Last updated: May 06, 2024
OneLogin
An Identity Provider (IdP) vouches for the identity of a person through the use of an authentication token. PrinterLogic SaaS uses IdP for several things, including logging in to the Admin Console and portals, deploying printers, releasing print jobs, and more.
If you use an IdP, the Control Panel Application (CPA) only supports badge and PIN authentication.
Configure Connection
To add and configure app properties for the PrinterLogic SaaS connection do the following:
- Create OneLogin App.
- Add IdP Template.
- Configure Single Sign On.
- Add the X-509 Certificate.
- Complete IdP Settings.
- Configure Provisioning.
- Add PrinterLogic SaaS Admins.
1. Create OneLogin App
- In your preferred browser log in to your OneLogin Admin Portal. https://<your domain>.onelogin.com/login
-
Hover your pointer over Applications in the top menu, then select Applications.
- Select Add App in the upper-right of the Applications window.
- Search for and select the PrinterLogic app.
- Give your app a unique display name and description.
- Select Configuration from the left-side menu.
- In the PrinterLogic Region field, select the region that your PrinterLogic SaaS instance resides in.
-
In the PrinterLogic Subdomain field, enter the subdomain of your PrinterLogic SaaS instance.
Make sure you only enter the subdomain. So if your instance is https://acmecorp.printercloud.com/admin, only enter acmecorp.
- Select Save.
Leave the current browser open to the new app page. To continue the app configuration, you need to open another browser and open the
If the IdP Settings page does not look like the image shown below, you may not be using the latest version and should contact Product Support to upgrade your IdP settings.
2. Add IdP Template
When configuring this IdP through PrinterLogic SaaS, use the Custom option in the IdP Template drop-down.
- In a separate browser tab, open your PrinterLogic SaaS Admin Console and sign in.
- Select Tools Settings General, and scroll down to the Identity Provider Settings section.
- Select IdP, and then select Add.
- Select the identity provider you want to configure in the IdP Template drop-down.
- Select SAML2 in the Authentication Protocol section.
-
In the Provisioning section if you are using SCIM, leave the JIT option unchecked.
By default, it is assumed you are using SCIM for provisioning. Only select JIT if SCIM is not being used.
- In the Name field, enter the name you want displayed on the login button for users, e.g. My Company, Login, Acme Corp, etc.
- Scroll down and select the desired enable setting(s).
- Enable for End Users Login — Allows end users to login using this IdP. (Self-service Portal)
- Enable for Admin Login — Allows Admin users to login using this IdP. (Admin Console)
- Both boxes can be checked when using a single IdP, or if the admin and end users use the same IdP to log in.
Keep the IdP Settings screen open so that the Service Provider Information at the bottom is available for the following steps.
3. Configure Single Sign On
- In the PrinterLogic SaaS IdP Settings window, copy the IdP Identifier from the Service Provider Information section.
- Paste the value into the OneLogin Configuration window's PrinterLogic IdP ID.
- Select Save in the upper-right.
- Select the app's SSO option in the left-menu.
-
Copy the OneLogin Issuer URL and paste it into the PrinterLogic SaaS Issuer URL field.
Leave the PrinterLogic SaaS Issuer ID field blank.
- Copy the OneLogin SAML 2.0 Endpoint (HTTP) value and paste it into the PrinterLogic SaaS SSO URL field.
- Select Save.
4. Add the X-509 Certificate
- Select the OneLogin app's SSO option in the left-menu.
-
In the SSO window's X.509 Certificate section, right-click on the View Details link and select Open in new tab.
If you don't open the link in a new tab that's fine. After completing this section you'll need to navigate back to the app you created. Hover over Applications in the top-menu, select Applications, then select your app from the Applications page.
-
Scroll down to the X.509 Certificate section and copy the certificate body, including the Begin / End Certificate headers.
- Paste the certificate into the PrinterLogic SaaS X-509 Certificate field.
- Select Apply in PrinterLogic SaaS.
- Select Save at the top-right corner of the General page.
5. Complete IdP Settings
- On the PrinterLogic SaaS General page, navigate back to the Identity Provider Settings section.
-
To have PrinterLogic SaaS prompt your users to authenticate through the IdP when performing any function requiring authorization, such as installing a printer, select the Automatically Open Browser to Login on Desktop Client option.
If this option is not selected, the user must manually navigate to the IdP login screen to sign in.
-
We recommend enabling the Use Loopback with SAML2 option. The IdP needs to provide an authentication token to the desktop clients whenever authentication happens. This option allows the client to handle the token and automatically log in without interaction from end users.
- The option to Use Domain User (Windows only) will automatically authorize domain-joined Windows users and not require login via the configured IdPs.
- Select Save in the top-right corner of the General page.
6. Configure Provisioning
The provisioning steps vary depending on whether you are using SCIM or JIT provisioning. Please choose the appropriate option below to view the corresponding steps for the method you are using.
SCIM Provisioning
Enable Provisioning
- In the OneLogin Admin Portal, select Provisioning in the left menu.
- Select Enable Provision. Configure other user management options as desired.
- Select Save.
- Select the OneLogin app's Configuration option from the left-side menu.
Generate / Apply SCIM Token
- In the PrinterLogic SaaSGeneral settings, select the SCIM option in the Identity Provider Settings section.
- Select your IdP configuration in the drop-down menu.
-
Select Generate SCIM Token.
Generating a SCIM token invalidates any previous tokens for that IdP.
- Select Proceed.
- Copy the token, close the modal, and select Save at the top-right corner of General settings.
- Paste the token in OneLogin Configuration window's SCIM Bearer Token field.
- Select the API Status Enable button.
- Select Save in OneLogin.
Confirm Admin Role
The Administrator Role can be set at a group or an individual level. In the following steps, setting the admin role will be shown being set at a user level.
- In the OneLogin Admin Portal, hover your mouse pointer over Users, then select Users or Groups depending on your need.
- Navigate to the user / group you want, and select the object to open it.
- In the left-menu, select Applications.
- Select the Plus (+) Icon.
-
Select your app from the Assign new login to drop-down and select Continue.
- Confirm user / group information and select Save.
- Repeat this process for any additional users / groups.
Check the Provisioning State for users within the OneLogin application's Users window and approve as needed.
JIT Provisioning
If you wish to use JIT Provisioning, make sure the JIT option in the IdP Settings modal is checked and do not enable SCIM. Doing so will create duplicate users and impact login and user authentication.
JIT does not support the provisioning of group membership associations, so you cannot apply RBAC roles, printer deployments or portal security roles to groups. All assignments have to be done individually for each user.
When using JIT Provisioning, the application creates users during the first sign-in attempt.
- Access your PrinterLogic SaaS instance and select Sign in with <IdP Name>.
- Attempt to login with your IdP credentials.
-
This login attempt will fail and return you to the PrinterLogic SaaS login page.
This is expected. With JIT, this action triggers the user creation in PrinterLogic SaaS.
- The following login attempt with valid credentials initiates a typical login sequence.
Administrators who need access to the Admin Console still need to be added to the Tools Users page using the steps in Admin Console Users .
7. Add PrinterLogic SaaS Admins
For steps on assigning users and roles to the PrinterLogic SaaS Admin Console reference Admin Console Users .
-
Release Date: 17 May, 2024
-
Windows Client Release Notes Updated
Release Date: 16 May, 2024
-
Mac/Linux Client Release Notes Updated
Release Date: 16 May, 2024
-
Chrome OS Client Release Notes Updated
Release Date: 24 April, 2024
-
Topic on additional options.
-
A new topic has been added for HP devices using ONCP
-
A setting has been added to only print attachments.