Identity Sync

Identity Sync is an authentication option for environments using an LDAP domain. With Identity Sync configured, users can authenticate to the Control Panel Application (CPA) using their LDAP username and password, badge, or PIN.

The Identity Sync service requires an LDAP connection and a Service Client, a designated device within your network running the service. This keeps identity queries behind your firewall. It is important to note that users' passwords are not stored or synced with your PrinterLogic SaaS instance.

Identity Sync uses a "lazy load" function to help reduce the time it takes to sync users within groups. The "lazy-load" of group members means that if the group has an assignment like printer deployment, portal security, or something assigned explicitly to the group, then PrinterLogic SaaS will sync all the group's members. If the group does NOT have an assignment, the group object will sync but will NOT initially sync any group members. If the group gets assigned to something after the initial sync, the next time the identity sync client checks in (done at a 5-minute interval), it will sync all the group members for the group(s) that were given an assignment.

Prerequisites

Enable Identity Sync

  1. In the Admin Console tree structure, navigate to the Service Client object the Identity Sync service will run on.

  2. Select the Service Client's Identity Sync tab.

  3. Check the box for Enable LDAP Identity Sync.

    Identity Sync tab with an arrow pointing to the selected Enable LDAP Identity Sync option.

  4. Select Save. Additional fields display after the page has refreshed.

  5. (Optional) The Enable Group Membership Sync option ignores the "lazy-load", of group membership associations and force syncs all group membership associations regardless of assignments within the Admin Console.

    Our recommendation is to leave the Enable Group Membership Sync box unchecked unless the behavior outlined above is desired.

  6. The LDAP Attribute to be used for Identity Linking defaults to sAMAccountName which is recommended. If this is not the linking attribute you wish to use, adjust the entry in the text field.
  7. Select Save.

After saving, the Identity Sync service begins adding users to the Tools then Identities or Tools then Identity Management tab. The tab name differs depending on the bundle purchased.

If users aren't showing shortly after enabling the service:

  1. Confirm the PrinterLogicServiceIdentitySync.exe service is running on the Service Client.

  2. Navigate back to the Service Client's Identity Sync tab and select the Force Full Sync button.

    Identity tab showing the LDAP linking attribute field, and an arrow pointing to the Force Full Sync button below, and displaying a message about the LDAP Connection Status below the button.

Delete Users / Groups

Sometimes, it becomes necessary to delete provisioned users or groups. The self-service delete function enables IT Admins to remove all provisioned users and groups. For legal reasons, PrinterLogic SaaS Support cannot remove these for customers, which leaves this action at the discretion of the IT Admin. The steps below walk admins through the deletion confirmation process.

  1. In the PrinterLogic SaaS Admin Console, navigate to Tools then Settings then General.
  2. In the Identity Provider Settings section select the LDAP option.

  3. In the LDAP Sync section, select the Delete Provisioned LDAP Data button.

    LDAP Sync section showing a note about the button, and an arrow pointing to the Delete Provisioned LDAP Data button.

  4. In the Delete LDAP Provisioning Data pop-up, type DELETE.

  5. Select the Delete button which becomes visible after entering the text.

    Delete LDAP Provisioning Data pop-up showing a message about the actions, the field to type DELETE, and an arrow pointing to the Delete button in the lower right.

    This action will delete all LDAP users and groups from the PrinterLogic SaaS database for all configured AD domains and will require you to provision them again. The RBAC, Portal Security and Printer Deployment rules associated with these users and groups will continue to function unless they are manually deleted by the admin. This action cannot be undone. Are you sure you want to continue?

Allow a few minutes for large LDAP environments to be cleared.