Device Profiles

Overview

With Device Profiles, Secure Print settings can be customized for each printer, allowing for tailored configurations rather than applying the same settings across all printers. For instance, administrators can now set different default paper sizes for scanning, such as Letter for devices in the US and A4 for devices in Europe.

Device Profiles Actions

The Device Profiles tab includes the following action buttons:

Add - Create a new profile.
Duplicate - Copy an existing profile to create a duplicate.
Delete - Remove an existing profile.

Default Profile

By default, a single Default Profile is created, which includes default Secure Print and Secure Scan options. Administrators cannot rename or delete this system-generated profile but can modify its settings.

All printers listed in the Secure Printers tab are assigned the Default Profile by default. Administrators can reassign printers to different profiles through the Secure Printers tab if specific configurations are needed. Any new devices that get added will get the Default Profile assigned to them automatically. Administrators can also edit the Default Profile.

Profile Properties

General

Setting	Description
Name	Name uniquely identifies a device profile within the system.
Description	Description provides additional context about the device profile.

User Experience

Setting	Description
Device Logon Experience	The device logon experience setting specifies how users interact with the device during the logon process. The options are: Secure Print - This is the default setting. When selected, the user will see the Secure Print screen on authentication. The display may vary depending on the authentication provider configured. Review Documents - When enabled, users will be directed to the Review Documents(showing the list of documents submitted) screen immediately after logging in. Touchless Printing - With Touchless Printing enabled, employees simply tap their proximity card at a preferred printer. All documents in their personal queue will begin printing after 5 seconds. An employee can cancel printing before the 5-second timer elapses by simply pressing Cancel. Note: The system supports touchless printing with proximity cards no matter which authentication method or provider the customer is configured for: Internal, Active Directory, and OpenID. Device Home - If enabled, when a user logs onto a secure printer, the device shows its Home Screen instead of the Secure Print screen. From the Home Screen, the user has access to such functions as copy/scan.
Print Options	This setting displays the visibility of the Print Options button. When set to “Hidden”, users are prevented from changing print options after the job has been submitted. When set to “Shown”, users can change document options at the secure printer after the job has been submitted. For example, if a user submitted a color job, they have the option to change it to mono (black & white) from the printer's user interface. This setting is set to "Shown" by default.
Print And Retain	Displays the Print And Retain button, allowing users to reprint their documents. When set to "Hidden," users cannot retain print jobs in the queue after release. When set to "Shown," users can reprint documents as needed. Reprinting a document may be necessary if you need to be able to print a job once and release it multiple times so that you can proof the content once before creating multiple copies. For example, you can proof one copy in mono and duplex and then print 100 copies single-sided in color. This setting is set to "Shown" by default.
Proximity Card Registration	When this setting is turned on, users can register their proximity cards at the secure printers using their email and PIN (for email-based auth), network ID (for Active Directory auth), or passcode (for OpenID auth) . Once a proximity card is registered, users can release documents to any secure printer in the organization. The proximity card registration setting is turned on by default. If you prefer importing users’ cards into the system, you may want to disable card registration. If card registration is disabled, users with unregistered cards will see a friendly message informing them of the appropriate action to take. Note: If you have an OpenID implementation, card registration is supported only on printers that support passcode authentication
Network Timeout (Seconds)	The Network Timeout setting controls the time before requests to the Site Service from the secure printers time out. The default is 10 seconds. If a request takes more than 10 seconds to complete, the secure printer shows an error message “Error Releasing Print Jobs. Unable to complete the request due to network issues. Please try again later”. You can change the default in situations where network connectivity is slower than normal, for example.
Number of Documents displayed on device	The Number of documents displayed on device controls the number of documents displayed on a secure printer. The default value is 50 documents and the maximum value is 150 documents.

Proximity Card

Card Reader

You can select a card reader from the drop-down menu. The VID: PID values are automatically set for each card reader.

Choosing Other allows you to enter the decimal values for the VID and PID of the card reader of your choice.

Card Reader	VID	PID
Rf IDEAS Proximity Keystroke	3111	15354
HP Universal Card Reader (MFP 24)	1008	69
HP Legic Card Reader (4QL32A)	1008	69
Omnikey 5427 (Keystroke)	1899	21544
Elatec TWN4	2520	1040

When the HP Universal Card Reader or HP LEGIC Card Reader is selected, a field labeled Supported Proximity Card Types appears. This field displays a drop-down list of card types that are compatible with the selected reader.

After selecting a supported card type, administrators can navigate to the Secure > Settings screen and locate the Decode Card Data section. This section allows administrators to configure how badge data is interpreted by HP card readers, specifically the HP Legic and HP Universal models.

Note: When connecting a Legic card reader to the printer, it's crucial to select the HP Legic Card Reader option from the web console first. Failure to do so can result in the card reader malfunctioning. It's also important to note that Legic card readers currently only support the values 6F03 and 7901. If any other value is added, the card reader will not function properly. Therefore, it's essential to ensure that Supported proximity card type is set to have only the values 6F03 and/or 7901.

