Personal Printing enables secure printing by not printing until the user has authenticated himself at the printer using the smartphone app. Personal Printing is part of the Cortado Server solution.
You can make Personal Printing available to users in the management console at Control Panel→ User→ Personal Printing.
What is Personal Printing?
The safe handling of print output is particularly important for certain branches or for individual departments, for example, in finance and legal or in accounting. However, allocating a separate printer to every employee is not a practical solution for protecting documents from unwanted exposure. As an alternative, Personal Printing offers a simple solution to this problem. Personal Printing ensures that printing within the business remains private. It’s a solution that offers secure, environmentally friendly and, at the same time, flexible printing. All sensitive documents remain protected because printing only occurs after individual authentication, directly at the printer.
Personal Printing: Scenario
Caution! An update of the version of Personal Printing included in Cortado Server to Personal Printing 4.0 or later is not possible.
- Assign the Personal Printer to a user or group template in the management console.
Personal Printer zuweisen
- Users can now select the Personal Printer in the Cortado app (see illus.).
Personal Printer in the Cortado app (example for iOS)
If you want to retrieve a print job, you can go to any network printer within your company, authenticate yourself there with your tablet or smartphone, together with optional PIN entry, and print out the document.
To be able to print with Personal Printing, you must make some settings both on the server and on printers and mobile devices. Proceed as described in the following sections.
Server-side Settings
Opening the configuration console
- On the Cortado server select: Personal Printing in the start menu.
Open the Personal Printing console
With first opening the Personal Printing configuration, a message will appear that no connection could be established to the ADAM instance.
ADAM message with first opening
After closing this message a window will appear where you can change these settings (see section ADAM Service Account).
Edit settings
For settings, usually go to Edit Settings.
Select Edit Settings
A window will open with the following tabs:
- Print Job Storage
- ADAM Service Account
- Authentication
- Tracking (recently not available)
ADAM Service Account
An account must be specified here, with which Personal Printing can communicate with the Active Directory. This must be the same account with which the Cortado Server software was installed – i. e. the recommended service account.
Define ADAM Service Account
The LDAP URL is used to logon to Cortado server. This is the default, and doesn’t need to be changed.
Print Job Storage
You have to specify an account which is used by the Personal Printing software to store or read the users’ print jobs in this folder and its subfolders.
Print Job Storage on the Cortado server
- Directory: Behalten Sie das voreingestellte Verzeichnis (C:\User Storage), in das die Druckaufträge der Nutzer gespeichert werden bei.
- Access account and password:Specify an account (UPN and password), that has access to the folder with the print jobs. This account requires local administrator permissions and should be a domain user. If, on security grounds for example, you don’t want to specify a domain account, you can select a local admin account instead. Note however, that in that case it’s not possible to print to shares, but only to printers created locally on the Personal Printing server. We recommend you use the service account.
- Maximum print job storage: Print jobs remain in this directory until collected at the printer or deleted using JobViewer. To prevent that this data takes up too much space on the hard disk, you can specify a period after which they will be deleted (in minutes). To enable the maximum print job storage time restart the IIS Admin Service.
Authentication
With Edit Settings→ Authentication you set up the methods of authentication that will be used throughout your company.
Authentication settings for Personal Printing
- Default user PIN: If all users are to use the same PIN, you can set a default user PIN here.
- Authentication methods: Select the authentication method(s), that you want to use throughout your company. Later, in the user configuration, only those authentication methods that you have chosen here will be active.
- Card with preset ID: It’s a card type with a fixed card number, which is used to identify the users. This authentication method requires printers with card readers. For more information, see the Personal Printing manual, in the section Authentication with printers.
- Scan barcode using smartphone (personalizable): If the users are to authenticate themselves on the printer with their smartphones, specify the address of your mail server as well as the URL of your Cortado server. Since communication between the Cortado server and the mobile devices is encrypted by default, you enter here the Cortado server’s
- https address in Personal Printing server URL.
Note! Note that at Personal Printing server URL (example for authentication with smartphones), the same addressing (e.g. IP address or FQDN) is used as on the Cortado server (see Management Console at Global Settings→ Connection).
Configure the Printers
The Personal Printer
The Personal Printer installed and shared on the Cortado server (by the installer) is designed for printing from Windows applications or from the Cortado Workplace app (it uses the virtual printer driver TP Output Gateway). iOS users also have the option to print from other apps via native iOS printing option. However, to do so, changes need to be made to the settings in Active Directory Users and Computers (see section Setting up Apples native printing option for Personal Printing). Android users can also select the Personal Printer in any app with a print function.
