Configure Internal Authentication
Internal Authentication uses email address and PIN credentials managed directly by HP Insights. No external directory or identity provider is required. This is the default authentication provider for new tenants.
How it works
When a user authenticates , for example at a printer, they provide their email address and PIN. HP Insights validates these credentials against its own user store. If they match, a session is established and the user can access their print queue.
No browser redirect, external login, or token exchange occurs. Authentication begins and ends withinHP Insights.
Note: Switching away from Internal Authentication clears all existing user registrations. All users must register again. The Site Encryption Key is required to make this change.
Enable Internal Authentication
1. Navigate to Account Settings → Settings → User Authentication Providers.
2. Select Internal.
3. Click Save.
No further configuration is required. Users can register immediately.
Restrict registration to specific email domains
By default, users can register with any email domain. To restrict registration:
1. Navigate to Account Settings → Settings → User Authentication Providers → Internal.
2. In the Email domain whitelist field, enter a domain (for example company.com) and click Add.
3. Repeat for each permitted domain.
4. Click Save.
Users who attempt to register with a non-whitelisted domain see: "<domain> is not allowed."
Note: Removing a domain from the whitelist does not affect users already registered with that domain. Only new registrations are blocked.
To remove a domain: select it in the whitelist and click Delete selected, then click Save.
How users register and authenticate
Users launch the HP Secure Print desktop app and enter their email address. HP Insights sends a verification email. After verifying, the email address becomes their print identity.
The registration process has three steps:
-
The user opens the HP Secure Print Setup Guide and enters their email address. HP Insights sends a verification email.
-
The user verifies their email, either by clicking the confirmation link in the email, or by entering the verification code manually in the Setup Guide. The link and code are valid for one hour.
-
After verification, the user sets a 4-digit PIN. This PIN, combined with their registered email address, is what they use to release documents at the printer.
To authenticate:
At the printer (Secure Print Service): users enter their email address and PIN, or swipe a registered card.
Direct Print: users sign in to the Pharos Print desktop app with their email and PIN. Print queues install automatically.
For user-facing instructions, see Register your email address.
Settings reference
| Setting | Description |
|---|---|
| Email domain whitelist | List of email domains permitted to register. If empty, all domains are allowed. Existing registrations are not affected when a domain is removed. |
Troubleshooting
Verification email not received
Check the user's junk or spam folder. If it is not there, the email domain may be on the centralised email blocklist used by HP Insights. This is stored in a cache with a TTL of 1–7 days. Contact Pharos Support and request that the domain be cleared from the blocklist. Provide the full email domain (for example company.com) and the tenant ID.
User receives "domain is not allowed" when registering
The user's email domain is not on the whitelist. Either add the domain to the whitelist in Account Settings → Settings → User Authentication Providers → Internal, or ask the user to register with an email address from a whitelisted domain.
Related Topics: