- 24 Jun 2024
- 12 Minutes to read
- Print
- DarkLight
- PDF
Pharos Beacon Update: November 2021 Release Notes
- Updated on 24 Jun 2024
- 12 Minutes to read
- Print
- DarkLight
- PDF
The latest release of Beacon and Sentry Print includes new features such as Web Console, Single Sign-On Support, Universal Print Integration, Guest Printing, Policy Print, and MFP improvements. Single Sign-On allows users to log in using their identity provider credentials. Policy Print promotes responsible printing habits. Universal Print Integration simplifies printing for Microsoft 365 users. Sentry Print now supports Canon, Toshiba, and Lexmark devices. New features include Authenticate to Device Home, Second Swipe Logout, and OpenID/Passcode Authentication Support. Passcode Authentication offers an alternative to ID cards. The Discovery and Deployment Utility has UI improvements. Print Scout now automatically retrieves local printers and supports Policy Print. Various software components have been updated in this release.
This release represents the latest version of Beacon and Sentry Print. This update includes several important new features including:
Web Console: Single Sign-on (SSO) Support (Full Release)
Universal Print Integration (Full Release)
Guest Printing (Full Release)
Policy Print (Preview)
MFP New Features and Improvements
Sentry Print for Canon, Toshiba*, and Lexmark FW3 and FW4 devices
Authenticate to Home (Canon, HP, KM, Lexmark, Ricoh, Toshiba*)
Logout on the second card swipe (Canon, Konica Minolta, Lexmark, Ricoh, Toshiba*, Xerox)
OpenID/Passcode Authentication Support (Canon, HP, KM, Lexmark, Toshiba*, and Xerox)
Print Scout Improvements and New Features
*Toshiba available soon, pending certification
Beacon Web Console: SSO Support
The Single Sign-On (SSO) Support on the Beacon Web Console that was introduced in August 2021 (in preview mode) is now being made officially available.
Beacon adds Single Sign-on (SSO) support for logging into the Beacon Web Console. With SSO, system users can log in to Beacon using their credentials from an identity provider (IdP). When a system user logs into the Beacon web console for the first time, they are redirected to the identity provider’s login page. System users enter their credentials from their identity provider and once successfully authenticated with the IDP they are then redirected back to Beacon and logged on with their account.
Beacon supports the following authentication protocols:
Security Assertion Markup Language (SAML)
OpenID Connect
Key Benefits of SSO
Integrates with well-known identity providers. Beacon supports any SAML-based and OpenID Connect identity providers like Google, Office 365, AppleConnect, Auth0, and so on.
Improves user experience. Users can log in using their existing company credentials. Users do not have to remember another set of credentials.
Helps lower IT costs. Eliminates the responsibility of storing and managing user credentials.
Basic Workflow
Before you start configuring SSO, you’ll need to understand what the general workflow looks like.
The Beacon Operations team provisions a customer for your organization, creates a system user, and invites user.
The system user (created by the Operations team) logs into the Beacon web console using the credentials set by the Operations team.
The system user navigates to the Single Sign-on Configuration tab and configures SSO.
The system user creates an external user in the System User tab. The external user is created by adding the user’s email address as well as other required fields (e.g. Name, Role Name).
The system user sends an email invite to the external user.
External User logs in to the Beacon web console
The Invited external user receives an email and clicks the link in the email. Clicking the link opens the login page.
The external user enters their primary email address and clicks Login. This entered email must match the email address that the system user has added to HP Insights.
The external user is redirected to the Identity Provider’s login page and prompted to authenticate by providing their identity provider’s credentials (typically username and password).
Once the user has authenticated with their IdP, the user is redirected back to the Beacon web console and logged on with their account.
Changes to the Beacon Web Console for SSO
This section details the changes to the Beacon web console to support Single Sign-on.
New Single Sign-on Configuration Tab
To support SSO, a new Single Sign-on Configuration subtab has been added to the Profile tab of the Beacon web console. This tab is used to enable and configure SSO.
There are three options in the Provider Types:
None – This is the default option. When selected, Beacon users use their internal user accounts to log into the Beacon web console.
