Configuring SSO in PaperCut is easy, but you must work through the preparation steps above, or you may find that you are unable to login to PaperCut!
After enabling SSO on the admin interface, it will no longer be easy to use the
built in admin
user as the login page is no longer shown.
Before configuring SSO, you must ensure your domain or corporate login has admin
rights and you will need to use this login.
As a protection, the built-in admin
user does not have the rights to enable SSO.
If you make a mistake, and lock yourself out after enabling SSO, you can bypass
SSO by adding /nosso
to the Application Server URL. For example:
http://[myserver]/admin/nosso
Go to:
→ and find the "Single Sign-on (SSO)" section.
Check Enable Single sign-on to enable SSO. Additional configuration items will appear.
Select the SSO method, either Integrated Windows Authentication or WebAuth.
If you have selected WebAuth, enter the WebAuth header name and a list of whitelisted IP addresses.
Specify the SSO behavior you want for user web interface and mobile client, admin interface and other interfaces:
Standard (username and password) - don't use SSO and show the PaperCut MF login screen.
SSO with confirmation page - Use SSO and present a confirmation page at login.
SSO with direct access - Use SSO and login the user directly with no confirmation page.
Specify whether you wish to show a Switch User link on the confirmation page.
Specify a URL to go to on logout. A typical example would be the URL for your intranet portal.
Advanced config keys may be set to fine tune SSO behavior. Please see the section called “Using the Config Editor” to learn how to set config keys.
Some installations wish to enable SSO for web users, but not for mobile users of the mobile client and mobile release apps.
To disable SSO for mobile users, set the advanced config key:
auth.web-login.sso-enable.mobile-user
to N
.
By default, Windows SSO will not authenticate users belonging to the "Guest" group. You may
change this behavior by setting the advanced config key auth.web-login.sso-allow-guest
to Y
.
After enabling SSO, we recommend you perform these tests to ensure that users can successfully access the PaperCut interface.
Verify that you can still login to the admin interface.
Verify that a user without admin rights can still access their user web pages.
If in use, verify that a user with the appropriate admin rights can still access other interfaces such as release or webcashier.
Try logging in from other PC's in the domain.
Try logging in from different browsers supported in your organization.
If using IWA, try logging in from a non-windows client or a PC outside the domain. Verify you can still login after providing your Windows credentials.
© Copyright 1999-2015. PaperCut Software International Pty Ltd. All rights reserved.