Synchronizing Users and Groups with Azure AD

KB Home   |   Synchronizing Users and Groups with Azure AD

Main.SyncUsersWithAzureAD History

Hide minor edits - Show changes to output

Changed lines 47-48 from:
[[<<]][[<<]]
! Make sure to take a look at our video too  (:youtube oHMzNdplcY4:)
to:
[[<<]]
! Make sure to take a look at our video too[[<<]]  (:youtube oHMzNdplcY4:)
Changed lines 45-48 from:

Assuming everything looks good in the popup sync test, you should be ready to Synchronize Now.[[<<]]
To finalize the setup it's always a great idea to login as
a user and send a test print.
[[<<]]
to:
# Assuming everything looks good in the sync test, Click Synchronize Now
# To finalize the setup it's always a great idea to login as a user and send
a test print.
[[<<]][[<<]]
Changed line 46 from:
[[<<]]Assuming everything looks good in the popup sync test, you should be ready to Synchronize Now[[<<]]
to:
Assuming everything looks good in the popup sync test, you should be ready to Synchronize Now.[[<<]]
Changed lines 46-47 from:
Assuming everything looks good in the popup sync test, you should be ready to Synchronize Now
to:
[[<<]]Assuming everything looks good in the popup sync test, you should be ready to Synchronize Now[[<<]]
Changed lines 49-50 from:

Also, make sure to take a look at our video (:youtube oHMzNdplcY4:)
to:
[[<<]]
! Make
sure to take a look at our video too (:youtube oHMzNdplcY4:)
Changed line 50 from:
Also, make sure to take a look at our video [[https://youtu.be/oHMzNdplcY4 | Syncing with Azure AD]]
to:
Also, make sure to take a look at our video (:youtube oHMzNdplcY4:)
Changed lines 48-50 from:
To finalize the setup it's always a great idea to login as a user and send a test print
to:
To finalize the setup it's always a great idea to login as a user and send a test print.

Also, make sure to take a look at our video [[https://youtu.be/oHMzNdplcY4 | Syncing with Azure AD]]
Changed line 10 from:
*** Use PKCS12 (PFX in Microsoft terms)
to:
*** Use PKCS#12 (PFX in Microsoft terms)
Changed line 13 from:
*** Further explanation on PKCS12 certificates can be found here,  [[https://en.wikipedia.org/wiki/PKCS_12]]
to:
*** Further explanation on PKCS#12 certificates can be found here,  [[https://en.wikipedia.org/wiki/PKCS_12]]
Added lines 1-57:
(:title Synchronizing Users and Groups with Azure AD:)

PaperCut's strength has long been in our ability to support user and group synchronization with many directory services. This capability has now been tested against directory services hosted in the cloud, such as Azure AD. For PaperCut customers, this means you no longer need to have an on-site Active Directory server. PaperCut can sync directly with, and authenticate users against Azure AD using Secure LDAP; Microsoft's LDAP interface hardened to support authentication across less secured networks such as the internet.

This article will step you through enabling the Secure LDAP interface on Azure AD, and successfully connecting an instance of PaperCut to this cloud source.

! Enable Secure LDAP in Azure AD Domain Services
!!! You will need,
** A certificate to enable secure communication
*** Use PKCS12 (PFX in Microsoft terms)
*** 2048-bit is recommended
*** Password protected (i.e. includes the private key)
*** Further explanation on PKCS12 certificates can be found here,  [[https://en.wikipedia.org/wiki/PKCS_12]]
** Your users and groups should exist in Azure AD
** You can login as an AAD DC Administrator for the domain to sync
!!! Enable Secure LDAP
# Login to Azure
# In the Azure Dashboard for All resources select Azure AD Domain Services for the resource to sync
# On the left-side menu, in the Manage section, select Secure LDAP
# Select Enable for Secure LDAP
# Select Enable for Allow Secure LDAP access over the Internet
** You will be prompted for the certificate file and password
** It could take Azure 10-15 minutes to enable Secure LDAP
# Still on the Azure AD Domain Services, select Properties on the left-side menu
# Copy the "Secure LDAP external IP address"

Here's a Microsoft article on Secure LDAP,[[<<]]
[[https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap]]

! Configure the PaperCut Primary Sync Source

# Login to PaperCut with an admin account @@(http://[your server]:9191/admin)@@
# Select the Options tab on the left-side menu
# Select the User/Group Sync tab across the top
# In the Sync Source group, select LDAP in the Primary sync source
# For the LDAP Server Type, select Active Directory
# The LDAP Server Address is your LDAP external address copied above from Azure AD
# Check the Use SSL option
# The Base DN is your Azure DNS Domain Name (e.g. dc=papercut, dc=onmicrosoft, dc=com)
# Admin DN is your Azure AD domain user name
# Admin password is your Azure AD domain admin password
# Select whether you want to import all users or select groups
# Scroll down and click Apply
# Click Test Settings

Assuming everything looks good in the popup sync test, you should be ready to Synchronize Now

To finalize the setup it's always a great idea to login as a user and send a test print

Related PaperCut articles that are very interesting
*[[https://www.papercut.com/products/ng/manual/common/topics/sys-user-group-sync-ldap.html | Synchronize user and group details with LDAP]]
*[[https://www.papercut.com/products/ng/manual/common/topics/sys-user-group-sync-active-directory.html | Synchronize user and group details with Active Directory]]

----
''Categories:'' [[Category.Administration|+]], [[Category.Domains|+]]
----
[-Keywords: Azure, Administration, LDAP, Cloud-]

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on September 07, 2017, at 10:17 PM
Printable View   |   Article History   |   Edit Article