OpenID Connect – When selected and configured, Beacon uses OpenID Connect (Google, Office 365) to authenticate users.
SAML – When selected and configured, Beacon uses SAML based Identity provider (e.g. Auth0, AppleConnect, Okta, ADFS, Ping) to authenticate users.
Internal and External Users
There are now two types of users in Beacon: internal and external.
Internal users – Any user created when the Identity Provider is set to None is an internal user. Internal users log in to the Beacon web console using their username and password in Beacon. Both user authentication and management are handled by Beacon.
External users - Any user created when OpenID Connect of SAML is selected is an external user. The identity provider manages user authentication.
To check whether a user is an internal or external user, navigate to the Profile > System Users tab and look for the Internal User column. A value of No in this column indicates that the user is an external user.
Known Issue and Limitation
Linked users and customers with multiple accounts are not yet supported. These users will have to use built-in accounts in Beacon.
Universal Print Integration
The preview version of Universal Print Integration was introduced in the August 2021 release.
Universal Print is a Microsoft 365 cloud-based print infrastructure that simplifies office printing for IT administrators and employees. Universal Print eliminates on-premises print servers and does not require print drivers. If your organization is using Microsoft 365 in an Azure AD environment, Universal Print provides an easy way to manage printers via group policy. Beacon provides several extra capabilities on top of Universal Print:
Provides secure printing, including end-to-end encryption. Users need to authenticate at a printer to collect their documents. Only users who submitted the document can release them.
Installs a single queue that users can print to and then release anywhere.
Supports proximity cards, email authentication, and mobile app release (for HP Secure Print jobs).
Supports internet-only environments (sometimes referred to as zero-trust networks).
Identity management and federated authentication.
Support for mixed device environments. The integration supports printers from multiple manufacturers and their various device models.
How it works
The following workflow assumes that you have both HP Secure Print and Universal Print configured.
IT admin enables Universal Print integration on the web portal. Enabling integration creates a single global queue (called Secure Printer) in Universal Print and creates a printer share for this queue.
Users add the created Universal Print queue (Secure Printer) to their workstations.
Users print to the Universal print queue or the Secure Print queue from their workstations. Print jobs are sent to either Microsoft 365 storage or Beacon.
Users walk up to any printer to authenticate. pulls all the print jobs held by Universal Print and all print jobs held by Beacon. The user’s job list from both sources is presented on the device panel for print release.
Prerequisites
The organization has a Beacon account.
Users and IT administrators must have a Universal Print license.
An administrator must be assigned a Printer Administrator or a Global Administrator role in the Azure Active Directory.
Users’ workstations require Windows 10 version 1903 or later.
Configuring Universal Print Integration
The process of connecting Beacon to Universal Print is simple.
An IT admin navigates to the Secure > Universal Print tab in the web portal.
If the IT admin is not already logged in, they will be prompted to sign in with their Azure AD account.
The IT admin toggles the ON switch to enable Universal Print. Enabling the integration does the following:
Creates a global single queue called Secure Printer within Universal Print.
Shares the Secure Printer (create a printer share) for users in your organization. All users print to that single shared printer object.
Depending on your printer manufacturer or whether you want Cloud Release, an IT admin will need to either do one of the following options:
Enter a Document Proxy URL under the Document Proxy section of the Universal Print tab. This is suitable for sites with HP printers with Cloud Release.
Install a Universal Print compatible Print Scout. This is suitable for sites with non-HP printers and those with HP printers but does not want Cloud Release.
Guest Printing (Full Release)
Guest Printing allows non-employees (visitors, contractors, etc.) to print documents without requiring a user account in your directory system. The first version of Guest Printing was introduced in the March 2021 release.
In this release, Guest Printing includes the following improvements and changes.
Guest Print now supports Microsoft Office file formats (doc, docx, xls, xlxs, ppt, pptx) in addition to PDF, JPEG, BMP, PNG and TXT.
The maximum file size allowed for MS Office and PDF file formats is now 60 MB.
