Skip to content

Choose your language

  • No results

Choose your login

  • No results
Support
Search

Use a custom Microsoft Entra ID application with Print Deploy

This page applies to:

Print Deploy provides a built-in application that allows you to use Microsoft Single Sign-On (SSO) immediately; however, it relies on secrets managed by PaperCut, which might require updates or renewals. Organizations using their own custom application can proactively manage these themselves.

Using a custom Microsoft Entra ID application with Print Deploy

When configuring Microsoft Entra ID for Print Deploy, you have two options:

  • Update an existing Entra ID application — if you’ve already set up an Entra ID application for Mobility Print or PaperCut MF. Ideal if you already use Entra ID for other PaperCut services, enabling you to reuse and update an existing application.
  • Create a new Entra ID application — specifically for Print Deploy. Recommended for setting up a standalone application dedicated to Print Deploy.

Both options allow you to establish secure Single Sign-On (SSO) functionality.

Choose the option that best fits your organization’s needs, then follow the respective configuration steps to ensure your Entra ID application integrates seamlessly with Print Deploy.

Finally, follow the steps to Configure Print Deploy to finalise the process.

Step 1 — Configure your Entra ID application

Choose how you want to configure Entra ID and follow the related procedure below:

Option 1: Update from an Entra ID application created for PaperCut MF

If you have already configured an Entra ID application for PaperCut MF, you can make small changes to use the same app for Print Deploy.

  1. In your Entra ID portal, go to Applications > App registrations and locate your application.
  2. In the navigation pane, under Manage, select Authentication.
  3. Under Platform configurations > Web Redirect URIs click Add URI.
  4. Add a new Redirect Uri in the format
    http://type-your-papercut-server-address-here:9176/oauth2/micrsoft/callback
    For example: http://papercut.school.com:9176/oauth2/microsoft/callback
  5. Under Implicit grant and hybrid flows, select Access tokens (ID tokens should already by selected).
  6. Under Supported account types, select Accounts in any organizational directory.
  7. Click Save.

Option 2: Create a new Entra ID application for Print Deploy

1. Create your Entra ID application

  1. Log in to Entra ID as an application administrator.
  2. In the Search bar, search for and select Microsoft Entra.
  3. In the navigation pane, under Manage, select App Registrations.
  4. Click New registration.
  5. Fill in the basic information for your application.
    • Set Name as something you can easily identify, for example, PaperCut Print Deploy SSO.
    • In Supported Account Types, choose whichever option suits you. Print Deploy by default uses Accounts in any organizational directory and personal Microsoft accounts — you might want to tighten this.
  6. Click Register.

2. Give your application permissions to read users

  1. In the navigation pane, under Manage, select API Permissions and click Add a permission.
  2. In the right pane, select Microsoft Graph, and click Delegated permissions.
  3. Use the search bar to locate and add the following permissions: User.Read

3. Configure your application’s authentication

  1. In the navigation pane, under Manage, select Authentication.
  2. Under Platform configurations, click Add a platform.
  3. In the right side pane, select Web.
  4. Fill in the platform configuration with the following values:
    • Redirect URIs: set to: http://type-your-papercut-server-address-here:9176/oauth2/microsoft/callback
      For example: http://papercut.scool.com:9176/oauth2/microsoft/callback
    • Leave the front-channel logout URL blank.
    • Under Implicit grant and hybrid flows, select both ID Tokens and Access Tokens.
  5. Click Configure.

4. Generate an application client secret value

  1. In the navigation pane, under Manage, select Certificates & secrets.
  2. Under Client Secrets, click New client secret.
  3. Complete the following fields:
    • Description: set to something memorable, for example, “PaperCut Print Deploy Secret”.
    • Expires: Choose an appropriate expiry date.
  4. Click Add.
  5. Copy the client secret value for later use.

Step 2 — Configure Print Deploy

  1. On the Print Deploy server, open the config folder in the path: [app-path]\providers\print-deploy\[os]\data\config.
  2. Create a file called oauth.microsoft.conf.toml.
  3. Enter your Entra ID application details in the file under the following fields:
    ClientID = “your-entra-application-id”
    ClientSecret = “your-entra-client-secret-value”
  4. Save the file and restart the Print Deploy server.

Comments