- User Authentication Providers
- Sentry Print Settings
- Mobile Release QR Code
- Remove User Registration
User Authentication Providers
Every print user must first register to Beacon Sentry Print before they can print documents. Registration is required to establish the identity of users who submitted a print job. The Print Scout component is responsible for facilitating user registration.
Beacon Sentry Print supports three authentication providers for user registration.
- Email Authentication – Uses a familiar email-based account verification workflow. This is the default option.
- Active Directory – This option is suitable for organizations that use Windows Active Directory (AD) for managing users. The Print Scout uses the user’s workstation ID to establish the identity of the user. This option does not require user registration, which means users can submit and release print jobs at once.
- OpenID Connect – This option uses token-based OpenID Connect technology to verify print user identity. This option is suitable for organizations with an existing supported OpenID Connect Identity Provider (e.g., Azure AD, Google) and has well-governed and well-known badges for user access and identity.
CAUTION!: Changing authentication providers will clear all existing user registrations, meaning all existing users will need to register again. You'll also need the Site Encryption Key to switch authentication providers.
With email-based authentication, users register with Beacon Senty Print by viding an email address. Sentry Print then sends an email containing a unique link and verification code to the email address provided, allowing the user to validate ownership of the email account and complete their registration.
Users register their proximity card at a printer using their email address and PIN combination. After this initial setup, the user's ID card is all that's required to authenticate at a network device to release documents. If a user’s proximity card is lost, damaged, or forgotten, users can authenticate at a printer using their registered email address and PIN code.
For information on how to register an email address to Secure Print, refer to the Register email address to the Sentry Print topic.
Email domain whitelist
The Email domain whitelist section allows you to add email domains that you wish users to be able to register with. Email domains that are not on the list are blocked. Users will see the message "<domain>" is not allowed when registering an email address from a domain that is not on the list. If you leave the list empty, allows users to register from any domain. This is the default behavior.
Adding a domain to the whitelist
In the Email domain whitelist field, enter the domain that you want to whitelist and then click Add. You can add more than one email domain. Click Save for changes to take effect.
Deleting a domain from the whitelist
To delete a domain, select the domain you want to remove and then click the Delete selected button.
NOTE: If you delete a domain that users are already registered with, existing users will be able to use Secure Print as usual, but new users will only be allowed to register with domains in the whitelist.
This authentication option is suitable for organizations that use Windows Active Directory (AD) for managing users. With this option, users authenticate at secure printers using their network credentials.
If card registration is enabled (under Proximity Card Settings in the Secure > Settings screen), users can walk to any secure printer, swipe their card and enter their network ID. After this initial setup, a user's ID card is all that's required to authenticate at a secure printer to release documents.
Beacon Sentry Print supports OpenID Connect for Single Sign-on (SSO). When a user prints a document for the first time, they are redirected to the authentication provider’s (Azure AD, Google, etc.) login page. Users log in to Sentry Print using their credentials from the authentication provider configured in the system. Once logged in to their provider, users are automatically logged in to Sentry Print.
NOTE: Secure Print supports the following authentication providers: Microsoft Azure AD, Google, and PingFederate.
Before you can use OpenID Connect with Sentry Print, you must first create and register an application for Sentry Print in your OpenID provider. The OpenID provider assigns a unique Client ID/Application ID and Client Secret for the application after a successful registration. Record these values because you need them to configure Sentry Print.
Configuring OpenID Connect
To configure an OpenID Connect authentication provider, follow these steps:
- Navigate to the Secure > Settings tab.
- In the User Authentication Providers section, select OpenID Connect.
- Enter the following details of the Secure Print application as provided by the OpenID authentication provider:Well-Known Endpoint
- Client ID
- Client Secret
- Save the changes.
For information on how to authenticate with your OpenID Connect credentials, refer to the Register using your OpenID Connect Credentials topic.
Sentry Print Settings
The Sentry Print Settings section contains options for controlling how print jobs are released to secure printers.
Note: Click the Advanced button on the right-hand corner of the screen to view more Sentry Print options.
