Granting PrinterOn permission to access Azure AD data.
To permit PrinterOn to access the data it needs from Azure AD, you need to configure several permissions in Azure AD. These permissions are associated with two Azure AD APIs:
Microsoft Azure Active Directory: Let PrinterOn sign in to Azure AD.
Microsoft Graph: Let PrinterOn synchronize with the Azure AD data.
Note: PrinterOn only needs access to a very limited amount of Azure AD data. To keep your data secure, you should ensure that you only grant the necessary permissions, described in the following task.
📘 Instructions
To configure permissions in Azure AD:
In the Registration panel, click the PrinterOn Enterprise app. The PrinterOn Enterprise app summary appears.
Click All Settings. The Settings panel appears.
In the Settings panel, click Required Permissions. The Required Permissions panel appears, listing the APIs to which you can grant permissions.
In the API list of the Required Permissions panel, click Microsoft Azure ActiveDirectory. The Enable Access panel appears displaying all Azure AD permissions.
Enable the following permissions:
Permission | Description |
Sign in and read user profile | Allows users to sign-in to the app, and allows PrinterOn to read the profile of signed-in users as well as basic company information of the signed-in user. |
Access the directory as the signed-in user | Allows PrinterOn to have the same access to information in the directory as the signed-in user. |
Click Select.
If the Microsoft Graph API is not listed, then in the Required Permissions panel, click Add and add the Microsoft Graph API to the list.
In the API list of the Required Permissions panel, click Microsoft Graph. The Enable Access panel appears displaying all Microsoft Graph permissions.
Enable the following permissions:
Permission | Description |
Read all groups | Allows PrinterOn to list groups, and to read their properties and all group memberships on behalf of the signed-in user. PrinterOn pulls the group information into the PrinterOn user store, allowing you to create user access rules without requiring you to first create the user groups manually. |
Read all users’ full profiles | Allows PrinterOn to read the full profile of all users in the organization. For some workflows, information available from the basic profile is not enough to enable PrinterOn to provide print services with the existing print infrastructure. Certain workflows, such as Email print and native iOS and macOS Printing, require PrinterOn to locate a user using their email address. This information is only available in the user’s full profile. To support these workflows, PrinterOn requires the ability to read the full profile. |
Click Select.
In the Required Permissions panel, click Grant Permissions, then confirm the action.
You can now retrieve the key Azure endpoints and application information so it can be added to PrinterOn’s Configuration Manager, enabling the PrinterOn service to successfully communicate with Azure AD.