Changing Print Behavior with Policy Print (Evaluation)
The new Policy Print feature of Beacon encourages responsible printing by raising awareness about optimal printing choices and reduces print costs by enforcing print policies. It aims to help change user behavior by communicating proper print resource usage to employees.
Create a culture of responsible printing with Policy Print by informing employees of mindful printing habits at the point of job submission before the print job is sent to the printer. Below are some examples:
Encourage users to always print double-sided instead of single-sided.
Encourage printing in black and white, and remind users that color printing is more expensive
Discourage users from printing confidential documents.
Discourage users from printing high-volume print jobs.
Discourage users from printing on USB devices.
Policy Print Components
A policy consists of several components:
Rules: A policy can have one or more rules, each containing the following:
Condition(s) that trigger a rule (e.g. Document contains color).
Action to take when the rule is triggered. The options are Deny or Warn.
Jobs that trigger a Warn action are held until the employee chooses to accept the policy or override it.
Jobs that trigger a Deny action cannot be printed.
Prompt to display to an employee when a rule is triggered.
Groups: The group of employees that the policy will be applied to.
Priority: Defines the relative priority of a policy. Employees may belong to more than one group and may be assigned more than one policy. In this case, the policy with the higher priority is used.
User Experience
Policy Print is a transparent application that requires no additional user training. The following shows how Policy Print works.
Windows Print Scout is installed on user workstations.
Users continue to print documents to the Secure Printer as they normally would.
Documents are analyzed to see whether they comply with the policies defined in the web console.
When a document matches a rule in the Policy and the user belongs to the defined group in the policy, the user receives a pop-up notification with a suggestion or a job cancellation notice (depending on the action applied to the policy).
Warn Notification informs and educates users on sustainable and cost-effective alternatives while allowing them to continue printing their documents.
Deny Notification enforces organizational policy.
Key Features of Policy Print
Policies can be defined to match the needs and activities of different groups. For example, you can have a different policy for the Marketing Department if it has more demanding printing needs.
Policies can be set up to focus only on behaviors of interest, so users are not interrupted for each print job. For example, only notify users when print jobs contain color.
Different policies can focus on similar behaviors but apply a different outcome appropriate for the group. For example, one policy may block color printing completely, while another policy may warn about the cost of color printing but allow the print job to complete if needed.
The information displayed to users can be customized to suit your organization’s messaging.
Supported Client Workstations
Policy Print requires the Print Scout component to be installed on user workstations. The Workstation Print Scout is responsible for monitoring and applying policies. This preview version of Policy Print supports installing the Policy Print capable Print Scout on the following versions of Windows.
Microsoft Windows 10
Microsoft Windows 11
Supported Customer Configurations
Policy Print applies to Print Analytics, Sentry Print, and Direct Print and supports all three Authentication Providers: Email Authentication, OpenID, and Active Directory.
Changes to the Web Client
A new Policy subtab has been added (under the Profile tab) to the HP Insights Web Console. This is where administrators configure print policies for your organization.
The Policy subtab has the following action buttons:
Create – Use the Create button to add a policy.
Edit – Use to edit a policy.
Remove – Use to delete a policy.
Move Up and Move Down – Use to change the priority order of a policy.
Configure – Enable or disable Policy Print and other Policy Print related settings.
More Information:
Configuring Policy Print
Getting Started With Policy Print
Managing Policies
MFP New Features and Improvements
Authenticate to Device Home (Canon, HP, KM, Lexmark, Ricoh, Toshiba*)
Sentry Print support (Canon, Toshiba*, Lexmark FW3 and FW4)
Authenticate to Home Screen (Canon, HP, KM, Lexmark, Ricoh, Toshiba*)
Second Swipe Logout (Canon, KM, Lexmark and Ricoh, Toshiba*)
OpenID/Passcode Authentication Support (Canon, HP, KM, Lexmark, Xerox, Toshiba*)
*Toshiba available soon, pending certification
Sentry Print for Canon, Lexmark FW3 & FW4, Toshiba Devices
The Sentry Print application interfaces with Beacon Sentry Print to provide print release, photocopy, fax, and scan services. It provides a simplified and consistent UI and a better user experience across all supported manufacturers.
