Identity Management
Overview
Dispatcher Paragon has its own identity database in order to provide authentication, authorization and accounting features. The data can be populated from different sources - manually via web interface, automatically replicated from LDAP or imported using a CSV file format from a third-party system. Each user must have a unique record in Dispatcher Paragon; data are stored in the main database (Management server).
Each user record includes the following information:
Attribute | Status | Note |
Unique username(s) | Mandatory | At least one username or alias must be defined in order to identify the print job owner. Case sensitive. |
Alias | Optional | At least one username or alias must be defined in order to identify the print job owner. Case sensitive. |
First and last name | Mandatory | |
Password | Optional | NOTE: The password is NOT synchronized from LDAP sources to the Dispatcher Paragon database. |
Unique user ID | Mandatory | Mandatory only for LDAP replication. |
Card number(s), PIN code(s) | Optional | |
Email address | Optional | |
Home directory | Optional | Mandatory for use with Scan to home folder feature. |
Department number | Mandatory | |
Default billing code | Optional | |
User role(s) | Optional | LDAP (scheduled replication) as a record attribute. |
Adding Identities (users) to Dispatcher Paragon
Dispatcher Paragon offers multiple ways of adding identities (users). Information is stored in the main Dispatcher Paragon database (table "users"). Tools that can be used for adding identity (user) information are: Dispatcher Paragon management interface, LDAP User Replicator, CSV File User Replicator, CSV import and (customization required) third-party systems.
Add Users with Web Administration
One of the most common methods for adding users is via the Dispatcher Paragon management interface administration. Since all users are created manually, this process can be lengthy depending on the amount of users.
The administrator can add, edit or remove users from the internal database (see Managing Users).
Users created manually are not supported across all components of Dispatcher Phoenix.
Import Users with LDAP User Replicator
The LDAP User Replicator downloads users and their attributes from an LDAP server. When using the LDAP User Replicator, all user attributes are automatically replicated into the Dispatcher Paragon database. The only exception is the password attribute, which is not replicated.
This import process is mostly used in companies with a high number of users and Active Directory identity management.
This process requires connection to an LDAP server.
The administrator can schedule either complete or differential data synchronization.
Dispatcher Paragon can verify user credentials using LDAPS authentication.
The connected data source must contain all information as described in the Available attributes in User Database.
The GUID attribute and the User ID attribute for individual user records must be unchangeable and unique across all connected domains.
Import Users via the CSV File User Replicator
The CSV File User Replicator imports users, roles, and cost centers from a specially formatted CSV file to the Dispatcher Paragon database. This enables use of any source of data with Dispatcher Paragon. The only requirement is that the source must allow data export to CSV file or through custom developed scripts.
This import can be performed periodically; the operating system scheduler can be set to periodically run the CSV File User Replicator.
Users created manually are not supported across all components of Dispatcher Phoenix.
Integrate with Azure AD via OpenID Connect
You can set up integration with Azure AD via OpenID Connect so that the users can authenticate to Dispatcher Paragon management interface with their Azure AD credentials. Furthermore, you can set up this integration in a way that user accounts in Dispatcher Paragon are managed by an external Identity Provider (in this case, Azure AD). For the details and the limitations of this integration, see Integration with external Identity Providers via OpenID Connect.