Account Settings > Settings

The Settings tab under Account Settings centralize common configuration options for Secure Print and Secure Print Direct in HP Insights. From this section, administrators can manage organization-wide settings such as:

• User Authentication Providers

• Friendly URL

• Integration APIs

• User and Group Sync

• Auto Provision

• Email Notifications

• Password Expiration for System Users

• Admin SSO

Note: Administrators can secure the Settings page by locking it with an encryption key (available to System Administrators only). When locked, all settings become read-only for other users. Access to this tab and its features may also be limited based on user roles and account licensing.

User Authentication Providers

The User Authentication Providers section in the Settings screen is where administrators configure how users authenticate to HP Insights services like Secure Print and Secure Print Direct. This configuration determines the identity verification method for print users and system users.

For more information, refer to the Authentication Providers topic.

Friendly URL 

Administrators can use the Friendly URL field to create a short, easy-to-read name for the User Portal link. This replaces the default system-generated identifier shown on the Home Page field in the Secure > Settings > User Portal Settings, making the URL simpler to share and remember.

Notes:

• The Friendly URL is limited to 20 alphanumeric characters.

• Only users with System Administrator and IT Administrator roles can configure the Friendly URL for the User Portal.

• Friendly URLs cannot contain special characters; only alphanumeric characters are allowed.

Integration APIs

On the Account Settings > Settings screen, you can connect to an API endpoint to help you integrate Secure Print into your print environment.

Available APIs

• User Import API - Enables bulk importing of user data, including card registrations, via CSV files. Ideal for onboarding large groups without manual registration.

• User Removal API - Allows administrators to delete users and their associated data (e.g., cards, PINs, passcodes) from the system for deprovisioning purposes.

• User Registration Removal API- Targets the removal of specific login registrations (PIN, card, mobile) without deleting the entire user record, supporting credential updates or re-registration scenarios.

Note: Access to the data is secure and requires authentication per request made.

To use the APIs:

1. Turn on Enable Integration APIs to connect to the API endpoint. This creates an Authorization Key, which will give you access to the API.
2. Select an API to open the dialog box that shows the information on how to use the selected API. Refer to the examples below.

Note: The following examples use the curl utility command line. Use single quotes for Mac or Linux, and double quotes for Windows for your curl commands.

Note: Enter the file path of your CSV file. Take note of the required fields.

Note: When working with PowerShell for HTTP requests , use PowerShell 7 or later.

Secure Print User Import API

The User Import API enables bulk importing of user data including card registrations via CSV files. This API is ideal for onboarding large groups of users without requiring manual registration.

For sites with Active Directory Authentication Provider

Note: Each line in the CSV file includes the following comma-separated fields: Username, Domain, CardID, LastName, and FirstName. The required fields are Username, Domain, and CardID.

HP US

curl -X POST 'https://api.insights.hpondemand.com/ext-import-api/active-directory-users/import' -H 'Authorization: bearer <Authorization Key>' -H 'Content-Type: multipart/form-data' -F 'UsernameColumnName=Username' -F 'DomainColumnName=Domain' -F 'CardColumnName=Card' -F 'FirstNameColumnName=FirstName' -F 'LastNameColumnName=LastName' -F 'DataPrivacyRegionColumnName=DataPrivacyRegion' -F 'File=@<CSV File Path>;type=application/vnd.ms-excel'

Example

curl -X POST 'https://api.insights.hpondemand.com/ext-import-api/active-directory-users/import' -H "Authorization: bearer ee8a77fa8007d9a66ed457dd68802054f965c7198e1458787ddbde1eb6a01fc4" -H "Content-Type: multipart/form-data" -F "UsernameColumnName=Username" -F "DomainColumnName=Domain" -F "CardColumnName=Card" -F "FirstNameColumnName=FirstName" -F "LastNameColumnName=LastName" -F "DataPrivacyRegionColumnName=US-W-2" -F 'File=@D:\email.csv;type=application/vnd.ms-excel'