Canon, and Toshiba now support Sentry Print, joining other supported manufacturers (HP, Konica Minolta, Lexmark, and Ricoh).
Lexmark FW3 and FW4 models support adds to our existing support of the newer FW5 and FW6 models.
Authenticate to Device Home (Canon, HP, KM, Lexmark, Ricoh, Toshiba)
In the August 2021 release, we introduced the Authenticate to Device Home setting. This setting determines whether to display the Sentry Print screen or the Device Home screen on user authentication. When turned off, the Sentry Print screen is displayed to users on authentication. When turned on, the device’s home screen is displayed upon authentication.
This feature is now available for Canon and Toshiba devices in addition to KM, Lexmark, HP, and Ricoh devices.
Logout on the second card swipe (Canon, KM, Lexmark, Ricoh, Toshiba, Xerox)
In addition to our existing touchless printing workflows, users can now tap their ID proximity card/badge to log out, instead of touching the printer's user interface. It takes about 60 seconds for the printer to automatically log a user out after printing. To immediately log out of the printer session, users can now simply swipe their card again.
This feature is now available for Canon and Toshiba (in addition to Konica Minolta, Lexmark, Ricoh and Xerox), providing users with a consistent logout experience.
OpenID/Passcode Authentication Support (Canon, HP, KM, Lexmark, Toshiba, Xerox)
Passcode Authentication provides an alternative way to authenticate at printers. If an employee's ID card is lost, damaged, or unavailable, the employee can use a passcode to authenticate at a printer to release documents.
In this release, passcode authentication is now supported on Canon, Toshiba, and Xerox devices in addition to HP, Konica Minolta, and Lexmark devices. Starting from this release, passcode authentication is now supported on the following devices:
Canon
HP
Konica Minolta
Lexmark
Toshiba
Xerox
When a user registers their OpenID Connect credentials in the Print Scout Setup Guide, the employee is assigned a system-generated passcode based on the configuration chosen by the IT administrator. This passcode is sent to the employee via email in case it's forgotten.
Discovery and Deployment Utility (DDU) User Interface Improvements
Modified the DDU to include the environment and customer name so admins can determine the environment being managed by the DDU.
Converted the Network Settings link in the DDU UI to a Network Settings button.
Renamed the "Launch Web Portal" button to "Secure Printers".
New Discovery and Deployment Utility (DDU) UI
The DDU now checks for an updated version at launch time to see if a newer version is available for download. This ensures that sites can take advantage of improvements and fixes on the new version.
Print Scout Improvements
Direct Print "Search" retrieves local printers automatically
When adding a direct printer, devices are now automatically retrieved within the user's workstation IP subnet (if there are any). For example, if the workstation's IP/subnet puts it in the 10.1.1.0/24 subnet, then any Direct Printer with a 10.1.1.x address would appear in the first list. The Direct Print search returns the first 50 devices. If there are more than 50 devices, you'll see an ellipsis (three dots). Hovering over this shows "Refine your search to see more printers" and shows more printers.
Print Scout includes Policy Print updates
Policy Print requires the Print Scout component to be installed on user workstations The Workstation Print Scout is responsible for monitoring and applying policies. The Print Scout in this version has been updated to support Policy Print.
Component Release Versions
This release includes the following software components and release versions.
Software Component | Release Version | Build Date |
Web Client Software | 15.11.6 | November 2021 |
Device Scout | Not Updated (1.22.1.100) | August 2021 |
Print Scout (Windows) | 7.26.19.100 | November 2021 |
Print Scout (Mac) | 2.19.10.100 | November 2021 |
Print Scout (Linux) | Not Updated (1.20.0) | May 2021 |
Secure Print Site Service – Local Connector | 3.72.31 | November 2021 |
Secure Print Site Service – Cloud Connector | 3.72.20 | November 2021 |
Device Discovery and Deployment Utility (DDU) | 1.7.20 | December 2021 |
Chrome extension | Not Updated (4.4.0) | May 2021 |