Available in PaperCut NG and PaperCut MF.

Synchronize user and group details with standard Azure AD

To synchronize with a standard Azure AD tenant, you need to create a new application in your Azure Tenant.


Step 1. Create your Azure application

  1. Log in to Azure as an application administrator.

  2. In the Search bar, search for and select Azure Active Directory.

  3. In the navigation pane, under Manage, select App Registrations.

  4. Click New registration.

  5. Fill in the basic information for your application.

    • Set Name as something you can easily identify, for example, PaperCut Azure Sync.

    • Set the supported account type to Accounts in this organizational directory only.

  6. Click Register.

Step 2. Give your application permissions to read users and groups

  1. In the navigation pane, under Manage, select APIApplication Programming Interface (API) is a set of routines, protocols, and tools for building software and applications. An API expresses a software component in terms of its operations, inputs, outputs, and underlying types, defining functionalities that are independent of their respective implementations, which allows definitions and implementations to vary without compromising the interface. Permissions and click Add a permission.

  2. In the right pane, select Microsoft Graph, and click Application permissions.

  3. Use the search bar to locate and add the following permissions:

    • Directory.Read.All

    • Group.Read.All

    • GroupMember.Read.All

    • profile

    • User.Read

    • User.Read.All

  4. Under Configured Permissions, click Grant admin consent, and then click Yes to confirm.

Step 3. Configure your application’s authentication

  1. In the navigation pane, under Manage, select Authentication.

  2. Under Platform configurations, click Add a platform.

  3. In the right side pane, select Web.

  4. Fill in the platform configuration with the following values:

    • Redirect URIs: set to ://your-papercut-server-address/api/oauth2callback.

      For example: https://papercut.school.com:9192/api/oauth2callback

    • Leave the front-channel logout URL can be left blank.

    • Under Implicit grant and hybrid flows, select ID Tokens.

  5. Click Configure.

Step 4. Generate an application secret

  1. In the navigation pane, under Manage, select Certificates & secrets.

  2. Under Client Secrets, click New client secret.

  3. Complete the following fields:

    • Description: set to something memorable, for example, “PaperCut Sync Secret”.

    • Expires: Never

  4. Click Add.

  5. Copy the client secret value for later use.

Step 5. Configure PaperCut

  1. Log in to the PaperCut Admin web interface.

  2. Select Options > User/Group Sync.

    The User/Group Sync page is displayed.

  3. In the Sync Source area, in Primary sync source, select Azure AD.

  4. Fill in the following fields:

    • Tenant ID: The ID of your tenant, as listed in Azure Active Directory.

    • App ID: The ID of the application you registered as part of this setup.

    • Client Secret: The secret you created as part of this setup.

  5. Scroll down the page to find Single Sign on with Microsoft and select the checkbox to enable it.

  6. Fill in the fields with the same information as above.

  7. Click Apply.