Device Profiles

Overview

With Device Profiles, Secure Print settings can be customized for each printer, allowing for tailored configurations rather than applying the same settings across all printers. For instance, administrators can now set different default paper sizes for scanning, such as Letter for devices in the US and A4 for devices in Europe.

Device Profiles Actions

The Device Profiles tab includes the following action buttons:

  • Add - Create a new profile.

  • Duplicate - Copy an existing profile to create a duplicate.

  • Delete - Remove an existing profile.

Default Profile

By default, a single Default Profile is created, which includes default Secure Print and Secure Scan options. Administrators cannot rename or delete this system-generated profile but can modify its settings.

All printers listed in the Secure Printers tab are assigned the Default Profile by default. Administrators can reassign printers to different profiles through the Secure Printers tab if specific configurations are needed. Any new devices that get added will get the Default Profile assigned to them automatically. Administrators can also edit the Default Profile.

Profile Properties

General

Setting

Description

Name Name uniquely identifies a device profile within the system.
Description Description provides additional context about the device profile.

User Experience

Setting

Description

Device Logon Experience

The device logon experience setting specifies how users interact with the device during the logon process. The options are:

  • Secure Print - This is the default setting. When selected, the user will see the Secure Print screen on authentication. The display may vary depending on the authentication provider configured.

  • Review Documents - When enabled, users will be directed to the Review Documents(showing the list of documents submitted) screen immediately after logging in.

  • Touchless Printing - With Touchless Printing enabled, employees simply tap their proximity card at a preferred printer. All documents in their personal queue will begin printing after 5 seconds. An employee can cancel printing before the 5-second timer elapses by simply pressing Cancel.

Note: The system supports touchless printing with proximity cards no matter which authentication method or provider the customer is configured for: Internal, Active Directory, and OpenID.

  • Device Home - If enabled, when a user logs onto a secure printer, the device shows its Home Screen instead of the Secure Print screen. From the Home Screen, the user has access to such functions as copy/scan.

Print Options

This setting displays the visibility of the Print Options button.

When set to “Hidden”, users are prevented from changing print options after the job has been submitted.

When set to “Shown”, users can change document options at the secure printer after the job has been submitted. For example, if a user submitted a color job, they have the option to change it to mono (black & white) from the printer's user interface.

This setting is set to "Shown" by default.

Print And Retain

Displays the Print And Retain button, allowing users to reprint their documents.

When set to "Hidden," users cannot retain print jobs in the queue after release.

When set to "Shown," users can reprint documents as needed. Reprinting a document may be necessary if you need to be able to print a job once and release it multiple times so that you can proof the content once before creating multiple copies. For example, you can proof one copy in mono and duplex and then print 100 copies single-sided in color.

This setting is set to "Shown" by default.

Proximity Card Registration

When this setting is turned on, users can register their proximity cards at the secure printers using their email and PIN (for email-based auth), network ID (for Active Directory auth), or passcode (for OpenID auth) . Once a proximity card is registered, users can release documents to any secure printer in the organization.

The proximity card registration setting is turned on by default. If you prefer importing users’ cards into the system, you may want to disable card registration. If card registration is disabled, users with unregistered cards will see a friendly message informing them of the appropriate action to take.

Note: If you have an OpenID implementation, card registration is supported only on printers that support passcode authentication

Network Timeout (Seconds) The Network Timeout setting controls the time before requests to the Site Service from the secure printers time out. The default is 10 seconds. If a request takes more than 10 seconds to complete, the secure printer shows an error message “Error Releasing Print Jobs. Unable to complete the request due to network issues. Please try again later”. You can change the default in situations where network connectivity is slower than normal, for example.
Number of Documents displayed on device The Number of documents displayed on device controls the number of documents displayed on a secure printer. The default value is 50 documents and the maximum value is 150 documents.

Proximity Card

Card Reader

You can select a card reader from the drop-down menu. The VID: PID values are automatically set for each card reader.

Choosing Other allows you to enter the decimal values for the VID and PID of the card reader of your choice.

Card Reader VID PID
Rf IDEAS Proximity Keystroke 3111 15354
HP Universal Card Reader (MFP 24) 1008 69
HP Legic Card Reader (4QL32A) 1008 69
Omnikey 5427 (Keystroke) 1899 21544
Elatec TWN4 2520 1040

When the HP Universal Card Reader or HP LEGIC Card Reader is selected, a field labeled Supported Proximity Card Types appears. This field displays a drop-down list of card types that are compatible with the selected reader.

After selecting a supported card type, administrators can navigate to the Secure > Settings screen and locate the Decode Card Data section. This section allows administrators to configure how badge data is interpreted by HP card readers, specifically the HP Legic and HP Universal models.

Note: When connecting a Legic card reader to the printer, it's crucial to select the HP Legic Card Reader option from the web console first. Failure to do so can result in the card reader malfunctioning. It's also important to note that Legic card readers currently only support the values 6F03 and 7901. If any other value is added, the card reader will not function properly. Therefore, it's essential to ensure that Supported proximity card type is set to have only the values 6F03 and/or 7901.