HP EU

curl -X POST 'https://api-eu.insights.hpondemand.com/ext-import-api/active-directory-users/import' -H 'Authorization: bearer <Authorization Key>' -H 'Content-Type: multipart/form-data' -F 'UsernameColumnName=Username' -F 'DomainColumnName=Domain' -F 'CardColumnName=Card' -F 'FirstNameColumnName=FirstName' -F 'LastNameColumnName=LastName' -F 'DataPrivacyRegionColumnName=DataPrivacyRegion' -F 'File=@<CSV File Path>;type=application/vnd.ms-excel'

Example

curl -X POST 'https://api-eu.insights.hpondemand.com/ext-import-api/active-directory-users/import' -H "Authorization: bearer ee8a77fa8007d9a66ed457dd68802054f965c7198e1458787ddbde1eb6a01fc4" -H "Content-Type: multipart/form-data" -F "UsernameColumnName=Username" -F "DomainColumnName=Domain" -F "CardColumnName=Card" -F "FirstNameColumnName=FirstName" -F "LastNameColumnName=LastName" -F "DataPrivacyRegionColumnName=EU-C-1" -F 'File=@D:\email.csv;type=application/vnd.ms-excel'

For sites with OpendID or Internal Authentication

Note: For card Each line in the CSV file includes the following comma-separated fields: EmailAddress, CardID, FirstName, and LastName . EmailAddress and CardID are required fields. Firstname and Lastname are optional fields.

HP US

curl -X POST 'https://api.insights.hpondemand.com/ext-import-api/users/import' -H 'Authorization: bearer <Authorization Key>' -H 'Content-Type: multipart/form-data' -F 'EmailColumnName=Email' -F 'CardColumnName=Card' -F 'FirstNameColumnName=FirstName' -F 'LastNameColumnName=LastName' -F 'UserGroupsColumnName=UserGroups' -F 'DataPrivacyRegionColumnName=DataPrivacyRegion' -F 'File=@<CSV File Path>;type=application/vnd.ms-excel'

HP EU

curl -X POST 'https://api-eu.insights.hpondemand.com/ext-import-api/users/import' -H 'Authorization: bearer <Authorization Key>' -H 'Content-Type: multipart/form-data' -F 'EmailColumnName=Email' -F 'CardColumnName=Card' -F 'FirstNameColumnName=FirstName' -F 'LastNameColumnName=LastName' -F 'UserGroupsColumnName=UserGroups' -F 'DataPrivacyRegionColumnName=DataPrivacyRegion' -F 'File=@<CSV File Path>;type=application/vnd.ms-excel'

Secure Print User Removal API

The User Removal API allows administrators to delete users and their associated data (e.g., Card Readers, PINs, passcodes) from the system. This is useful for deprovisioning users who no longer require access.

For sites with Active Directory Authentication Provider

Note: Your CSV file must include Username and Domain fields.

HP US

curl -X POST 'https://api.insights.hpondemand.com/ext-import-api/active-directory-users/remove' -H 'Authorization: bearer <Authorization Key>' -H 'Content-Type: multipart/form-data' -F 'UsernameColumnName=Username' -F 'DomainColumnName=Domain' -F 'File=@<CSV File Path>;type=application/vnd.ms-excel'

HP EU

curl -X POST 'https://api-eu.insights.hpondemand.com/ext-import-api/active-directory-users/remove' -H 'Authorization: bearer <Authorization Key>' -H 'Content-Type: multipart/form-data' -F 'UsernameColumnName=Username' -F 'DomainColumnName=Domain' -F 'File=@<CSV File Path>;type=application/vnd.ms-excel'

For sites with OpendID or Internal Authentication

Note: Your CSV file must include the EmailAddress field.

HP US

curl -X POST 'https://api.insights.hpondemand.com/ext-import-api/users/remove' -H 'Authorization: bearer <Authorization Key>' -H 'Content-Type: multipart/form-data' -F 'EmailColumnName=Email' -F 'File=@<CSV File Path>;type=application/vnd.ms-excel'

HP EU

curl -X POST 'https://api-eu.insights.hpondemand.com/ext-import-api/users/remove' -H 'Authorization: bearer <Authorization Key>' -H 'Content-Type: multipart/form-data' -F 'EmailColumnName=Email' -F 'File=@<CSV File Path>;type=application/vnd.ms-excel'

Secure Print User Registration Removal

The User Registration Removal API allows IT administrators to programmatically remove a batch of print users' login registrations (PIN, Card Reader or Mobile Registration) via a CSV file. This targets the removal of specific registration elements such as Card Readers and PINs, without deleting the full user record. This supports scenarios where users need to re-register or update credential

For sites with Active Directory Authentication Provider

Note: The CSV file requires Username, Domain, and Logins fields as shown in the example below. Logins values are as follows 1=PIN, 2= Proximity Badge, 3= PIN and Proximity Badge, 4=Mobile, 5= Mobile and PIN, 6=Mobile and Card, and 7=Mobile, Card, and PIN.

