Configuring an IdP

An Identity Provider (IdP) verifies a person's identity through an authentication token. Virtual Appliance utilizes IdP configurations for several purposes, including logging in to the Admin Console and portals, deploying printers, releasing print jobs, and more.

The linked configurations in the IdP Configuration section below include steps for setting up supported IdPs in your Virtual Appliance instance.

When utilizing the Control Panel Application (CPA) in conjunction with an Identity Provider (IdP), it's important to note that only Badge and PIN authentication methods are supported at the CPA.

When you consider how to set up your IdP configuration be aware that SCIM provisioning requires an open connection from the IdP provider into the Virtual Appliance instance gateway container. We recommend JIT provisioning when setting up your IdP connection.

Portal Access

To configure an IdP in Virtual Appliance, you'll need access to the Admin Console and your organization's identity provider portal. If you can access both portals, select the desired IdP from the IdP Configuration section below to get started.

In environments where the Virtual Appliance administrator is not an IdP administrator, you must identify the correct point of contact to assist. The Virtual Appliance admin starts and saves the IdP Settings template in the Admin Console, then provides the IdP administrator with the Service Provider Information from the template and the related configuration link from the IdP Configuration section.

If you are working with an IdP administrator, here are the steps to add the IdP Settings template to provide the IdP administrator with the correct information.

Access Service Provider Information

These steps are only for Virtual Appliance admins working with an IdP administrator. If you have access to the Virtual Appliance Admin Console and IdP administrator portal, follow the steps for the IdP in the IdP Configuration section.

  1. Open your Virtual Appliance Admin Console and sign in.
  2. Select Tools then Settings then General, and scroll down to the Identity Provider Settings section.
  3. Select IdP, and then select Add.
  4. Select the identity provider you want to configure in the IdP Template drop-down.
  5. In the Name field, enter the name you want displayed on the login button for users, e.g. My Company, Login, Acme Corp, etc.
  6. Copy the values in the Service Provider Information data to send to your IdP administrator.
  7. Select Apply.
  8. Select Save in the upper-right of the General settings page.

Send the Service Provider Information values and the related IdP configuration link to your IdP administrator. When they have completed their side and sent back the SSO URL, X-509 Certificate, and Issuer ID/Issuer URLs (if applicable):

  1. Open your Virtual Appliance Admin Console and sign in.
  2. Select Tools then Settings then General, and scroll down to the Identity Provider Settings section.
  3. Select IdP, and then select Modify.
  4. Add the SSO URL value to the SSO URL field.
  5. Press Tab on your keyboard to auto populate the Issuer URL and Issuer ID fields, or add them manually.
  6. Add the X-509 certificate, including the Begin/End headers to the X-509 Certificate field.
  7. Scroll down and select the desired enable setting(s).
    1. Enable for End Users Login — Allows end users to login using this IdP. (Self-service Portal)
    2. Enable for Admin Login — Allows Admin users to login using this IdP. (Admin Console)
    3. Both boxes can be checked when using a single IdP, or if the admin and end users use the same IdP to log in.
  8. Select Apply.
  9. Select Save in the upper-right of the General settings page.

For steps on assigning users and roles to the Virtual Appliance Admin Console reference Admin Console Users.

IdP Settings window showing the different fields and the Service provider information section.

IdP Configuration

If the IdP Settings page does not look like the image shown below, you may not be using the latest version and should contact Product Support to upgrade your IdP settings.

New IdP UI showing the different fields and drop-downs used to configure an identity provider.