Note: HP offers limited support for card authentication via magstripe card readers. HP discourages the use of magstripe card readers since they are prone to bad reads and errors. HP recommends using a supported proximity card reader instead.

Supported MFP24 Proximity Card types (HP only)

Specify the MFP 24 card types that your organization supports. You can enter up to four MFP 24 proximity card read types. The setting includes two of the most common MFP 24 proximity card types: 6F01 and EF04.

Supported Card Types

Card Type Card Value
6F01 HID iClass CSN, ISO 14443A CSN, ISO 15693A CSN
7C02 Felica
7D01 HID iClass CSN
7E01 ISO 15693A CSN, I-Code CSN, my-d CSN, SecuraKey Etag CSN, Texas Instruments Tag-It
7F01 ISO 14443A CSN, DESFire CSN, I-tag CSN, Legic Advant CSN, Mifare CSN, MiFare Ultralight CSN
E902 Paradox
EA01 Keri NXT UID, Pyramid UID, Farpointe Data NXT UID
EA02 Keri NXT 26 Bit, Pyramid 26 Bit, Farpointe Data 26 Bit
EB02 SecuraKey -02
EC01 SecuraKey -01
ED02 Indala ASP + UID (Motorola)
ED04 Indala ASP+ Custom (Motorola)
EF04 HID Prox
F004 ReadyKey Pro UID
F201 HiTag 2 Primary
F204 HiTag 2 Alternate
F302 HiTag 1 and S Primary
F304 HiTag 1 and S Alternate
F401 Deister UID
F503 GProx-II UID
F602 Cardax UID, Russwin UID
F702 2SmartKey (Honeywell), NexKey, Nexwatch, KeyMate, QuadraKey
F801 Keri UID
F802 Keri 26 Bits
F902 ioProx (Kantech)
FA02 Awid
FB01 Em/Marin ME410x/Rosslaire Primary, DIGITAG
FB02 Em/Marin ME410x/Rosslaire Alternate
FC02 Casi-Rusco
FD01 Indala ASP UID (Motorola)
FD02 Indala ASP 26 Bit (Motorola)

Secure Release

Cloud Release (HP and Ricoh only)

This setting overrides the global Cloud Release option available on the Secure PrintSettings page. This gives organizations more control over device configurations, making Secure Print setup simpler and more flexible.

The Cloud Release toggle will only appear in Device Profiles if the global Cloud Release setting in Secure Print Settings (under Document Handling) is enabled.

If the Cloud Release global setting is ON, the Cloud Release setting in the Device Profiles will also be ON. If the Cloud Release global setting is OFF, the Cloud Release setting in the Device Profiles will not be available.

Disabling the Cloud Release enables documents to be released via the Print Scout (instead of going through the cloud).

Note: The Cloud Release setting applies to HP and Ricoh devices only.

For more information about Cloud Release, refer to the Cloud Release document.

Lock device functions (HP only)

The Lock Device function (formerly known as Require authentication for all device functions) controls user access to multifunction printer (MFP) features like print, copy, scan, and fax

  • When ON: Users must authenticate (e.g., via proximity card or login) before accessing any device function.

  • When OFF: Authentication is required only for the Secure Print application. Other functions (copy, scan, fax) remain accessible without login.

Note: You'll need to re-secure all the devices on your print environment for the setting to take effect.

Scan

Administrators can configure the default scan options according to their preferences. By default, all printers are assigned to the Default Profile, and the scan options set within it will be applied universally to all the printers. To use different scan options for specific printers, administrators will need to create and apply a separate Device Profile for those printers.

Toggle the switch next to the Scan option to reveal all settings related to Secure Scan and choose the scan options you wish to set as defaults.

Setting

Description

Color Mode Specify whether the scan job is in Color (default), Grayscale, or Mono
Paper

Specify the paper size for the scan job. The options are: A4 (default EU), Letter (default US) , A3, Ledger, Legal

Quality Specify the resolution and clarity of the scan job. Options for quality are High, Medium (default), and Low.
Orientation Specify whether the scan job is Portrait (default) or Landscape.
Two-Sided Specify whether the scan job is One-sided (default) or Two-sided.
File Type Specify the file format for the scan job. The options are PDF (default),JPEG, TIFF, PDF/A

Permission Required on Azure to Access Office 365

Office 365 features such as the Scan to OneDrive, Scan to SharePoint, and Scan to Email features use the Microsoft Graph API to upload documents directly to Office 365 and to send email. This allows users to scan documents directly to their personal OneDrive or SharePoint folders. It uses delegated permissions, meaning it relies on the user's own permissions. With delegated permissions, individual users grant the Secure Scan app access to their respective Office 365 folders.

When users in the organization attempt to access SharePoint or OneDrive, a consent request will be sent to the Azure administrator. This process ensures proper authorization through user-based authentication.