HP US

curl -X POST 'https://api.insights.hpondemand.com/ext-import-api/active-directory-users/remove-logins' -H 'Authorization: bearer <Authorization Key>' -H 'Content-Type: multipart/form-data' -F 'UsernameColumnName=Username' -F 'DomainColumnName=Domain' -F 'LoginsColumnName=Logins' -F 'File=@<CSV File Path>;type=application/vnd.ms-excel'

HP EU

curl -X POST 'api-eu.insights.hpondemand.com/ext-import-api/active-directory-users/remove-logins' -H 'Authorization: bearer <Authorization Key>' -H 'Content-Type: multipart/form-data' -F 'UsernameColumnName=Username' -F 'DomainColumnName=Domain' -F 'LoginsColumnName=Logins' -F 'File=@<CSV File Path>;type=application/vnd.ms-excel'

For sites with OpendID or Internal Authentication

Note: The CSV file requires Logins and Email fields. Logins values are as follows 1=PIN, 2= Proximity Badge, 3= PIN and Proximity Badge, 4=Mobile, 5= Mobile and PIN, 6=Mobile and Card, and 7=Mobile, Card, and PIN.

HP US

curl -X POST 'https://api.insights.hpondemand.com/ext-import-api/users/remove-logins' -H 'Authorization: bearer <Authorization Key>' -H 'Content-Type: multipart/form-data' -F 'EmailColumnName=Email' -F 'LoginsColumnName=Logins' -F 'File=@<CSV File Path>;type=application/vnd.ms-excel'

HP EU

curl -X POST 'https://api-eu.insights.hpondemand.com/ext-import-api/users/remove-logins' -H 'Authorization: bearer <Authorization Key>' -H 'Content-Type: multipart/form-data' -F 'EmailColumnName=Email' -F 'LoginsColumnName=Logins' -F 'File=@<CSV File Path>;type=application/vnd.ms-excel'

Checking the status of the import

The time it takes to complete an import using an API varies, depending on how busy the import service is. After an import, you will see a message similar to the following image. It shows that the import file was submitted, it provides the job GUID, and shows that the job is in a pending state.

You can check the status of an import by copying the importGuid and then running this curl command:

HP US

curl -H 'Authorization: bearer <Authorization Key>' https://api.insights.hpondemand.com/ext-import-api/imports/<ImportGuid>/information

HP EU

curl -H 'Authorization: bearer <Authorization Key>' https://api-eu.insights.hpondemand.com/ext-import-api/imports/<ImportGuid>/information

User and Group Sync (using SCIM)

HP Insights supports the automatic provisioning of users and groups from identity providers using the System for Cross-domain Identity Management (SCIM) protocol. SCIM is an open standard automating user provisioning for organizations by communicating employee identity data from identity providers (IdP) to service providers.

HP Insights supports the following identity providers:

• Microsoft Microsoft Entra ID
• Okta
• Ping Identity

The User and Group Sync section is used to import users and groups from an identity provider that supports SCIM 2.0.

The Generate Token is used to generate the SCIM credentials for use in your chosen identity provider. Download the generate Tenant URL and Token values. You will need these later when configuring the SCIM application in your identity provider.

Last Access shows the date and time when an action (e.g. update users or groups) occurs on the identity provider. A warning appears if HP Insights has not received any update for over 60 days.

Token Expiry shows when the generated token expires. You will get a warning message when the token is about to expire(2 weeks before expiry) or has expired.

Note: It is highly recommended to download a copy of the credentials using the Download button (instead of the Copy button). If you accidentally open a new tab, a new token will be generated and this may result in a mismatch.

