Synchronizing Users and Groups with Azure AD

KB Home   |   Synchronizing Users and Groups with Azure AD

PaperCut’s strength has long been in our ability to support user and group synchronization with many directory services. This capability has now been tested against directory services hosted in the cloud, such as Azure AD. For PaperCut customers, this means you no longer need to have an on-site Active Directory server. PaperCut can sync directly with, and authenticate users against Azure AD using Secure LDAP; Microsoft’s LDAP interface hardened to support authentication across less secured networks such as the internet.

This article will step you through enabling the Secure LDAP interface on Azure AD, and successfully connecting an instance of PaperCut to this cloud source.

Enable Secure LDAP in Azure AD Domain Services

You will need,

  • A certificate to enable secure communication
    • Use PKCS#12 (PFX in Microsoft terms)
    • 2048-bit is recommended
    • Password protected (i.e. includes the private key)
    • Further explanation on PKCS#12 certificates can be found here, https://en.wikipedia.org/wiki/PKCS_12
  • Your users and groups should exist in Azure AD
  • You can login as an AAD DC Administrator for the domain to sync

Enable Secure LDAP

  1. Login to Azure
  2. In the Azure Dashboard for All resources select Azure AD Domain Services for the resource to sync
  3. On the left-side menu, in the Manage section, select Secure LDAP
  4. Select Enable for Secure LDAP
  5. Select Enable for Allow Secure LDAP access over the Internet
    • You will be prompted for the certificate file and password
    • It could take Azure 10–15 minutes to enable Secure LDAP
  6. Still on the Azure AD Domain Services, select Properties on the left-side menu
  7. Copy the “Secure LDAP external IP address”

Here’s a Microsoft article on Secure LDAP,
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap

Configure the PaperCut Primary Sync Source

  1. Login to PaperCut with an admin account (http://[your server]:9191/admin)
  2. Select the Options tab on the left-side menu
  3. Select the User/Group Sync tab across the top
  4. In the Sync Source group, select LDAP in the Primary sync source
  5. For the LDAP Server Type, select Active Directory
  6. The LDAP Server Address is your LDAP external address copied above from Azure AD
  7. Check the Use SSL option
  8. The Base DN is your Azure DNS Domain Name (e.g. dc=papercut, dc=onmicrosoft, dc=com)
  9. Admin DN is your Azure AD domain user name
  10. Admin password is your Azure AD domain admin password
  11. Select whether you want to import all users or select groups
  12. Scroll down and click Apply
  13. Click Test Settings
  14. Assuming everything looks good in the sync test, Click Synchronize Now
  15. To finalize the setup it’s always a great idea to login as a user and send a test print.


Make sure to take a look at our video too

Related PaperCut articles that are very interesting


Categories: Administration, Domains / Directories


Keywords: Azure, Administration, LDAP, Cloud

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on September 07, 2017, at 10:17 PM
Printable View   |   Article History   |   Edit Article