Configuring Secure Scan

Secure Scan enables administrators to easily manage printing and MFP scanning across their organization and provides users with a simplified and consistent user experience across all the supported manufacturers.

Key Features

  • Provides simple scan to email functionality: With just a few clicks, users can send scanned documents to their email address because the following fields are pre-set.

    • To and From fields: These fields are pre-filled with the user’s email address.
    • Subject: This shows the scanned document’s file name (e.g. Secure Scan_7_3_2022.jpg)
    • Message: This shows the accompanying message in the email (e.g. Please find the scanned file in the attachment)
  • With Scan-to-email, users can scan documents and send them directly to a fax machine destination.
  • Integrates with OneDrive and SharePoint. Users can upload their scanned documents to OneDrive or SharePoint.
  • Supports saving scanned document to a network folder.
  • Uses the same authentication method as Secure Print. Secure Scan requires users to authenticate to access the Secure Scan function.
  • Scanned documents are encrypted via TLS 1.2 while in transit to their destination - scanned documents are never stored at rest on HP Insights.
  • Scan job metadata is sent to HP Insights for reporting purposes based on the user's data privacy settings.

Supported Printer Manufacturers

  • HP
  • Canon
  • Ricoh
  • Toshiba
  • Xerox

Scan Destinations

Users can send or upload their scanned documents to the following destinations:

  • Email – Scanned documents are sent as email attachments to the logged-in user’s email address.

Note: Scan to Email also allows users to scan documents and send them directly to a fax machine destination. To enable this feature, IT admins will need to select the Enable editable To: field setting in the Secure > Settings > Secure Scan Settings of the web console.

  • OneDrive – Upload scanned documents to the user’s OneDrive folder.
  • SharePoint – Upload scanned documents to a SharePoint location.
  • Network Folder - Save scanned documents to a shared folder on your internal work.

Scan Options

If the default scan settings are not suitable, users can change them before scanning the document.

  • File Format: JPEG (default), PDF, TIFF
  • Quality (DPI): 100 (default), 300, 400, 600
  • Color Mode: Auto (default), Color Glossy Photo, Mono Text, Mono Text Photo, Mono Text Lineart, Mono Photo, Grayscale
  • Paper Size: Auto (default), Letter, Invoice, A3, A4, 11x17, B5, B4, Legal, Mexico Oficio, Tabloid
  • Orientation: Portrait (default), Landscape
  • Two-sided/One-sided: One-sided (default), Two-sided

The available scan options depend on the attributes supported by the printer. For example, if Auto is not supported, it won't appear as an option.

HP Devices Default Scan Options

HP devices come with a predefined set of default scan options.The default scan options are as follows:

  • File Format: PDF

  • Color Mode: Color

  • Paper Size: Letter

  • Two-sided/One-sided: Simplex

  • Orientation: Portrait

  • Quality: Medium

Basic Workflow

  1. An IT administrator enables Secure Scan on the web console and configures the scan destination settings.
  2. The user logs in to a secure printer and selects the Scan Document option.
  3. The user places the document to be scanned in the automatic document feeder (ADF) or the scanner glass.
  4. The Scan Options screen is displayed. The user selects desired scan options if the default values are not suitable.
  5. The user clicks Done. This opens the Scan Destinations screen. The user selects their preferred destination (Email, OneDrive, SharePoint, or Network Folder).

Note: Microsoft OneDrive and SharePoint destinations may require users to authorize the Secure Scan app access to their Office 365 folders depending on whether the site is configured to use user-based authentication.

  1. The user clicks the Scan Document to start the scan operation. If the scan is successful, the user sees the Scan Request complete message. Otherwise, the user sees an error message.
  1. The scanned document is sent to the user’s selected scan destination.

Important Notes:

  • Canon, and Ricoh printers need to be resecured to initialize scan.
  • Toshiba: For Secure Scan to work on Toshiba MFPs, the following needs to be configured via the Toshiba printer’s TopAccess web interface
    • Enable the SSL/TLS setting under the Network > WSD section
    • Disable User Authentication for Scan under Security > Authentication > User Authentication section.

Limitations and Known Issues

  • Toshiba: Multi-Page scanning from Platen glass is not supported.
  • Canon: Scanned documents in PDF format cannot be opened at the destination (e.g. email, network folder, or OneDrive).