• The Generate Token button changes to Regenerate Token if a token was already generated.
• The Token is valid for a year. If a token is about to expire or has expired, you will see an appropriate message in the HP Insights web console. You will need to regenerate a token and update the token in your identity provider.
• Once a connection with SCIM is established, we do not recommend using the import function to import users into HP Insights. You can however use import to add cards for the users.

Note: The User and Group Sync section is available in the Account Settings > Settings tab of the web console.

Auto-Provision

The Auto‑Provision toggle controls whetherHP Insights automatically creates user accounts when users sign in through external identity providers. This setting is available under Account Settings > Settings and allows administrators to enable or disable just‑in‑time user provisioning for authentication via OpenID or SAML. Prior to HP Insights 4.4, this behavior was always enabled and could not be turned off. By controlling auto provisioning, organizations can better manage user access and licensing costs.

• When Auto‑Provision is enabled, HP Insights automatically creates a user account the first time a user signs in through a supported identity provider (OpenID or SAML). Users can sign in from any supported access point, including mobile app, User Portal, Chrome extension, Secure printers, and Print Scout.

• When Auto‑Provision is disabled, users are not allowed to self‑register during OpenID or SAML authentication.User accounts must instead be created by an administrator or provisioned through SCIM.

Notes:

• Auto‑Provision is enabled by default for all customers. If the setting is not changed, HP Insights will continue to automatically create users on their first OpenID or SAML sign‑in.

• This setting applies only to auto provisioning through OpenID and SAML. Internal and AD users are not affected; the toggle does not appear for these auth types and auto-provision continues to work as before.

Admin SSO

The Admin SSO under Account Settings > Settings is where administrators configure Single Sign-On for the web console itself, specifically for SCIM-based / group-based access.

Note: For more information on how to configure Single Sign-On for the web console with SCIM and group mapping, refer to Configure New SCIM-based SSO for administrators documentation.

When the Enable SSO Sign-In for System Users toggle is enabled. It enables administrators to configure

• Administrators sign into the HP Insights Web console via your IdP (e.g., Microsoft Entra ID) instead of local “System User” accounts.

• Access to HP Insights admin features is determined by group membership in your IdP, mapped to roles (via the Group Mapping tab).

Note: When the Enable SSO Sign-in for System Users is enabled, the older Single Sign-On Configuration tab under Account Settings is still present but only shows “This feature is not applicable”.

Email Notifications

Email notification settings are available in the web console under Account Settings > Settings > Email Notifications. From this tab, administrators can review all HP Insights features and workflows that generate email notifications.

Email notifications are grouped by audience and clearly distinguish between configurable notifications and Essential Email Notifications.

• Configurable notifications appear under Print User Notifications and Administrator Notifications. These can be enabled or disabled using the available checkboxes and include items such as passcode emails, registration notifications, and administrator logs.

• Essential Email Notifications (Always on) support core features such as Secure Print (Internal), External Proximity Card, Guest Print, and Scan to Office 365. These notifications are required and cannot be disabled.

This ensures critical workflows continue to function even when optional notifications are turned off.

Password Expiration for System Users

HP Insights supports password expiration for system (internal) users, allowing administrators to enforce stronger password hygiene and align with organizational security and compliance requirements.

By default, system user passwords do not expire. When password expiration is enabled, administrators can define how often passwords must be changed, prevent reuse of recent passwords, and force immediate password changes when needed. These controls apply only to system users who authenticate directly against HP Insights, not users authenticated through external identity providers.

Password expiration helps reduce long‑lived credentials and ensures administrative access remains protected over time.

Who Password Expiration Applies To

Password expiration applies to System (internal) users who sign in using HP Insights credentials.

Enable Password Expiration

Turn Enable password expiration ON to require system users to change their passwords on a regular schedule.

• When OFF, passwords do not expire and users can continue using their existing passwords.

• When ON, password expiration rules are enforced for all system users.

By default, password expiration is disabled until explicitly enabled by an administrator.

• Password expiry (Valid range 1–365 days) - Defines how long a password can be used before it must be changed.

• Reset all system users passwords - Immediately expires the passwords of all internal users in the tenant, forcing a password change at next login.