Note: HP offers limited support for card authentication via magstripe card readers. HP discourages the use of magstripe card readers since they are prone to bad reads and errors. HP recommends using a supported proximity card reader instead.

Supported MFP24 Proximity Card types (HP only)

Specify the MFP 24 card types that your organization supports. You can enter up to four MFP 24 proximity card read types. The setting includes two of the most common MFP 24 proximity card types: 6F01 and EF04.

Supported Card Types

Card Type	Card Value
6F01	HID iClass CSN, ISO 14443A CSN, ISO 15693A CSN
7C02	Felica
7D01	HID iClass CSN
7E01	ISO 15693A CSN, I-Code CSN, my-d CSN, SecuraKey Etag CSN, Texas Instruments Tag-It
7F01	ISO 14443A CSN, DESFire CSN, I-tag CSN, Legic Advant CSN, Mifare CSN, MiFare Ultralight CSN
E902	Paradox
EA01	Keri NXT UID, Pyramid UID, Farpointe Data NXT UID
EA02	Keri NXT 26 Bit, Pyramid 26 Bit, Farpointe Data 26 Bit
EB02	SecuraKey -02
EC01	SecuraKey -01
ED02	Indala ASP + UID (Motorola)
ED04	Indala ASP+ Custom (Motorola)
EF04	HID Prox
F004	ReadyKey Pro UID
F201	HiTag 2 Primary
F204	HiTag 2 Alternate
F302	HiTag 1 and S Primary
F304	HiTag 1 and S Alternate
F401	Deister UID
F503	GProx-II UID
F602	Cardax UID, Russwin UID
F702	2SmartKey (Honeywell), NexKey, Nexwatch, KeyMate, QuadraKey
F801	Keri UID
F802	Keri 26 Bits
F902	ioProx (Kantech)
FA02	Awid
FB01	Em/Marin ME410x/Rosslaire Primary, DIGITAG
FB02	Em/Marin ME410x/Rosslaire Alternate
FC02	Casi-Rusco
FD01	Indala ASP UID (Motorola)
FD02	Indala ASP 26 Bit (Motorola)

Secure Release

Cloud Release (HP and Ricoh only)

This setting overrides the global Cloud Release option available on the Secure PrintSettings page. This gives organizations more control over device configurations, making Secure Print setup simpler and more flexible.

The Cloud Release toggle will only appear in Device Profiles if the global Cloud Release setting in Secure Print Settings (under Document Handling) is enabled.

If the Cloud Release global setting is ON, the Cloud Release setting in the Device Profiles will also be ON. If the Cloud Release global setting is OFF, the Cloud Release setting in the Device Profiles will not be available.

Disabling the Cloud Release enables documents to be released via the Print Scout (instead of going through the cloud).

Note: The Cloud Release setting applies to HP and Ricoh devices only.

For more information about Cloud Release, refer to the Cloud Release document.

Lock device functions (HP only)

The Lock Device function (formerly known as Require authentication for all device functions) controls user access to multifunction printer (MFP) features like print, copy, scan, and fax

When ON: Users must authenticate (e.g., via proximity card or login) before accessing any device function.
When OFF: Authentication is required only for the Secure Print application. Other functions (copy, scan, fax) remain accessible without login.

Note: You'll need to re-secure all the devices on your print environment for the setting to take effect.

Scan

Administrators can configure the default scan options according to their preferences. By default, all printers are assigned to the Default Profile, and the scan options set within it will be applied universally to all the printers. To use different scan options for specific printers, administrators will need to create and apply a separate Device Profile for those printers.

Toggle the switch next to the Scan option to reveal all settings related to Secure Scan and choose the scan options you wish to set as defaults.

Setting	Description
Color Mode	Specify whether the scan job is in Color (default), Grayscale, or Mono
Paper	Specify the paper size for the scan job. The options are: A4 (default EU), Letter (default US) , A3, Ledger, Legal
Quality	Specify the resolution and clarity of the scan job. Options for quality are High, Medium (default), and Low.
Orientation	Specify whether the scan job is Portrait (default) or Landscape.
Two-Sided	Specify whether the scan job is One-sided (default) or Two-sided.
File Type	Specify the file format for the scan job. The options are PDF (default),JPEG, TIFF, PDF/A

Permission Required on Azure to Access Office 365

Office 365 features such as the Scan to OneDrive, Scan to SharePoint, and Scan to Email features use the Microsoft Graph API to upload documents directly to Office 365 and to send email. This allows users to scan documents directly to their personal OneDrive or SharePoint folders. It uses delegated permissions, meaning it relies on the user's own permissions. With delegated permissions, individual users grant the Secure Scan app access to their respective Office 365 folders.

When users in the organization attempt to access SharePoint or OneDrive, a consent request will be sent to the Azure administrator. This process ensures proper authorization through user-based authentication.

