March 06, 2020

PrinterLogic SaaS and Cloud-based Identity Providers (IdP)

PrinterLogic, the world leader in Serverless Printing Infrastructure (SPI), has announced General Availability of Version 1 of its integrations with the cloud-based IdPs Okta and Azure AD. For PrinterLogic SaaS customers, this release provides support for SAML 2.0-based federated authentication. 

PrinterLogic gives organizations the ability to eliminate print servers and provides a centrally managed direct IP print infrastructure. PrinterLogic publishes two distinct web pages and installs a client on end-user workstations to communicate with the server and facilitate printing.

To function properly all these elements have the need for user authentication and authorization. This blog explains where the integration points are.

No more Active Directory

The PrinterLogic web-based Admin Console enables administrators to centrally manage both printer and driver deployments by users and groups. This console supports role-based access control (RBAC) so admins have access rights only to the information they need. Traditionally, PrinterLogic SaaS has relied on Active Directory and LDAP to authenticate admins and automate deployment of printers to end users.

PrinterLogic’s Self-service Installation Portal enables end users to perform routine printer installs by themselves with a single click, and traditionally relies on their AD identity to grant them access to only the printers they are allowed to install.

Windows and Mac clients also traditionally rely on the user’s AD identity to perform their tasks such as installing and removing printers and/or new profiles.

What is a cloud-based IdP?

Cloud-based IdPs allow IT admins to deliver SaaS applications securely and to the right person. Identity management also supports Multi-factor Authentication (MFA) and Single Sign-on (SSO). 

Authentication and Authorization are both common terms in the world of Identity and Access Management (IAM). Cloud-based IdP is a subset of this larger IAM market space.

Authentication is the act of validating that users are who they claim to be, while Authorization is the process of giving the user permission to access a specific resource or function. Authorization is often used interchangeably with Access Control or Client Privilege.

SAML (Security Assertion Markup Language) is an XML-based standard used for exchanging authentication and authorization data between an IdP and a Service Provider (SP). The SP is typically a cloud-based application, and in Figure 1 below the SP is PrinterLogic.

In an SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one.

PrinterLogic SaaS support for IdP

PrinterLogic SaaS is part of the Okta Integration Network (OIN) as both a SAML- and Provisioning-enabled Application. It is also part of the Microsoft Azure App Gallery. 

Online documentation is available for Azure AD and Okta to help IT teams configure PrinterLogic for integration with these services.

Figure 1 illustrates the integration between PrinterLogic SaaS and a cloud-based IdP.

Figure 1: Integration between PrinterLogic SaaS and a Cloud-based IdP.

How IdPs and PrinterLogic work together

The flow of communication between the the IdP and PrinterLogic is as follows:

  1. The end user logs into PrinterLogic SaaS Self Service Portal via a web browser.
  2. PrinterLogic SaaS generates a SAML authentication request and redirects the browser to the IdP’s SSO portal.
  3. The end user enters their credentials and requests authentication from the IdP.
  4. The IdP parses the SAML request and authenticates the end user.
  5. The IdP generates an encoded SAML response and returns it to PrinterLogic SaaS.
  6. PrinterLogic SaaS authorizes the client and grants access to the Self Service Portal.

There are two separate sign-in flows through which authentication can be handled by SAML, both of which are supported by PrinterLogic SaaS. 

  1. The first known as an SP-initiated flow, occurs when the user attempts to sign in to a SAML-enabled SP via its login page. Instead of prompting the user to enter a password, an SP that has been configured to use SAML will redirect the user to the IdP which will then handle the authentication and redirect the user back to the SP as a verified user.
  2. The second flow is known as an IdP-initiated flow. This occurs when the user logs into the IdP and launches the SP application by clicking its icon from their home page. If the user has an account on the SP side, they will be authenticated as a user of the application and will generally be delivered to its default landing page, which in the case of PrinterLogic is the Self-service Installation Portal page.

PrinterLogic SaaS IdP integration also supports the System for Cross-domain Identity Management (SCIM), which allows for the automation of user provisioning. When changes to identities are made in the IdP, including create, update, and delete, they are automatically synced to the SP in real-time according to the SCIM protocol.

A look at Version 1’s functionalities

Version 1 of IdP integration supports the following core functionalities of PrinterLogic SaaS:

  • Support for Windows and Mac workstations
  • Access to the Admin Console and full RBAC
  • Full Reporting
  • Deployments by User or Group
  • Portal Security by User or Group
  • User login via IdP Website
  • Adding/Removing IdP Groups
  • Adding/Removing IdP Users

Version 2 of the PrinterLogic IdP integration will support Secure Printing while Version 3 will support the Mobile Printing modules. These updates will be automatically delivered to PrinterLogic SaaS customers later in 2020.

Support for Google Cloud Identity is also set for later in 2020, which combined with the recent release of the PrinterLogic Chrome OS Client Extension, will provide a robust solution for Chrome OS printing and give enterprises a uniform print experience independent of end user operating systems.

Seamless integration with PrinterLogic

PrinterLogic SaaS now integrates seamlessly with leading cloud-based IdPs, ensuring customers secure, appropriate and convenient user access to cloud-based networks and applications. Organizations already standardized on a cloud-based IdP can confidently take advantage of PrinterLogic’s infrastructure reduction, centralized printer management, and secure print benefits.

You can start a PrinterLogic SaaS trial here. For more information on IdP, see our Printerlogic-IdP integration FAQ here.

To talk with someone at PrinterLogic in North America, phone 1. 435.652.1288. Click here for international contact information.

Interested in eliminating all of your print servers?

We deliver a highly available Serverless Printing Infrastructure using a centrally managed Direct IP printing platform. If you want to empower end users with mobile printing, secure release printing, and many advanced features, we’d love to show you how.

Serverless printing is just one quick demo away.

Schedule Now

Share

Author

Author

Pierre Lefebvre

Pierre is a Systems Engineer at PrinterLogic focused on enterprise customers and the healthcare market who specializes in providing his customers with simple solutions to complex business problems. He holds a PhD of Chemistry-Material Science as well as an OKTA Professional certification. Pierre spent the early part of his career in the semiconductor industry in Applications Engineering Development and Management across Europe, Asia and the US. From there, he spent several years in the Electronic Content Management Industry before ultimately joining PrinterLogic. Outside of work, Pierre enjoys playing bass guitar and riding pretty much everything that has two wheels.
© 2020 PrinterLogic. All Rights Reserved | Privacy Policy | Imprint | Cookies