Users can release their documents from any Secure Print-enabled printer using their mobile devices and QR codes.
This option allows users to release documents using the following options:
Note: By default, both the Proximity Card and User and Password options are selected. Click Advanced for more options.
Users have the option of creating a PIN for quick login - This option is available with the User and Password release type. When enabled, users can release documents using a 4-digit PIN instead of their password.
Note: This option is available only if you have a SR25 Hardware license.
Users release documents using a proximity card. Secure printing is enabled by a sentry device (called the SR25) attached to the back of the printer.
This setting determines where submitted print jobs are stored. Select from these options:
Note: The Force delivery via print servers option only appears after selecting Advanced.
Purge jobs after
This controls how long a print job is stored before it is automatically deleted. Unreleased print jobs will automatically be deleted after 48 hours.
Mobile Release QR Code
With Mobile Release, users release documents by scanning a QR code label attached to a secure printer. The QR code label contains printer information (e.g. IP address) that makes it easy to identify the printers.
The Mobile Release QR Code section enables you to customize the information displayed on your QR Code labels. By default, the system uses the Default template which includes the following printer fields: Manufacturer, Model, and IP address. If the default is not suitable for your organization, you can create a new label template with the printer information that you prefer. You can also change the orientation of the QR Code label (i.e. configure how the elements in your labels are laid out).
You can select from the following set of printer fields to include in the QR Code label:
- Serial Number
- IP v4 Address
- Grid X / Grid Y
The following image shows the default QR code label. It includes the Make, Model, and IP address of a printer. The QR code label is laid out with the company logo on the left-hand side and the QR code on the right-hand side.
The Label Templates section is where you create a new label template, edit an existing label template and select the template for the system to use.
Creating a new QR Code label template
- Navigate to the Secure > Settings screen.
- In the Mobile Release QR Code section, click Create.
- Enter a name to identify the template.
- In the template editor, edit the template as desired (e.g. insert fields, remove fields, change existing logo).
- Save the template.
Note: The Default Template is selected by default. If you wish for a new template to take effect, you will need to select the template to use (by clicking on the template). Make sure to click on the Save button.
Click the Edit button on the template that you want to modify. The template editor appears. The following image shows the elements in the template editor.
- Insert image (to change logo).
- Insert printer fields (e.g. printer’s IP address, Model, Location)
- Format text (Select size of text, bold, italics, change text color).
- Pre-loaded logo (You can change this with your organization’s logo).
- Pre-loaded printer fields (Delete or insert fields as you like).
Note: The Default Template cannot be edited nor deleted. You can only edit or delete templates that you’ve added to the system.
Changing the existing logo
To change the existing logo, you will need to delete the existing logo first and then click the insert image icon . Browse to the location of the logo you want to add. Make sure to save your changes.
Inserting data fields
In the template editor, select the area where you want to add a new field and then click Insert Field. In the drop-down list that appears, select the field(s) that you want to display in your QR code label.
Make sure to save your changes.
Deleting data fields
Select the field that you want to delete from the template editor and then select Delete or backspace from the keyboard. Save changes.
Previewing a template
To see how your QR code labels are rendered before generating them:
- Navigate to Secure > Secure Printers.
- Select the printers for which you want to generate the QR Code labels.
- Click Generate QR. You will see an example of how the template renders in PDF. Take note that the printer fields are not shown in this view; you will only see the new logo and the orientation.
Deleting a Template
Select the template that you want to delete and then click the Delete button.
You can also change the orientation of the label in the Rendering Layout section. Select how the logo, the QR code, and the printer fields are laid out.
Remove User Registration
The Remove Registrations button allows you to remove registered print users and their associated proximity card and/or PIN registrations. You will need to enter the network ID of the user or users whose registration details you want to remove.
- Proximity Card - This removes the association of a card ID from a user. For example, when a user leaves the company, this allows the same card to be used by another user. Or if a user lost their card, old card registration can be removed for security purposes.
- PIN - This option removes the associated PIN for a registered user.
- Complete User Information - This option removes registered print users as well as their associated proximity card and PIN number.