What is the order of preference for collecting username values from an iDM integration? - c06333211

As of 4.1, the Central Print Service will trust the JWT first, then add any additional information found in the UserInfo response.

The consequence of that change is that the username must be determined from the JWT, it can be retrieved from userInfo later on, but if it is missing from the JWT/IDToken response then we will not be able to collect the correct job owner.

For consistency, one of the 5 claims below should be returned when we call the token URL or the UserInfo URL. What claim is returned is based on any integrations they might have in place. If there is no 3rd Party Integration for Print Management, the claim used will be reflected in PrinterOn usage reports and therefore should be an email or preferred_username.

On the PrinterOn side, irrespective of the method of submission, we will use returned claims in the order below to determine the job owner name.

1. preferred_username
2. email
3. upn
4. userPrincipalName
5. sub - this is guaranteed to be in every JWT, but often just a UUID value and not something helpful for integration

NOTE:

Applies to PrinterOn Enterprise 4.1 and later.