Configuring Secure Print with OpenID Connect
You must first register an application for Secure Print on your OpenID identity provider (e.g. Google, Azure Active Directory). The process of registering an application may vary. Secure Print needs the following details from the identity provider:
- Client ID
- Client Secret
- Well-Known Endpoint
You’ll also need to make sure that redirect URI is added to the OpenID Identity provider’s “Authorized redirect URIs” list.
Register Secure Print as an application in Microsoft Azure AD
This section details the steps required to create an application registration within Microsoft Azure for use with HP Secure Print. It is assumed that you already have an Azure account with an active Azure AD tenant.
Within the Azure AD tenant, you’ll need a registration for the application. The registration is a record of security details for the application in Azure AD. A registration ensures that Azure AD can identify the application and the user.
1. On the Azure Active Directory page, under Manage, select App Registrations.
2. In the App Registrations pane, click the New Registration button.
3. Fill in the Register an application page.
- Enter a Name that uniquely identifies the application. For example:HP Secure Print
- Select the option that best defines the users who will be allowed access. Typically, this will be the single directory tenant.
- Click the Register button to complete registration.
4. Under Manage, select authentication and then click the Add a platform button. Select Web from the platforms listed on the right.
5. Fill in the Configure Web page.
- Enter the appropriate Redirect URI, as provided below.
- Enable the ID token grant.
When completed, click the Configure button at the bottom of the page.
Redirect URI for HP Insights
HP EU: https://api-eu.insights.hpondemand.com/login/connect/external/signin-openidconnect
HP US: https://api.insights.hpondemand.com/login/connect/external/signin-openidconnect
Note: If you've initially entered an incorrect Redirect URI and subsequently corrected it, the system may not function properly. To resolve this, you will need to exit the Secure Print app (from the app tray) and then reopen it.
6. Under Manage, select Certificates & Secrets. Click the New client secret button.
7. Fill in the Add a client secret page.
- Enter a Description that identifies the client secret. For example, Secure Print.
- Select the option to Never expire the secret.
- Click the Add button when completed.
8. Copy the Value of the client secret. The value will be used later in this procedure.
9. Select the Overview link from the left side menu and then copy the Application Client ID. This value will be used later in this procedure.
10. Click on the Endpoints button at the top of the Overview page.
11. Copy the value of the OpenID Connect metadata document URL. The value will be used later in this procedure.
Configure Secure Print with OpenID Connect
After you’ve registered the Secure Print application to your OpenID provider, you can now add the client-specific OpenID Connect settings into Secure Print.
Three items will be required:
- Well-Known Endpoint – This is the OpenID Connect metadata document URL that you copied in step 12 above.
- Client ID – This is the Application (client) ID that you copied in step 10 above.
- Client Secret – This is the Client Secret that you copied in step 9 above.
1. Log in to the web console.
2. Navigate to the Secure > Settings tab.
3. In the User Authentication Providers section, select OpenID Connect.
4. Enter the following details:
- Well-Known Endpoint
- Client ID
- Client Secret
Related Topic: Secure Print and OpenID Connect (OIDC)