PrinterLogic SaaS and Cloud-based Identity Providers (IdP)

Written by

PrinterLogic, the world leader in Serverless Printing Infrastructure (SPI), has announced General Availability of Version 1 of its integrations with the cloud-based IdPs Okta and Azure AD. For PrinterLogic SaaS customers, this release provides support for SAML 2.0-based federated authentication. 

PrinterLogic gives organizations the ability to eliminate print servers and provides a centrally managed direct IP print infrastructure. PrinterLogic publishes two distinct web pages and installs a client on end-user workstations to communicate with the server and facilitate printing.

To function properly all these elements have the need for user authentication and authorization. This blog explains where the integration points are.

No more Active Directory

The PrinterLogic web-based Admin Console enables administrators to centrally manage both printer and driver deployments by users and groups. This console supports role-based access control (RBAC) so admins have access rights only to the information they need. Traditionally, PrinterLogic SaaS has relied on Active Directory and LDAP to authenticate admins and automate deployment of printers to end users.

PrinterLogic’s Self-service Installation Portal enables end users to perform routine printer installs by themselves with a single click, and traditionally relies on their AD identity to grant them access to only the printers they are allowed to install.

Windows and Mac clients also traditionally rely on the user’s AD identity to perform their tasks such as installing and removing printers and/or new profiles.

What is a cloud-based IdP?

Cloud-based IdPs allow IT admins to deliver SaaS applications securely and to the right person. Identity management also supports Multi-factor Authentication (MFA) and Single Sign-on (SSO). 

Authentication and Authorization are both common terms in the world of Identity and Access Management (IAM). Cloud-based IdP is a subset of this larger IAM market space.

Authentication is the act of validating that users are who they claim to be, while Authorization is the process of giving the user permission to access a specific resource or function. Authorization is often used interchangeably with Access Control or Client Privilege.

SAML (Security Assertion Markup Language) is an XML-based standard used for exchanging authentication and authorization data between an IdP and a Service Provider (SP). The SP is typically a cloud-based application, and in Figure 1 below the SP is PrinterLogic.

In an SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one.

PrinterLogic SaaS support for IdP

PrinterLogic SaaS is part of the Okta Integration Network (OIN) as both a SAML- and Provisioning-enabled Application. It is also part of the Microsoft Azure App Gallery. 

Online documentation is available for Azure AD and Okta to help IT teams configure PrinterLogic for integration with these services.

Figure 1 illustrates the integration between PrinterLogic SaaS and a cloud-based IdP.

Figure 1: Integration between PrinterLogic SaaS and a Cloud-based IdP.

How IdPs and PrinterLogic work together

The flow of communication between the the IdP and PrinterLogic is as follows:

  1. The end user logs into PrinterLogic SaaS Self Service Portal via a web browser.
  2. PrinterLogic SaaS generates a SAML authentication request and redirects the browser to the IdP’s SSO portal.
  3. The end user enters their credentials and requests authentication from the IdP.
  4. The IdP parses the SAML request and authenticates the end user.
  5. The IdP generates an encoded SAML response and returns it to PrinterLogic SaaS.
  6. PrinterLogic SaaS authorizes the client and grants access to the Self Service Portal.

There are two separate sign-in flows through which authentication can be handled by SAML, both of which are supported by PrinterLogic SaaS. 

  1. The first known as an SP-initiated flow, occurs when the user attempts to sign in to a SAML-enabled SP via its login page. Instead of prompting the user to enter a password, an SP that has been configured to use SAML will redirect the user to the IdP which will then handle the authentication and redirect the user back to the SP as a verified user.
  2. The second flow is known as an IdP-initiated flow. This occurs when the user logs into the IdP and launches the SP application by clicking its icon from their home page. If the user has an account on the SP side, they will be authenticated as a user of the application and will generally be delivered to its default landing page, which in the case of PrinterLogic is the Self-service Installation Portal page.

PrinterLogic SaaS IdP integration also supports the System for Cross-domain Identity Management (SCIM), which allows for the automation of user provisioning. When changes to identities are made in the IdP, including create, update, and delete, they are automatically synced to the SP in real-time according to the SCIM protocol.

