You are here: Configuration > Copier integration > Authentication methods

Authentication methods

PaperCut MF offers several methods to authenticate copier users. The authentication methods supported by your copier are listed as options in the External Device Settings area of its Device Details page:

Username and password, as specified in an external user directory source such as Active Directory or LDAPThe Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and modify Internet directories. The LDAP directory service is based on a client-server model. (except for internal users; see Internal users (users managed by PaperCut NG)).
Identity number, see User card and ID numbers.

For two-factor authentication, you can require users to also enter a PIN. Users without a PIN are asked to enter a PIN the first time they log in at the copier (set ext-device.allow-new-pin-for-id-num to N to disable this; see Using the Config Editor).

You can also mask the identity number (like a password) as the user enters it on the copier. This is particularly useful when no PIN is required.
Swipe card, see User card and ID numbers.

This requires either a card reader connected to the copier, or a network card reader with a given host/IP address.

For two-factor authentication, you can require users to enter a PIN after swiping a card. Users without a PIN are asked to enter a PIN the first time they log in at the copier.

Some copiers allow self-association, where the copier prompts for a username and password after a user swipes an unrecognized card, in order to associate the card to the user's account.

You can control whether or not a card swipe can also be used to log the user out of the copier.

Some copiers have an offline mode where they continue to operate while the Application ServerAn Application Server is the primary server program responsible for providing the PaperCut user interface, storing data, and providing services to users. PaperCut uses the Application Server to manage user and account information, manage printers, calculate print costs, provide a web browser interface to administrators and end users, and much more. is unavailable, see Offline mode below.
Anonymous (no login required), where users can use the copier without identifying who they are. All copier activity is associated with the specified user.

At least one of the above methods must be enabled. If anonymous authentication is enabled, all other authentication methods must be disabled.

Offline mode

Server or network downtime usually means that the PaperCut Application Server is unavailable and copiers cannot be used. Offline mode, if available, offers continued use of copiers without a server connection.

When the copier is working in offline mode, users can log in to the copier with a swipe card, and activity is logged against the card number. This activity is not restricted. When connection to the server is restored, the activity is logged against the user with that card number. If no user is found for the card number, the activity is logged against the username unknown (edit ext-device.unknown-offline-username to change this; see Using the Config Editor). A warning is displayed in the App.Log when this happens. If there is no account for the unknown user, one is created automatically.

It is important to note that in offline mode, the copier is not able to:

authenticate users anonymously or via username, identity number or PIN
associate swipe cards or PINs with users
access shared accounts
check account balances
apply restrictionsRestrictions are a type of print filter that ensures jobs meet certain criteria (denying those that don't). For example, you can restrict access to one or more printer, define a maximum number of pages allowed in a single job, or allow only duplex.
release print jobs

You can specify a delay between the time the copier first fails to contact the server and the copier going offline. This is useful to avoid switching to offline mode just for brief periods of server unavailability, e.g. a server reboot.

Carefully consider offline mode before it is enabled as it allows overrunning of account balances on restricted user accounts. You can configure offline mode based on the environment, including an option to set up an administrative unlock code. This allows offline mode to be set up in environments such as schools where administrative oversight is required before each activation of offline mode.

Commercial environments

You can set up offline mode for commercial environments where the tracking of print usage to users, groups or departments is important and charging is not a factor. You can configure the copier to go into offline mode automatically when it fails to contact the Application Server.

Education organizations

For added security, you can require offline mode to be unlocked before users can log in to the copier with a swipe card. Unlocking offline mode involves entering the specified code at the copier and choosing to unlock the copier for a single use or until connection to the server is restored. This is specifically useful for education organizations where a supervisor or teacher can enter this code before users can use the copier in offline mode.

PaperCut MF version 16.2

Authentication methods

Offline mode

Commercial environments

Education organizations

We are here to help