It is possible for the user to modify several client settings using configuration dialog:

  • Server address or host name – address or host name of the SAFEQ Cloud server or gateway to which the client will connect. If PC client is running in local storage mode this option can only be changed via Service setup button.
  • Account domain name – domain name of the customer account configured on SAFEQ Cloud server. If not specified it will be inferred from the gateway address setting. If PC client is running in local storage mode this option can only be changed via Service setup button.
  • Test – the user is informed about the connection (SAFEQ Cloud gateway address and the account domain name should be accessible in order for the connection to be successful)
  • Authentication type – currently following authentication types are supported:
    • Session user – username from the current OS session is used for authentication and job sending (default)
    • Session user + domain – username@ad-domain from the current OS session is used for authentication and job sending. This matches server setting ‘strict domain validation’.
    • Session user principal nameUPN is used for authentication and job sending (whatever UPN configured in user profile, it can be the same as username@ad-domain for simple AD setups).
    • Manual login to HCP server – The user will be prompted to enter user name and password which will be validated in the SAFEQ Cloud server.
    • Microsoft Azure login (deprecated) – Online authentication is performed against Microsoft Azure using OAuth2 workflow. This option is deprecated in favor of “OpenID Connect login”.
    • OpenID Connect login – Perform online authentication against OIDC-compliant identity provider by opening a browser window with OAuth2 workflow. This authentication type supports MFA and requires SAFEQ Cloud server to have at least one authentication provider defined with the type Client. If a single client-based authentication provider is defined for a given account the user will be redirected to that identity platform. If multiple client-based authentication providers are defined a generic OpenID connect window will be shown prompting the user to enter his or her username. Based on the domain part of the user name the browser will be redirected to the matching identity platform. The following identity platforms are currently supported: Microsoft Azure, Google GSuite, Ping Identity.
  • PC client startup login prompt – currently following options are supported after the user restarts the windows machine:
    • Don’t show – no notification will be shown by the SAFEQ Cloud client
    • Informational popup – the user is asked to login into SAFEQ Cloud client, “Please login to synchronize printers”
    • Login dialog – the login to print popup appears on the screen, the user being asked to introduce his credentials in order to login into SAFEQ Cloud client
  • Automatic refresh period – how often to perform automatic synchronization of the printers, in minutes. When set to 0 automatic refresh will be completely disabled.
  • Enable direct offline printing – this option only applies when PC client is running in local storage mode. If connection to a primary server is broken and PC client operates in offline mode this option will create direct push print queues for any printers which were used recently by the user. This allows to temporarily switch from pull printing to push printing in case of the connectivity issues. Direct offline printing will be activated after 10 minutes of being in offline mode. When the connection is restored the direct push queues will be deleted. The existing push queues (acquired from the HCP Server) will be preserved.
  • Service setup – Perform PC client service configuration which requires administrator privileges. This includes: changing between local job storage mode and gateway mode and changing SAFEQ Cloud server address and domain name in local job storage mode. When pressing this button the user will be prompted with an elevation request.

Options are taken from the system-wide configuration provided during installation. When modified they are stored per user, so it is possible to have multiple user accounts on one PC with different settings.

Note on OKTA and Azure AD authentication when using the SAFEQ Cloud PC Client

For both OKTA and Azure AD authentication providers the supported authentication types are currently “Session + domain name”, “User Principal Name” or “Custom login”.
When custom login is used the user name must be a fully qualified name with “@domain” part which should match the “Domain name” setting in the authentication provider.

Note on client-based authentication with MFA

It is possible to use MFA-enabled authentication against OpenID Connect-compliant identity providers. When this type of authentication is chosen in the configuration a browser window will be opened which will allow to perform online authentication. When authentication is successful the user ID token will be sent to SAFEQ Cloud server. SAFEQ Cloud server should have at least one authentication provider configured with the type Client. The user will be registered then on the server side with an expiration time set according to the token expiration policy configured in the authentication provider.
PC client will attempt to refresh the token periodically and notify the server. When the refresh token expires the user will be logged out. A typical refresh token expiration time is 3 months and usually can be customized in the identity provider settings.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment