Google Cloud Directory: Education scenario
This functionality is available for organizations using:
- G Suite Education
- G Suite Enterprise for Education
- G Suite Enterprise
- Cloud Identity Premium.
The part-time System Administrator of a school with 350 students is putting in place various measures to reduce IT costs. One measure is to stop using Active Directory (AD) for staff authentication (the students are already authenticated using G Suite for Education) and phase out the Active Directory infrastructure altogether. In its place they plan to use:
- PaperCut NG/MF Mobility Print to advertise print queues
- Google Cloud Directory to authenticate all print, scan, and copy jobs for both staff and students.
Staff will be able to use any laptop, and all students will use school supplied Chromebooks or BYOD.
During the transition there is to be minimal, if any, disruption to users, and afterwards there needs to be minimal change management effort required to move staff over to authenticate using their G Suite credentials.
Benefits of adopting Mobility Print backed by Google Cloud Directory authentication for all users
- Reduced IT costs.
- Faster and simpler deployment of print queues to end users.
- Continued support for native printing from local applications, for example Learning Management Software or Microsoft Office.
- Reduced system administration overheads, such as maintaining an additional Active Directory environment.
- Opportunity to re-use existing hardware.
- User details (for example, username and email address) are easily synced from Google Cloud Directory to PaperCut NG/MF.
Changes to the system setup
- use laptops on premises that authenticate using AD
- copy, scan, and print jobs using their AD username and password.
- use Google Cloud PrintGoogle Cloud Print is a technology that allows you to print to any printer from any web connected device, such as a phone. Google Cloud Print works on a phone, tablet, Chromebook, PC, and any other web-connected device you want to print from. (GCP) to print
- copy, scan, and print jobs using their student ID number and PIN.
- continue to use their current laptops
- can choose to use BYOD with Mobility Print
- copy, scan, and print jobs using their Google credentials and Mobility Print
- use Mobility Print to print from their Chromebooks and BYOD
- use Sign in with Google on Chromebooks
This scenario assumes that the WiFi network is relatively simple and does not block BonjourBonjour is Apple's implementation of zero-configuration networking (zeroconf), a group of technologies that includes service discovery, address assignment, and hostname resolution. Bonjour locates devices such as printers, other computers, and the services that those devices offer on a local network using multicast Domain Name System (mDNS) service records./mDNS. If your network is more complex, for example you have multiple subnets, refer to the Mobility Print Help Center.
This scenario also assumes that you have users and groups already set up in G Suite.
- Set up Mobility Print. Be sure to install it on a existing print serverA print server is a system responsible for hosting print queues and sharing printer resources to desktops. Users submit print jobs to a print server rather then directly to the printer itself. A print server can be a dedicated server but on many networks this server also performs other tasks, such as file serving that can be reached by users on either the Staff or Student WiFi.
- In the Admin web interface, select the Options > Mobile & BYOD > Mobility Print > Allow users to sign in with their Google account checkbox.
- You will then need to deploy the Mobility Print client for any Windows, Android or Chromebook devices, or provide instructions for staff and students to do it themselves.
- Use Google Cloud Directory Sync to migrate all of your AD users (staff) into your G Suite account, in their own group.
- Review the information in Synchronize user and group details with Google Cloud Directory, then set up a Secondary sync source for Google Cloud Directory. (Your Primary sync source remains AD for now.)
- In Options > User/Group Sync, change the Primary sync source to Google Cloud Directory, and then disable the Secondary sync source.
This enables Chromebook users to click Sign in with Google when printing so they don’t need to re-type their username and password every time.
MacOS and iOS devices should pick up the print queues automatically.
Before you sync all users, first set up a test group in your G Suite account with a test user. In the sync options, choose “Import users from selected groups” and choose your test group.
Staff and Students with G Suite logins can now use Mobility Print from their Chromebooks or their chosen BYOD.
When you’ve finished deprecating your on-premise Active Directory, you’re ready to switch over to Google Cloud Directory for good.
Woo hoo! All of the staff and students can now use their Google credentials with PaperCut NG/MF on all platforms and you can start enjoying the benefits of your new environment!