Personal Printer (here on the Cortado server)
Setting up target printers
Configure the (physical) printers in your company which are intended for use with Personal Printing. Make sure to select neither a Personal Printer but physical printers in your company.
Note! Here, select only printers with native drivers. In other words: Do not select TP Output Gateway or Cortado Output Gateway print objects here.
- In the Personal Printing console, select Enable Printers.
Enable printers
Decide whether you want to add a printer that is connected to a locally installed printer port (Local printer) or if you want to connect to a shared printer on another server (Network printer).
Select printer type
Local printers
Here: printers that were created locally on the Personal Printing server – (that will be printed to via Standard-TCP/IP or LPR / LPD). Generally they are physical network printers.
- Select Local printer.
- You can select the printers by highlighting them (even several). Do not select a Personal Printer.
Selecting locally installed printers for Personal Printing
Network printers
Here: shared printers listed in the domain / AD
To set up network printers, the user account for this purpose must be an AD user account (see Access account and password).
Select Network printer.
- A window will open, with which you can search in the specified domain for printers; specific criteria can be used. You can highlight several printers simultaneously.
Selecting shared printers for Personal Printing (example)
Result:
After that, the selected printers can be seen in the MMC where they automatically receive an ID to differentiate between them.
Selected printers in the MMC
On the right of the printer list you can change IDs or disable printers:
Change ID
The printers listed here, which you previously selected for Personal Printing, receive an ID automatically. If you wish to change this, select Change ID and enter a new one.
Disable Printers
With Disable Printers you can remove from the list, printers that you selected for Personal Printing. You don’t delete printers with this, but merely disable Personal Printing for these printers.
Configure Smartphone Users
Activate users for personal printing
- Select in the Management console Control Panel→ Users→ Peronal Printing.
- Select a user (left arrow in illus.) and click on Edit (right arrow in illus.).
- Activate the checkbox Scan barcode using smartphone.
- Assign any user ID.
- Assign a User PIN or use the Default User PIN by clicking on Use Default.
- Then click on OK. The user receives the data entered here in the form of a configuration e-mail. The configuration file contained in the e-mail is required by the user later for the configuration of the Personal Printing app.
Personal Printing settings in the Management console – configure user
Here, the User PIN can be changed if necessary with Edit.
Setting up Apples native printing option for Personal Printing
In order for Personal Printing users to make use of the Apple native printing option, a trust relationship must be established between the Cortado server and the print server. To limit this trust relationship to the specific services (e.g. CIFS) the Mechanismus Constrained Delegation mechanism must be used.
- Select your Cortado server under Computers in Active Directory Users and Computers, (left arrow in illus.). Then click on Properties in the context menu.
- In the Delegation tab select: Trust this computer for delegation to specified services only and Use any authentication protocol and then click on Add.
- Click on Users or Computers and select your print server and the Service Type→ cifs (lower arrow in illus.).
Established trust relationship between Cortado server and print server
Preparing Printers for Smartphone Authentication
To identify each of your network printers with a barcode, you can use a QR code generator. There you should enter the printer’s name and ID (see section Setting up target printers) using the following syntax:
Printer ID:printer name
Example: 1:HP Color LaserJet 4700
- Print out the QR code and attach it to the corresponding printer.
The Personal Printing App
Configuring the Personal Printing app
The Personal Printing app is available for iOS devices and for Android devices. The users can download the app from the Apple App Store or the Google Play Store. Alternatively, you can use an EMM/MDM solution to distribute the app onto the users’ devices.
Personal Printing app in the Apple App Store (left) and in the Google Play Store (right)
After they have downloaded the app, the users have to use the Personal Printing app to open the configuration file (see illus.), which they received by email. That will start the configuration.
Configure Personal Printing app (example iOS)
If the configuration is successful, the users will now find the server address and the user ID in the app’s settings.
Printing with the Personal Printing app
If the users want to print from the Mobile-Print app, they do so by selecting Personal Printer.
Personal Printer in the Cortado app (example for iOS)
Then the users go to any printer that is set up for Personal Printing (see the section Setting up target printers). At the printer, the users open the Personal Printing app.
open Personal Printing app (left iOS, right Android)
After opening the Personal Printing app, a list of all existing print jobs will be displayed. Users can select one or more print jobs (upper arrow in the left illus.). Then they tap on the scan button (lower arrow in the left illus.) and scan the QR code with the camera on the smartphone (right illus.).
select file and scan QR code
If a PIN request has also been set up, the users have to enter their PIN now (see the section Configure smartphone users).
After selecting the desired file, the users tap on Print.
start printing