Personal Printing enables secure printing by not printing until the user has authenticated himself at the printer using the smartphone app. Personal Printing is part of the Cortado Server solution.
You can make Personal Printing available to users in the management console at Control Panel→ User→ Personal Printing.
What is Personal Printing?
The safe handling of print output is particularly important for certain branches or for individual departments, for example, in finance and legal or in accounting. However, allocating a separate printer to every employee is not a practical solution for protecting documents from unwanted exposure. As an alternative, Personal Printing offers a simple solution to this problem. Personal Printing ensures that printing within the business remains private. It’s a solution that offers secure, environmentally friendly and, at the same time, flexible printing. All sensitive documents remain protected because printing only occurs after individual authentication, directly at the printer.
Caution! An update of the version of Personal Printing included in Cortado Server to Personal Printing 4.0 or later is not possible.
- Assign the Personal Printer to a user or group template in the management console.
- Users can now select the Personal Printer in the Cortado app (see illus.).
If you want to retrieve a print job, you can go to any network printer within your company, authenticate yourself there with your tablet or smartphone, together with optional PIN entry, and print out the document.
To be able to print with Personal Printing, you must make some settings both on the server and on printers and mobile devices. Proceed as described in the following sections.
Opening the configuration console
- On the Cortado server select: Personal Printing in the start menu.
With first opening the Personal Printing configuration, a message will appear that no connection could be established to the ADAM instance.
After closing this message a window will appear where you can change these settings (see section ADAM Service Account).
For settings, usually go to Edit Settings.
A window will open with the following tabs:
- Print Job Storage
- ADAM Service Account
- Tracking (recently not available)
ADAM Service Account
An account must be specified here, with which Personal Printing can communicate with the Active Directory. This must be the same account with which the Cortado Server software was installed – i. e. the recommended service account.
The LDAP URL is used to logon to Cortado server. This is the default, and doesn’t need to be changed.
Print Job Storage
You have to specify an account which is used by the Personal Printing software to store or read the users’ print jobs in this folder and its subfolders.
- Directory: Behalten Sie das voreingestellte Verzeichnis (C:\User Storage), in das die Druckaufträge der Nutzer gespeichert werden bei.
- Access account and password:Specify an account (UPN and password), that has access to the folder with the print jobs. This account requires local administrator permissions and should be a domain user. If, on security grounds for example, you don’t want to specify a domain account, you can select a local admin account instead. Note however, that in that case it’s not possible to print to shares, but only to printers created locally on the Personal Printing server. We recommend you use the service account.
- Maximum print job storage: Print jobs remain in this directory until collected at the printer or deleted using JobViewer. To prevent that this data takes up too much space on the hard disk, you can specify a period after which they will be deleted (in minutes). To enable the maximum print job storage time restart the IIS Admin Service.
With Edit Settings→ Authentication you set up the methods of authentication that will be used throughout your company.
- Default user PIN: If all users are to use the same PIN, you can set a default user PIN here.
- Authentication methods: Select the authentication method(s), that you want to use throughout your company. Later, in the user configuration, only those authentication methods that you have chosen here will be active.
- Card with preset ID: It’s a card type with a fixed card number, which is used to identify the users. This authentication method requires printers with card readers. For more information, see the Personal Printing manual, in the section Authentication with printers.
- Scan barcode using smartphone (personalizable): If the users are to authenticate themselves on the printer with their smartphones, specify the address of your mail server as well as the URL of your Cortado server. Since communication between the Cortado server and the mobile devices is encrypted by default, you enter here the Cortado server’s
- https address in Personal Printing server URL.
Note! Note that at Personal Printing server URL (example for authentication with smartphones), the same addressing (e.g. IP address or FQDN) is used as on the Cortado server (see Management Console at Global Settings→ Connection).
Configure the Printers
The Personal Printer
The Personal Printer installed and shared on the Cortado server (by the installer) is designed for printing from Windows applications or from the Cortado Workplace app (it uses the virtual printer driver TP Output Gateway). iOS users also have the option to print from other apps via native iOS printing option. However, to do so, changes need to be made to the settings in Active Directory Users and Computers (see section Setting up Apples native printing option for Personal Printing). Android users can also select the Personal Printer in any app with a print function.
Setting up target printers
Configure the (physical) printers in your company which are intended for use with Personal Printing. Make sure to select neither a Personal Printer but physical printers in your company.
Note! Here, select only printers with native drivers. In other words: Do not select TP Output Gateway or Cortado Output Gateway print objects here.
- In the Personal Printing console, select Enable Printers.
Decide whether you want to add a printer that is connected to a locally installed printer port (Local printer) or if you want to connect to a shared printer on another server (Network printer).
Here: printers that were created locally on the Personal Printing server – (that will be printed to via Standard-TCP/IP or LPR / LPD). Generally they are physical network printers.
- Select Local printer.
- You can select the printers by highlighting them (even several). Do not select a Personal Printer.
Here: shared printers listed in the domain / AD
To set up network printers, the user account for this purpose must be an AD user account (see Access account and password).
Select Network printer.
- A window will open, with which you can search in the specified domain for printers; specific criteria can be used. You can highlight several printers simultaneously.
After that, the selected printers can be seen in the MMC where they automatically receive an ID to differentiate between them.
On the right of the printer list you can change IDs or disable printers:
The printers listed here, which you previously selected for Personal Printing, receive an ID automatically. If you wish to change this, select Change ID and enter a new one.
With Disable Printers you can remove from the list, printers that you selected for Personal Printing. You don’t delete printers with this, but merely disable Personal Printing for these printers.
Configure Smartphone Users
Activate users for personal printing
- Select in the Management console Control Panel→ Users→ Peronal Printing.
- Select a user (left arrow in illus.) and click on Edit (right arrow in illus.).
- Activate the checkbox Scan barcode using smartphone.
- Assign any user ID.
- Assign a User PIN or use the Default User PIN by clicking on Use Default.
- Then click on OK. The user receives the data entered here in the form of a configuration e-mail. The configuration file contained in the e-mail is required by the user later for the configuration of the Personal Printing app.
Here, the User PIN can be changed if necessary with Edit.
Setting up Apples native printing option for Personal Printing
In order for Personal Printing users to make use of the Apple native printing option, a trust relationship must be established between the Cortado server and the print server. To limit this trust relationship to the specific services (e.g. CIFS) the Mechanismus Constrained Delegation mechanism must be used.
- Select your Cortado server under Computers in Active Directory Users and Computers, (left arrow in illus.). Then click on Properties in the context menu.
- In the Delegation tab select: Trust this computer for delegation to specified services only and Use any authentication protocol and then click on Add.
- Click on Users or Computers and select your print server and the Service Type→ cifs (lower arrow in illus.).