How synchronization settings affect PrinterOn behavior
When using Azure AD for authentication, the PrinterOn Server uses its internal user store to control access to PrinterOn resources. As a result, PrinterOn needs to populate its internal user store with data from the Azure AD user store. Two settings let you control how data from your Azure AD user store is synchronized with the PrinterOn user store:
Enable Group Sync: This lets you control how PrinterOn synchronizes user group information between the PrinterOn user store and the Azure AD user store.
Enable User Sync: This lets you control how PrinterOn will synchronize user information in the PrinterOn user store with the Azure AD user store.
📘 Instructions
How you configure each of these settings in combination affects the behavior of PrinterOn. The following table illustrates how the PrinterOn behavior changes based on how you configure these settings.
Group Sync | User Sync | PrinterOn Behavior |
Enabled | Enabled | PrinterOn automatically downloads all user data and group data from the Azure AD user store. Users do not need to authenticate before using Web Print or Email Print workflows. Users must authenticate before using other print workflows. |
Disabled | Disabled | PrinterOn uses Just-in-Time provisioning to populate the user store; when a user logs in for the first time, their user data is added to the PrinterOn user store. Group data is never added to the user store. As a result, access control rules can only be applied to individual users, not groups. Because Google Cloud Print and Email User Lookup have no means of asking for credentials, the user must log in once before these features will work. |
Enabled | Disabled | PrinterOn automatically downloads only group data from the Azure AD user store. User data is populated as each user logs in for the first time. Because Google Cloud Print and Email User Lookup have no means of asking for credentials, the user must log in once before these features will work. |
Disabled | Enabled | PrinterOn automatically downloads only group data from the Azure AD user store. User data is populated as each user logs in for the first time. Group data is never added to the user store. As a result, access control rules can only be applied to individual users, not groups. Because Google Cloud Print and Email User Lookup have no means of asking for credentials, the user must log in once before these features will work. |