A look at Version 1’s functionalities

Version 1 of IdP integration supports the following core functionalities of PrinterLogic SaaS:

  • Support for Windows and Mac workstations
  • Access to the Admin Console and full RBAC
  • Full Reporting
  • Deployments by User or Group
  • Portal Security by User or Group
  • User login via IdP Website
  • Adding/Removing IdP Groups
  • Adding/Removing IdP Users

Version 2 of the PrinterLogic IdP integration will support Secure Printing while Version 3 will support the Mobile Printing modules. These updates will be automatically delivered to PrinterLogic SaaS customers later in 2020.

Support for Google Cloud Identity is also set for later in 2020, which combined with the recent release of the PrinterLogic Chrome OS Client Extension, will provide a robust solution for Chrome OS printing and give enterprises a uniform print experience independent of end user operating systems.

Seamless integration with PrinterLogic

PrinterLogic SaaS now integrates seamlessly with leading cloud-based IdPs, ensuring customers secure, appropriate and convenient user access to cloud-based networks and applications. Organizations already standardized on a cloud-based IdP can confidently take advantage of PrinterLogic’s infrastructure reduction, centralized printer management, and secure print benefits.

You can start a PrinterLogic SaaS trial here. For more information on IdP, see our Printerlogic-IdP integration FAQ here.

To talk with someone at PrinterLogic in North America, phone 1. 435.652.1288. Click here for international contact information.

The Security Risks of Enterprise Printing and How to Create a Secure Printing Environment

Written by

Among IT professionals, it’s no secret that printers represent an overlooked security threat. When the research firm Quocirca surveyed 240 enterprise organizations across the United States, the UK, France and Germany for its 2018 report on managed print services, around half of the respondents stated that print security was part of their overall information security strategy.

If just US respondents were singled out, that number rose to 70%.

Strangely, though, only 30% of all the respondents claimed to be fully confident that their print infrastructure was safeguarded against internal and external threats.

In other words, despite understanding the importance of secure print management and secure printing, the vast majority acknowledged their enterprise print environment was still at risk. What explains that gap between awareness and action in print security?

Security pain points in a typical environment

Printers are among the most widely used devices in any organization. Regardless of your preferred printing solutions, printers are accessed by every department, every employee and even automated systems. That constant, widespread access increases the security risks surrounding sensitive documents.

Yet the need for constant, widespread access also makes the print environment tough to lock down. Print management is hard enough without all kinds of additional security measures in place. If you do try to implement more secure printing, end users who find themselves inconvenienced are either going to pester the help desk or, worse, find a (non-secure) workaround.

For IT admins, that seems like a lose–lose scenario.

Preserving the status quo is the path of least resistance, yet it leaves the print environment vulnerable. On the other hand, increasing print security using conventional printing solutions is bound to create more print management overhead. It’s also likely to leave end users unhappy or compel them to undermine the security you’ve worked so hard to implement.

It’s still absolutely crucial to harden print security

The bottom line is this: No matter what the challenges, sidelining print security just isn’t an option. The costs of data breaches are huge, and the exposure vectors are everywhere:

  • Human error: Employees frequently print documents and then forget to retrieve them. That leaves sensitive information sitting in the output tray for anyone to see—or take to a competitor.
  • Outdated print architectures: Legacy printing solutions like print servers store print jobs in a common queue. If hackers gain access to the queue, they gain access to every job in it.
  • Halfhearted security measures: Print security is all or nothing. Any loophole will be exploited. But that also means admins have an obligation to make secure printing a natural, seamless part of their end users’ workflows.

It takes a next-generation printing solution to overcome longstanding, universal shortcomings like these.

Secure printing through serverless printing

Secure release printing from PrinterLogic leverages the strengths of our serverless printing infrastructure so that it’s simple to deploy and manage, user friendly and cost-effective. That’s because PrinterLogic eliminates print servers and all their vulnerabilities while enhancing ease of use for admins and end users too.

With PrinterLogic, pretty much any networked printer can be turned into a secure release printer. If you have an existing badge or ID card swipe system, PrinterLogic can easily integrate with your hardware readers to release secure print jobs. Alternatively, users can authenticate using the printer’s embedded control panel or our Print Release App for iOS and Android smartphones.

EPIC Management implemented PrinterLogic with a view to simplifying print management as well as streamlining the tightly controlled printing of electronic medical records (EMR). Today this California-based MSP is able to better serve its customers by providing them with the ability to print protected health information (PHI) easily, reliably and securely. Read the case study here.

Leave the flaws of traditional printing solutions behind and give PrinterLogic’s secure printing a test run—along with all its other amazing functionality—in your own organization. Sign up now and you’ll be able to demo our serverless printing infrastructure free of charge for 30 days.