB, while the maximum allowed file size is 2047 MB.
Enable editable "To" field

When enabled, users can:

  • Scan documents and send them directly to a fax machine destination.
  • Send scanned documents to another user’s email address. Previously, the To field was not editable and limited to sending scanned documents to the user's own email address.

Scan to Network Folder

Scan to Network Folder enables users to save scanned documents to a shared folder within the internal network. To activate this feature, IT administrators must select the "Enable Scan to Network Folder" option under the Secure > Settings > Secure Scan Settings.

In the Network Folder Path, enter the network path where you intend to store the scanned document. For the Username and Password fields, provide the necessary credentials to authenticate access to the specified network folder path.

Scan to Office 365 Settings (OneDrive and SharePoint)

The Scan to Office 365 feature uses the Microsoft Graph API for uploading documents to either OneDrive or SharePoint. Existing customers can choose between enabling user-based authentication or using tenant-based authentication. New customers, however, will only have the option of enabling user-based authentication.

Enable User-Based Authentication - Once enabled, this allows users to scan documents directly to their personal OneDrive or SharePoint folders. It uses delegated permissions, meaning it relies on the user's own permissions rather than application-based permissions used in tenant-based configurations. With delegated permissions, individual users grant the Secure Scan app access to their respective Office 365 OneDrive or SharePoint folders. User-based authentication eliminates the need for IT admins to manually create an Azure application; this process is automatically managed on your behalf. All that IT administrators need to do is enable this setting.

Note: New Pharos Cloud customers will get the User-based authentication option only. However, existing customers can maintain their tenant-based configuration if they choose. Should you choose to transition to user-based authentication, you will need to apply the latest version of the Site Service (released with Pharos Cloud3.6). By checking the Enable User Based Authentication, you will permanently delete the tenant based information.

Tenant-based Configuration

If using tenant based configuration, you will need to register an app (that represents Secure Scan) to Azure AD and declare the required permissions to integrate with Graph API and configure the settings below. For more information, refer to the Configuring Microsoft Azure for Secure Scan document.

Setting Description
Tenant ID The unique ID for your organization within Microsoft.
Client ID (Application ID) This is the unique ID assigned by Azure Active Directory to the application you created in the Azure portal to represent Secure Scan. This will identify your application in Azure AD.
Client Secret The password for the application you registered with Azure AD.
Enable SMTP SSL/TLS Protocol Select this option if your SMTP Server uses SSL/TLS protocol.

Step 3: Resecure the Printer (Canon, KM, Ricoh)

For Secure Scan to operate correctly, IT administrators must resecure Canon, KM, and Ricoh printers.

Note: HP and Toshiba printers do not need to be resecured.

Related Topics: