Web browser Single Sign-On (SSO)
Single Sign-On (SSO) lets users access PaperCut NG/MF’s web interface without re-entering credentials. For example, you can give a user logged into Windows direct access to PaperCut NG/MF’s web interface without needing to re-enter their username and password at the PaperCut NG/MF login screen. Sites with an intranet portal often find SSO particularly attractive, as it allows diverse IT systems to be seamlessly integrated into the portal without the need for separate logins.
Single Sign-On also goes hand in hand with technologies such as two-factor authentication used in high security environments. With two-factor authentication, sign-on can involve presentation of an ID card or reading a fingerprint. In some cases, user passwords are managed by the security system and not known to the user, making it impossible to login using a traditional login screen. PaperCut NG/MF’s SSO support allows PaperCut NG/MF to leverage the two-factor security already in place.
Web single sign-on is an advanced topic. The standard web login that comes built-in with PaperCut NG/MF is most appropriate for many sites.
PaperCut NG/MF supports two different web SSO methods:
Integrated Windows Authentication For Windows domain environments where both the PaperCut NG/MF Application Server and the user computers share the same Windows domain and intranet zone. With Integrated Windows Authentication, PaperCut NG/MF uses existing Windows technologies to securely identify Windows domain users as PaperCut NG/MF users.
WebAuth A web authentication system developed and freely licensed by Stanford University. It is implemented as an Apache module and works by intercepting requests to the PaperCut NG/MF Application Server. WebAuth is operating system neutral, but requires specialist expertise to set up.
PaperCut NG/MF’s WebAuth integration is actually quite generic and is also used for Shibboleth SSO integration at several customer sites.