PrinterOn KB Powered By ePRINTit USA

Configure OKTA IDM authentication through the PrinterOn Enterprise solution - c06237871

Using the steps below the administrator of the PrinterOn Enterprise solution can configure OKTA as the authenticating IDM provider.

Login to the OKTA account as the administrator of the OKTA solution (access to the Okta administration panel is required).

Create the Application within the OKTA administration interface:

  1. Login to the OKTA account as the administrator of the OKTA solution
  2. Select Applications
  3. Select Add Application
  4. Select Native then select 'Next' to continue

    Application Settings screen:
  5. Enter the Name of the application
  6. Define the Login redirect URIs; all the URIs below should be defined
    • https://123.45.67.89/cps/servlet/LoginServlet ( where 123.45.67.89 is the IP address or DNS name of the machine hosting the PrinterOn Enterprise solution )
    • https://127.0.0.1:64000 (required for the PrinterOn PrintWhere application )
    • http://127.0.0.1:64000 (required for the PrinterOn mobile application )
    • https://sentinel.printeron.net/oauthredirect ( required for the PrinterOn mobile application )
  7. Define the Group Assignments (type the name of the groups if required, otherwise keep Everyone in the field, it's already default)
  8. Grant type allowed options:
    • Authorization Code (checked by default)
    • Refresh Token (is required as the PrinterOn Enterprise solution uses this to validate if the credentials or token needs to be updated)
    • Resource Owner Password (required for Airprint functionality from the mobile device and from the MAC OS)
  9. Select Done to complete the application creation ( this will route back to the General Tab, if not select the General tab )
  10. Scroll down and select Edit on the Client Credentials option
  11. Change the Client Authentication from Use PKCE to Use Client Authentication
  12. Select Save to confirm the changes
  13. Copy the Client ID into a document ( this will be used in the PrinterOn Configuration Manager )
  14. Copy the Client Secret into a document ( this will be used in the PrinterOn Configuration Manager )

Locate the Authentication, Token and UserInfo endpoints:

  1. While logged into the Okta web administration panel
  2. Below the Sign Out option, find the Org URL (see image below):
  3. Copy the URL as this will provide the details for the baseURL: ( example URL https://dev-469146.oktapreview.com )
  4. Put this value in the browser (while logged in) at the end of the Org URL (from step 1) ' /oauth2/default/.well-known/openid-configuration '
    • example: https://dev-469146.oktapreview.com/oauth2/default/.well-known/openid-configuration​
  5. The output will contain the information that's required to extract the authentication, token and userinfo (sample output):
  6. Copy these information to the document containing the Client Key and secret.

Update the PrinterOn Configuration Manager:

  1. Login to the PrinterOn Configuration Manager
  2. Select the Authentication Tab
  3. Select Third-Party Identity Management Service from the drop down menu
  4. Enter the information in the fields base on the information previously collected
  5. Validate that the Scope is defined with these values: openid email profile offline_access
  6. Select Apply settings to commit the changes
  7. Attempt to login to the PrinterOn configuration Manager using the Okta

NOTE:

Applies to PrinterOn Enterprise 4.1.4.24050 or later.