Configuring Secure Scan

Step 1: Enable Secure Scan

  1. Navigate to the Secure > Settings screen on the HP Insights web console.
  2. In the Secure Scan Settings section, enable Secure Scan by turning the toggle switch on.

Step 2: Configure Scan Destination Settings

In this step, you will be configuring how to send scanned documents to users. Scanned documents can either be sent to the user's email address, uploaded to OneDrive, SharePoint, or a network folder.

Scan to Email Settings

To send scanned documents to email the logged-in user’s email address, you will need to configure the HP Insights to communicate with your organization’s SMTP email server.

Note: Contact your IT administrator to get details of your SMTP server.

Setting Description
SMTP Server Name Enter the name of your organization's SMTP server. This may be in the form smtp.company.com.
SMTP Server Port Enter the SMTP port number provided by your administrator. The default SMTP port value is 25.
SMTP Username The user name used to authenticate with the SMTP account.
SMTP Password The password associated with the SMTP Username used to authenticate to the SMTP server.
Enable SMTP SSL/TLS Protocol Select this option if your SMTP Server uses SSL/TLS protocol.
Max file size This enables IT administrators to define the maximum file size for scan to email. The default value is 5MB, while the maximum allowed file size is 2047 MB.
Enable editable "To" field

When enabled, users can:

  • Scan documents and send them directly to a fax machine destination.
  • Send scanned documents to another user’s email address. Previously, the To field was not editable and limited to sending scanned documents to the user's own email address.

Scan to Network Folder

Scan to Network Folder enables users to save scanned documents to a shared folder within the internal network. To activate this feature, IT administrators must select the "Enable Scan to Network Folder" option under the Secure > Settings > Secure Scan Settings.

In the Network Folder Path, enter the network path where you intend to store the scanned document. For the Username and Password fields, provide the necessary credentials to authenticate access to the specified network folder path.

Scan to Office 365 Settings (OneDrive and SharePoint)

The Scan to Office 365 feature uses the Microsoft Graph API for uploading documents to either OneDrive or SharePoint. Existing customers can choose between enabling user-based authentication or using tenant-based authentication. New customers, however, will only have the option of enabling user-based authentication.

Enable User-Based Authentication - Once enabled, this allows users to scan documents directly to their personal OneDrive or SharePoint folders. It uses delegated permissions, meaning it relies on the user's own permissions rather than application-based permissions used in tenant-based configurations. With delegated permissions, individual users grant the Secure Scan app access to their respective Office 365 OneDrive or SharePoint folders. User-based authentication eliminates the need for IT admins to manually create an Azure application; this process is automatically managed on your behalf. All that IT administrators need to do is enable this setting.

Note: New HP Insights customers will get the User-based authentication option only. However, existing customers can maintain their tenant-based configuration if they choose. Should you choose to transition to user-based authentication, you will need to apply the latest version of the Site Service. By checking the Enable User Based Authentication, you will permanently delete the tenant based information.

Permission Required on Azure for User-Based Authentication to Access SharePoint/OneDrive (Office365)

When users in the organization attempt to access SharePoint or OneDrive, a consent request will be sent to the Azure administrator. This process ensures proper authorization through user-based authentication.

Consent Process

Upon a user's initial attempt to access Scan to OneDrive/SharePoint from printer, an authorization link will be sent to their email. This triggers a consent request for the Azure administrator. This process is one-time, requiring the administrator to review and grant consent to the following application:

  • Application ID: afe97133-a356-42df-b5b3-b87eb06b09b2 (Client ID)

  • Application Name: Pharos Cloud

Required API Permissions

  • openid

  • email

  • profile

  • offline_access

  • Sites.ReadWrite.All

  • Files.ReadWrite

Steps to Follow

  1. Navigate to the Azure portal and locate the application using the Client ID: afe97133-a356-42df-b5b3-b87eb06b09b2 (Pharos Cloud).

  2. Confirm the presence of the required API permissions listed above.

  3. Verify the expiration status of admin consent for these permissions. Expired consent will disrupt access to Sites/Folders and must be renewed.

Ensuring the correct configuration of these permissions and obtaining admin consent is essential for seamless access to SharePoint and OneDrive resources.

Step 3: Resecure the Printer (Canon, Ricoh)

For Secure Scan to operate correctly, IT administrators must resecure Canon, and Ricoh printers.

Note: HP and Toshiba printers do not need to be resecured.

Related Topic: How to scan documents