Xerox - CPA 2.0

Complete the requirements and follow the steps below to install the second-generation Control Panel Application (CPA) on Xerox printers. For a list of supported devices, see PrinterLogic CPA.

Installation Requirements

Ensure all of the universal requirements are completed and functional prior to CPA setup. In addition, Xerox also requires the following.

  • Ensure that your printer is on the most updated firmware version. Older Extensible Interface Platform (EIP) levels do not support some CPA features.
  • Xerox Web Services enabled. (generally this is enabled by default)
  • Simple Object Access Protocol (SOAP) enabled. (generally is enabled by default)
  • Enable Transport Layer Security (TLS) 1.2 on the Multifunction Printer (MFP).
  • Adding a driver for your card reader for Versalink devices is sometime necessary.
  • Ensure Domain Name System (DNS) information is entered in correctly on the MFP device.
  • Installations using an SSO mode or card readers require SNMP v2 or v3 configured.
    • SNMP v3 configurations require Message-Digest Algorithm (MD5) Authentication Protocol.

Additional Port Information

CPA installation and uninstallation occur from the Service Client object to the printer over TCP 443.

CPA operation requires two main communication paths:

  • From the printer to the Service Client object over TCP 31988.
  • From the printer to the Virtual Appliance instance (cpp-ui.FQDN_of_Virtual Appliance and cpa-api.FQDN_of_Virtual Appliance) over TCP 443.

Everyday printing communication occurs from the workstation to the printer over TCP 9100 (or TCP 515 for LPR queues).

By default, Certificate Revocation List (CRL) checks occur over TCP 80 from the Service Client. The installation may fail if the CRL check cannot complete over Port 80.

Card Readers

If you use badging, configure SNMP v2 or v3, and verify Xerox Secure Access is enabled.

Certificates

If using self-signed certificates, ensure the root Certificate Authority (CA) is installed on the printer(s).

General Authentication Options

What the CPA displays to the end user at the printer is determined by the authentication options on the TCP / IP printer. If you are using the same authentication options for all printers you can use the default settings. If you want to be able to set specific methods on a per-printer basis, you can choose which printer-specific options you want available to set up on individual printers.

Default Settings

Be aware that default authentication settings vary depending on the identity provider. The LDAP settings differ from settings available for an IdP such as Okta or Entra ID (Azure AD).

LDAP

  1. In the Identity Provider Settings section, ensure that LDAP is selected and that your LDAP credentials are configured correctly.

    Identity Provider Settings section of the Admin Console's General tab with the LDAP option selected.

  2. Scroll down to the CPA Specific Settings section and select the options that you want available on the Printer Apps tab.

    General tab's CPA Specific Settings section showing the different authentication methods that can be selected/enabled.

    Not all the options seen here may be available. The printer's Apps tab displays the manufacturer supported options.

  3. To set PIN Settings do the following:
    1. Set PINs to store in either the Virtual Appliance or Active Directory databases. Depending on your selection, enter the field names for the following:
    2. The field name containing User ID
    3. The field name containing PIN.

      If the Database option is selected, the end-user must set the PIN within the Self-service Portal. See User ID and Pin

  4. To set the Badge Settings do the following:
    1. Set badges to store in the Virtual Appliance or Active Directory databases.
    2. For Active Directory provide the field name that contains the badge ID attribute.

      The Database option makes badge registration mandatory. Administrators can manage badges individually through the badge management screen or in bulk by CSV. End-users also can set up their badge within the Self-service Portal. See Badge Self Registration Options.

  5. Scroll down to the Control Panel Application section. The configuration of these settings is optional.
    1. You can set a default Username and Password to access the printer's web interface on all printers where you're installing the CPA.

      General tab's Control Panel Application section showing the Default Single sign-on enable/disable setting.

      The credentials used MUST have administrative rights for the printer.

    2. Default Single Sign On settings — select from the following options:
      1. Enabled — the default option. This option requires users authenticate to gain access to the printer's control panel.

      2. Disabled — with this option selected, the users are only asked to authenticate when they select the PrinterLogic from the device's control panel.
  6. Scroll back to the top and select Save.

IdP

  1. In the Identity Provider Settings section, ensure that IdP is selected and that the credentials are configured correctly for your IdP.

    General tab's Identity Provider Settings section with the IdP option on the left enabled.

  2. Scroll down to the CPA Specific Settings section.

    General Tab's CPA specific settings section showing the IdP authentication methods, self-registration options, and badge management options.

    Not all the options seen here may be available. The printer's Apps tab displays the manufacturer supported options.

  3. Select the options you want available on the Printer Apps tab. 

    If you use an IdP, the Control Panel Application (CPA) only supports badge and PIN authentication.

    1. Enable PIN Authentication — use this option to enable the PIN authentication at the printer level. the PIN gets stored in the IdP database and mapping to a PIN attribute gets completed within the IdPs admin console. If you do not use your IdP to manage PINs, you can select the following option.

      1. Enable self registration of PIN for IdPs — enable this option to allow end users to register their PIN using the Self-service Portal. The PIN is stored in the Virtual Appliance database. See User ID and Pin for end user instructions.

        Do not enable Enable self registration of PIN for IdPs, if you have a PIN attribute mapped through your IdP.

    2. Enable Badge Scan Authentication — use this option to enable badge authentication at the printer level. The badge number and associated user ID get stored in the IdP database. In this case, mapping to a badge attribute and user ID attribute is completed within the IdPs admin console. If you do not use your IdP to manage PINs, you can select the following option.

      1. Enable managing of badges in Virtual Appliance instead of in IdP — enable this option to manage the badge numbers in the Virtual Appliance database. You can register each badge on the badge management page or in bulk by CSV. End users can also register their badge within the Self-service Portal. Reference Badge Self-Registration Options for steps.

        If you Enable managing of badges in PrinterLogic instead of in IdP,Virtual Appliance ignores any badge mapping configured in the IdP admin console.

  4. Scroll down to the Control Panel Application section. The configuration of these settings is optional.
    1. You can set a default Username and Password to access the printer's web interface on all printers where you're installing the CPA.

      General tab's Control Panel Application section showing the Default Single sign-on enable/disable setting.

      The credentials used MUST have administrative rights for the printer.

  5. Default Single Sign On settings — select from the following options:
    1. Enabled — selected by default, this option requires users authenticate to gain access to the printer's control panel.

    2. Disabled — with this option selected, the users are only asked to authenticate when they select the PrinterLogic from the device's control panel.
  6. Scroll back to the top and select Save.

Install the CPA

These steps are to install the CPA on a single printer using the printer's Apps tab. To install the CPA on multiple printers in bulk, reference CPA Manager for steps.

  1. In the Admin Console tree structure, select the printer where you want to install the CPA.
  2. Select the Apps tab.
  3. In the Manufacturer field, select the printer manufacturer.

  4. Select the Service Client you want to use to install the CPA.
  5. Check the box for Install Application.
  6. Check the boxes for any additional apps you wish to install.
    1. Copy/Scan Tracking.
    2. QR Code Display.

Printer object's Apps tab with the Manufacturer drop-down expanded to show the manufacturers that support the control panel application.

Selecting Copy/scan tracking displays additional options to adjust Accounting Prompts.

Xerox specific Copy/Scan settings with options to enable/disable Accounting prompts for copy, fax, print, and scan prompts.

CPA Authentication Options

The options presented in this section are based on what was selected in the identity provider settings above. Please note that authentication features may vary depending on the printer manufacturer.

Installation Credentials

  1. For the Credentials to use when installing PrinterLogic applications on this printer options select from the following:
    1. Use default printer administration credentials — with this option you can use the default name and password to access the printer's web interface for all printers See the identity provider instructions above for more details.
    2. Use printer-specific administrator credentials — with this option you can use the administrator credentials set on each printer.

      The credentials used MUST have administrative rights for the printer.

Credentials to use when installing application on this printer section of the Apps tab showing the bubbles where you select to use the default credentials or printer specific credentials.

End User Credentials

If you use an IdP, the Control Panel Application (CPA) only supports badge and PIN authentication.

  1. Single Sign On — use this option to lock down the printer so that end users must authenticate before accessing the device's control panel. Select from the following options:
    1. Disabled — the device does not require authentication.
    2. Enabled as a Provider — the device displays the default Virtual Appliance CPA screen requiring users to authenticate to use the device.
    3. Enabled as a Listener — the CPA runs in the background and when users authenticate using another device application, they can select the PrinterLogic option from the devices application panel.
  2. In the CPA Authentication section, select from the following:

    1. Enable User ID with PIN Authentication — with this option enabled, users enter their User Id and PIN.

    2. Enable Badge Scan Authentication — with this option enabled, users must scan their badge, card, or dongle.

      The user is prompted for their network credentials upon first scan to validate the badge.

      1. Require PIN (beta) — with this option enabled, end users are prompted to enter their PIN after scanning a badge.

        This feature is incompatible if the SSO option enabled.

  3. Extended debug — this is an optional setting. When enabled, the following options become available:

    1. Certificates — link to download the Virtual Appliance certificate for CA.
    2. PrinterLogic Control Panel Application manual install URL
  4. Select Save to start the installation.

    During the installation process, it is normal for the printer to undergo multiple reboots. Rebooting is an expected behavior as part of the installation procedure.

CPA authentication section of the printer object's Apps tab with the Single Sign-on options, and the authentication options for user ID with pin and enable badge scan authentication showing.

Uninstall the CPA

  1. Open the Apps tab for the printer where you want to uninstall the CPA.
  2. Uncheck the features you want to uninstall from the printer.

  3. Select Save.

Uninstall with EWS/Web Interface

  1. Access the EWS UI/Web Interface for the printer.
    • Quickly access this using the Web Interface link on the printer object's General tab in the Admin Console.
  2. Navigate to Properties then Apps then Custom Apps then Weblet Management.

    This path may vary between models.

  3. Locate the Virtual Appliance CPA.
  4. Select Delete.

Uninstall with a Printer

  1. Access the Control Panel of the device.
  2. Navigate to Tools then App Settings then Weblet Settings then Weblet Management.

    This path may vary between models.

  3. Locate the Virtual Appliance CPA.
  4. Select Delete.

Troubleshooting Help