PrinterOn KB Powered By ePRINTit USA

What print submission methods officially support IDM/SSO authentication? - c06328845

Every submission method supports OpenID Connect authentication ( i.e. SSO). The only difference is based on how the authentication method is applied. While Mobile Apps, Web Print and PrintWhere more obviously support OpenID Connect, the other methods support it as well.

For IPP Print - which includes MacOS and AirPrint , there is an additional configuration requirement on the identity Management provider that indicates that Resource Owner Password Flow is enabled. Resource Owner Password Flow is a method that allows OpenID Connect to be used without prompting with a browser. Azure AD supports this by default when the recommended configuration is applied. Other providers including Ping required an additional configuration option to be enabled. PrinterOn standard documentation defaults the best practices for Ping and these can be applied for other Identify Management providers as well.

PQMS and Google Cloud Print use email address lookup to validate the user's identify, The user must log into the system with an alternative method first ( eg. CPS or mobile app), so their email address is synchronized into the PrinterOn service. Note that a bug existing in the PQMS implementation prior to version 4.1 that caused the lookup to fail for known users and Guest Printers were required to work around the issue.


Applies to PrinterOn Enterprise 4.x and later. As of Enterprise 4.1 the issue is resolved and the user lookup is performed.