Consent Process

When a user first tries to access the Scan to OneDrive/SharePoint feature from the printer, an authorization link is sent to their email. This initiates a one-time consent request for the Azure administrator, who must review and approve access for the following application:

Application ID: afe97133-a356-42df-b5b3-b87eb06b09b2 (Client ID)
Application Name: Pharos Cloud

Required API Permissions

openid
email
profile
offline_access
Sites.ReadWrite.All
Files.ReadWrite
User.Read
Mail.Send
Mail.ReadWrite

Steps to Follow

Navigate to the Azure portal and locate the application using the Client ID: afe97133-a356-42df-b5b3-b87eb06b09b2 (Pharos Cloud).
Verify that the necessary API permissions listed above are present.
Check the expiration status of admin consent for these permissions. Expired consent will prevent access to Sites/Folders and must be renewed

Ensuring the correct configuration of these permissions and obtaining admin consent is essential for seamless access to SharePoint and OneDrive resources.

Scan To Email

To send scanned documents to email the logged-in user’s email address, you will need to configure the HP Insights to communicate with your organization’s SMTP email server or Office 365.

Microsoft 365 - This option integrates with Microsoft's cloud-based email service, allowing users to use their existing Microsoft 365 account to send scanned documents. It’s a convenient choice for organizations using Microsoft 365, as it leverages the same email infrastructure.
SMTP (Simple Mail Transfer Protocol) - This is a standard method for sending emails and can be used with any email provider. Administrators can configure the SMTP settings with details like the server address, port, and authentication information. SMTP is a flexible option that works with a wide range of email services.

Microsoft 365

When the Microsoft 365 option is selected, all Email SMTP settings are hidden, leaving only the Enable Editable To and Max file size settings visible.

Setting	Description
Enable editable "To" field	When enabled, users can: Scan documents and send them directly to a fax machine destination. Send scanned documents to another user’s email address. Previously, the To field was not editable and limited to sending scanned documents to the user's own email address.
Max file size	This enables IT administrators to define the maximum file size for scan to email. The default value is 5MB, while the maximum allowed file size is 80 MB.

Setting

Description

Enable editable "To" field

When enabled, users can:

Scan documents and send them directly to a fax machine destination.
Send scanned documents to another user’s email address. Previously, the To field was not editable and limited to sending scanned documents to the user's own email address.

Max file size

This enables IT administrators to define the maximum file size for scan to email. The default value is 5MB, while the maximum allowed file size is 80 MB.

SMTP

Setting	Description
SMTP Server Name	Enter the name of your organization's SMTP server. This may be in the form smtp.company.com.
SMTP Server Port	Enter the SMTP port number provided by your administrator. The default SMTP port value is 25.
SMTP Username	The user name used to authenticate with the SMTP account.
SMTP Password	The password associated with the SMTP Username used to authenticate to the SMTP server.
SMTP SSL/TLS Protocol	Select this option if your SMTP Server uses SSL/TLS protocol.
Enable editable "To" field	When enabled, users can: Scan documents and send them directly to a fax machine destination. Send scanned documents to another user’s email address. Previously, the To field was not editable and limited to sending scanned documents to the user's own email address.
Max file size	This enables IT administrators to define the maximum file size for scan to email. The default value is 5MB, while the maximum allowed file size is 80 MB.

Scan to OneDrive

When enabled, Scan to One Drive uploads scanned documents directly to the user’s personal OneDrive folder.

Scan to SharePoint

When enabled, Scan to SharePoint uploads scanned documents to a designated location within SharePoint.

Scan to Network

Scan to Network Folder enables users to save scanned documents to a shared folder within the internal network.

In the Network Folder Path, enter the network path where you intend to store the scanned document. For the Username and Password fields, provide the necessary credentials to authenticate access to the specified network folder path.

Add a Profile

Navigate to the Secure > Device Profiles .
Click on the Add button.
In the Profile Properties section, enter a name to identify the profile.
Configure the profile settings based on your requirements, using the Profile Properties section above as a reference for each setting.
Click the Apply button to add the profile.

Duplicate a Profile

Navigate to the Secure > Device Profiles .
Select a profile to duplicate.
Select the Duplicate button to create a copy of the selected profile.
A confirmation message appears, asking if you want to duplicate the selected profile.
The duplicated profile will appear with a default name, such as "[Original Profile Name] (Copy xxxxx).
Rename the duplicated profile to something unique and descriptive of the profile.
Edit profile settings as per your organization's requirements.
Save the new profile by clicking the Apply button.

Delete a Profile

Navigate to the Secure > Device Profiles tab of the web console.
Select a profile you want to delete.
Select the Delete button to delete the selected profile.
A confirmation message will appear, asking you to confirm if you want to delete the selected profile. Click Delete to proceed.

Assign Device Profiles to Printers

Navigate to the Secure > Secure Printers tab.
Select the printers you want to assign a specific device profile to from the list.
Click the Assign Device Profile button and then select the profile you want to assign to the printer.

Note: By default, all printers are assigned the Default Profile.