Consent Process

When a user first tries to access the Scan to OneDrive/SharePoint feature from the printer, an authorization link is sent to their email. This initiates a one-time consent request for the Azure administrator, who must review and approve access for the following application:

  • Application ID: afe97133-a356-42df-b5b3-b87eb06b09b2 (Client ID)

  • Application Name: Pharos Cloud

Required API Permissions

  • openid

  • email

  • profile

  • offline_access

  • Sites.ReadWrite.All

  • Files.ReadWrite

  • User.Read

  • Mail.Send

  • Mail.ReadWrite

Steps to Follow

  1. Navigate to the Azure portal and locate the application using the Client ID: afe97133-a356-42df-b5b3-b87eb06b09b2 (Pharos Cloud).

  2. Verify that the necessary API permissions listed above are present.

  3. Check the expiration status of admin consent for these permissions. Expired consent will prevent access to Sites/Folders and must be renewed

Ensuring the correct configuration of these permissions and obtaining admin consent is essential for seamless access to SharePoint and OneDrive resources.

Scan To Email

To send scanned documents to email the logged-in user’s email address, you will need to configure the HP Insights to communicate with your organization’s SMTP email server or Office 365.

  • Microsoft 365 - This option integrates with Microsoft's cloud-based email service, allowing users to use their existing Microsoft 365 account to send scanned documents. It’s a convenient choice for organizations using Microsoft 365, as it leverages the same email infrastructure.

  • SMTP (Simple Mail Transfer Protocol) - This is a standard method for sending emails and can be used with any email provider. Administrators can configure the SMTP settings with details like the server address, port, and authentication information. SMTP is a flexible option that works with a wide range of email services.

Microsoft 365

When the Microsoft 365 option is selected, all Email SMTP settings are hidden, leaving only the Enable Editable To and Max file size settings visible.

Setting

Description

Enable editable "To" field

When enabled, users can:

  • Scan documents and send them directly to a fax machine destination.
  • Send scanned documents to another user’s email address. Previously, the To field was not editable and limited to sending scanned documents to the user's own email address.
Max file size This enables IT administrators to define the maximum file size for scan to email. The default value is 5MB, while the maximum allowed file size is 80 MB.
SMTP
Setting Description
SMTP Server Name Enter the name of your organization's SMTP server. This may be in the form smtp.company.com.
SMTP Server Port Enter the SMTP port number provided by your administrator. The default SMTP port value is 25.
SMTP Username The user name used to authenticate with the SMTP account.
SMTP Password The password associated with the SMTP Username used to authenticate to the SMTP server.
SMTP SSL/TLS Protocol Select this option if your SMTP Server uses SSL/TLS protocol.
Enable editable "To" field

When enabled, users can:

  • Scan documents and send them directly to a fax machine destination.
  • Send scanned documents to another user’s email address. Previously, the To field was not editable and limited to sending scanned documents to the user's own email address.
Max file size This enables IT administrators to define the maximum file size for scan to email. The default value is 5MB, while the maximum allowed file size is 80 MB.

Scan to OneDrive

When enabled, Scan to One Drive uploads scanned documents directly to the user’s personal OneDrive folder.

Scan to SharePoint

When enabled, Scan to SharePoint uploads scanned documents to a designated location within SharePoint.

Scan to Network

Scan to Network Folder enables users to save scanned documents to a shared folder within the internal network.

In the Network Folder Path, enter the network path where you intend to store the scanned document. For the Username and Password fields, provide the necessary credentials to authenticate access to the specified network folder path.

Add a Profile

  1. Navigate to the Secure > Device Profiles .

  2. Click on the Add button.

  3. In the Profile Properties section, enter a name to identify the profile.

  4. Configure the profile settings based on your requirements, using the Profile Properties section above as a reference for each setting.

  5. Click the Apply button to add the profile.

Duplicate a Profile

  1. Navigate to the Secure > Device Profiles .

  2. Select a profile to duplicate.

  3. Select the Duplicate button to create a copy of the selected profile.

  4. A confirmation message appears, asking if you want to duplicate the selected profile.

  5. The duplicated profile will appear with a default name, such as "[Original Profile Name] (Copy xxxxx).

  6. Rename the duplicated profile to something unique and descriptive of the profile.

  7. Edit profile settings as per your organization's requirements.

  8. Save the new profile by clicking the Apply button.

Delete a Profile

  1. Navigate to the Secure > Device Profiles tab of the web console.

  2. Select a profile you want to delete.

  3. Select the Delete button to delete the selected profile.

  4. A confirmation message will appear, asking you to confirm if you want to delete the selected profile. Click Delete to proceed.

Assign Device Profiles to Printers

  1. Navigate to the Secure > Secure Printers tab.

  2. Select the printers you want to assign a specific device profile to from the list.

  3. Click the Assign Device Profile button and then select the profile you want to assign to the printer.

Note: By default, all printers are assigned the Default Profile.