A key benefit of cloud computing is user mobility, but this requires traditional authentication methods to ensure adequate security. Active Directory, for example, must be moved to the cloud. Microsoft’s answer is Azure AD, an identity and access-management solution for SaaS applications.
PrinterLogic SaaS (formerly PrinterCloud) gives IT administrators the ability to eliminate print servers and centrally manage printer and driver deployments in a SaaS solution. As an option, PrinterLogic SaaS will leverage Active Directory and LDAP to authenticate its mobile- and pull- printing features.
Figure 1: PrinterLogic SaaS Authentication Paths
When using PrinterLogic SaaS for driver management and printer deployments, there is no need to configure an LDAP connection with Active Directory. The PrinterLogic SaaS client—installed on the end user’s workstation—uses a Windows API to request information about the user and domain, which is enough to perform these basic functions as shown in Figure 1 above.
For mobile and pull printing in PrinterLogic SaaS, the LDAP connection field must be completed. This is found under Tools > Settings > General as shown in Figure 2 below.
Active Directory Authentication: If features such as pull printing or mobile printing are used, the entire top section down to the LDAP port field (“Secondary LDAP Server” optional), as well as the Domain Alias, Bind User, and Bind Password fields, must be configured (Figure 2) so end users can release their pull/mobile print jobs from either a web-release portal, a control-panel application, or via badge release.
Figure 2: LDAP Settings for PrinterLogic SaaS
Microsoft Azure AD offers three variants that can be used, depending on organization size and the level of authentication required:
Azure AD—Cloud Identity Only. Azure AD is a basic identity service that can be used for single sign-on authentication (SSO) to give access to SaaS applications such as Office 365, Salesforce.com, and Dropbox. See Figure 3, below, for more details.
Azure AD Hybrid. Azure AD Hybrid offers full Windows Active Directory services synchronized with Azure AD using Azure AD Connect. This extends local AD accounts to Azure and allows end users access to both local and SaaS applications using single sign-on (SSO). See Figure 4, below, for more details.
Azure AD Domain Services (DS). Azure AD with Domain Services provides full Windows Active Directory without needing to create an additional Windows Server VM. This option is shown in Figure 5, below.
Figure 3: Azure AD Cloud Identity Only Model
Azure AD stores a few basic attributes such as name, tenant, role, and password. No on-premises Windows Servers are required. All information is stored and managed in the Azure AD instance in the cloud. Authentication is performed through SAML, WS-Federation, OAuth 2.0, and OpenID Connect protocols. In this scenario, all PrinterLogic SaaS core features work, aside from AD-based printer deployments; however, authentication for mobile and pull printing does not yet support these forms of authentication.
Figure 4: Azure AD Hybrid Model
Windows Server Active Directory is synchronized with Azure AD using an Azure AD Connect Server. This allows end users to access SaaS applications with their current AD credentials. PrinterLogic SaaS will integrate seamlessly with this architecture because it connects to the Windows Server Active Directory for authentication using LDAP, making all features available.
Figure 5: Azure AD Domain Services
With Azure AD Domain Services (DS), administrators create an entire virtual network, complete with domain controllers. Azure AD DS is available for cloud-only organizations and hybrid organizations, whereas Azure AD Connect is used to support identity synchronization. If Azure AD DS is used, PrinterLogic SaaS can be deployed and authenticates against the domain service using secure LDAP.
This is done by configuring secure LDAP (LDAPS) for the Azure AD Domain Services (Secure LDAP Configuration Guide) and filling out the LDAP configuration section under Tools > Settings > General in PrinterLogic SaaS. (See Figure 6 below for an example.)
Figure 6: LDAP configuration for Azure AD Domain Services.
PrinterLogic SaaS integrates seamlessly with this architecture because it connects to the Azure AD Domain Services for authentication using LDAPS. This makes all features available.
To see all these PrinterLogic SaaS features, go to www.printerlogic.com/printercloud and click “Start Trial.” This gives you 30 days of free access so you can see how PrinterLogic SaaS integrates with a Azure AD and gives IT administrators the ability to eliminate print servers and centrally manage printer and driver deployments in today’s SaaS environment.