Print Deploy provides a built-in application that allows you to use Microsoft Single Sign-On (SSO) immediately; however, it relies on secrets managed by PaperCut, which might require updates or renewals. Organizations using their own custom application can proactively manage these themselves.
Using a custom Microsoft Entra ID application with Print Deploy
When configuring Microsoft Entra ID for Print Deploy, you have two options:
- Update an existing Entra ID application — if you’ve already set up an Entra ID application for Mobility Print or PaperCut MF. Ideal if you already use Entra ID for other PaperCut services, enabling you to reuse and update an existing application.
- Create a new Entra ID application — specifically for Print Deploy. Recommended for setting up a standalone application dedicated to Print Deploy.
Both options allow you to establish secure Single Sign-On (SSO) functionality.
Choose the option that best fits your organization’s needs, then follow the respective configuration steps to ensure your Entra ID application integrates seamlessly with Print Deploy.
Finally, follow the steps to
Configure Print Deploy
to finalise the process.
Step 1 — Configure your Entra ID application
Choose how you want to configure Entra ID and follow the related procedure below:
- Option 1: Update from an Entra ID application created for PaperCut MF
- Option 2: Create a new Entra ID application for Print Deploy
Option 1: Update from an Entra ID application created for PaperCut MF
If you have already configured an Entra ID application for PaperCut MF, you can make small changes to use the same app for Print Deploy.
- In your Entra ID portal, go to Applications > App registrations and locate your application.
- In the navigation pane, under Manage, select Authentication.
- Under Platform configurations > Web Redirect URIs click Add URI.
- Add a new Redirect Uri:
http://localhost:9176/oauth2/microsoft/callback
- Under Implicit grant and hybrid flows, select Access tokens (ID tokens should already by selected).
- Under Supported account types, select Accounts in any organizational directory.
- Click Save.
Option 2: Create a new Entra ID application for Print Deploy
1. Create your Entra ID application
- Log in to Entra ID as an application administrator.
- In the Search bar, search for and select Microsoft Entra.
- In the navigation pane, under Manage, select App Registrations.
- Click New registration.
- Fill in the basic information for your application.
- Set Name as something you can easily identify, for example, PaperCut Print Deploy SSO.
- In Supported Account Types, choose whichever option suits you. Print Deploy by default uses Accounts in any organizational directory and personal Microsoft accounts — you might want to tighten this.
- Click Register.
2. Give your application permissions to read users
- In the navigation pane, under Manage, select API Permissions and click Add a permission.
- In the right pane, select Microsoft Graph, and click Delegated permissions.
- Use the search bar to locate and add the following permissions:
User.Read
3. Configure your application’s authentication
- In the navigation pane, under Manage, select Authentication.
- Under Platform configurations, click Add a platform.
- In the right side pane, select Web.
- Fill in the platform configuration with the following values:
- Add a new Redirect Uri:
http://localhost:9176/oauth2/microsoft/callback
- Leave the front-channel logout URL blank.
- Under Implicit grant and hybrid flows, select both ID Tokens and Access Tokens.
- Add a new Redirect Uri:
- Click Configure.
4. Generate an application client secret value
- In the navigation pane, under Manage, select Certificates & secrets.
- Under Client Secrets, click New client secret.
- Complete the following fields:
- Description: set to something memorable, for example, “PaperCut Print Deploy Secret”.
- Expires: Choose an appropriate expiry date.
- Click Add.
- Copy the client secret value for later use.
Step 2 — Configure Print Deploy
- On the Print Deploy server, open the config folder in the path:
[app-path]\providers\print-deploy\[os]\data\config.
- Create a file called
oauth.microsoft.conf.toml
. - Enter your Entra ID application details in the file under the following fields:
ClientID = “your-entra-application-id”
ClientSecret = “your-entra-client-secret-value” - Save the file and restart the Print Deploy server.
Comments