Choose your language

Choose your login

Contact us

Synchronize user and group details with standard Azure AD

Available to customers on:

To synchronize with a standard Azure AD tenant, you need to create a new application in your Azure Tenant. 


Step 1. Create your Azure application

  1. Log in to Azure as an application administrator.

  2. In the Search bar, search for and select Azure Active Directory.

  3. In the navigation pane, under Manage, select App Registrations.

  4. Click New registration.

  5. Fill in the basic information for your application.

    • Set Name as something you can easily identify, for example, PaperCut Azure Sync.

    • Set the supported account type to Accounts in this organizational directory only.

  6. Click Register.

Step 2. Give your application permissions to read users and groups

  1. In the navigation pane, under Manage, select API Permissions and click Add a permission.

  2. In the right pane, select Microsoft Graph, and click Delegated permissions.

  3. Use the search bar to locate and add the following permissions:

    • User.Read
  4. Click Application permissions.

  5. Use the search bar to locate and add the following permissions:

    • GroupMember.Read.All

    • User.Read.All

    • Group.Read.All   (only required if you want to sync Groups)

  6. Under Configured Permissions, click Grant admin consent, and then click Yes to confirm.

Step 3. Configure your application’s authentication

  1. In the navigation pane, under Manage, select Authentication.

  2. Under Platform configurations, click Add a platform.

  3. In the right side pane, select Web.

  4. Fill in the platform configuration with the following values:

  5. Click Configure.

Step 4. Generate an application client secret value

  1. In the navigation pane, under Manage, select Certificates & secrets.

  2. Under Client Secrets, click New client secret.

  3. Complete the following fields:

    • Description: set to something memorable, for example, “PaperCut Sync Secret”.

    • Expires: Choose an appropriate expiry date.

  4. Click Add.

  5. Copy the client secret value for later use.

Step 5. Configure PaperCut

  1. Log in to the PaperCut Admin web interface.

  2. Select Options > User/Group Sync.

    The User/Group Sync page is displayed.

  3. In the Sync Source area, in Primary sync source, select Azure AD.

  4. Fill in the following fields:

    • Tenant ID: The ID of your tenant, as listed in Azure Active Directory.

    • App ID: The ID of the application you registered as part of this setup.

    • Client Secret: The client secret value that you created in Step 4 above.

  5. If you want to sync the Primary card number in PaperCut from the employeeID field in Azure:

    (Note that if you are using PaperCut MF/NG version 22.0.9 or later, you can configure the Primary/Secondary Card/ID sync from within Options > User/Group Sync > Sync Source > Azure AD > Card/ID number)

    1. From the Actions menu, click Config editor (advanced) to open the Config Editor.

    2. Search for user-source.update-user-details-card-id.

    3. Change the value from N to Y and click Update.

  6. If you want to sync aliases for your usernames, select Username alias > Sync from AD/LDAP field (this feature requires PaperCut MF/NG version 22.0.9 or later).

    • Enter the attribute name in the AD/LDAP field name text box.
    • Note that for Azure AD, you can find a number of the popular property names in this Azure properties table from Microsoft . For example if you’re wanting to sync the Mail Nickname field from Azure, this should be entered as the property mailNickname.
  7. By default, the Azure AD username and e-mail are one and the same. An organization can now elect to make them different (this feature requires PaperCut MF/NG version 23.0.5 or later). To do this, select Email > Sync from AD/LDAP field 

    • Enter the sync field name in the AD/LDAP field name text box.
  8. Click Apply.

  9. If you want your users to be able to log in to the Admin and User web interfaces using the Sign in with Microsoft button:

    1. Return to Options > User/Group Sync.

    2. Scroll down the page to find Single Sign on with Microsoft and select the checkbox to enable it.

    3. Fill in the fields with the same information as above.

    4. Click Apply at the bottom of the page.