Identity Management

Overview

YSoft SafeQ 6 has its own identity database in order to provide authentication, authorization and accounting features. The data can be populated from different sources - manually via web interface, automatically replicated from LDAP or imported using a CSV file format from a third-party system. Each user must have a unique record in YSoft SafeQ 6; data are stored in the main database (Management server).

Each user record includes the following information:

Attribute

Status

Note

Unique username(s)

Mandatory

At least one username or alias must be defined in order to identify the print job owner. Case sensitive.

Alias

Optional

At least one username or alias must be defined in order to identify the print job owner. Case sensitive.

First and last name

Mandatory


Password

Optional

NOTE: The password is NOT synchronized from LDAP sources to the YSoft SafeQ 6 database.

Unique user ID

Mandatory

Mandatory only for LDAP replication.

Card number(s), PIN code(s)

Optional


Email address

Optional


Home directory

Optional

Mandatory for use with Scan to home folder feature.

Department number

Mandatory


Default billing code

Optional


User role(s)

Optional

LDAP (scheduled replication) as a record attribute.
Active Directory (scheduled replication) as an LDAP group.

Adding Identities (users) to YSoft SafeQ 6

YSoft SafeQ 6 offers multiple ways of adding identities (users). Information is stored in the main YSoft SafeQ 6 database (table "users"). Tools that can be used for adding identity (user) information are: YSoft SafeQ management interface, LDAP User Replicator, CSV File User Replicator, CSV import and (customization required) third-party systems.

Add Users with Web Administration

One of the most common methods for adding users is via the YSoft SafeQ 6 management interface administration. Since all users are created manually, this process can be lengthy depending on the amount of users.

The administrator can add, edit or remove users from the internal database (see Managing Users).

Import Users with LDAP User Replicator

The LDAP User Replicator downloads users and their attributes from an LDAP server. When using the LDAP User Replicator, all user attributes are automatically replicated into the YSoft SafeQ 6 database. The only exception is the password attribute, which is not replicated.

This import process is mostly used in companies with a high number of users and Active Directory identity management.


More information about the LDAP User Replicator, including configuration tips, can be found at LDAP Integration.

  • This process requires connection to an LDAP server.

  • Multiple LDAP domains and domain forests are supported.

  • The administrator can schedule either complete or differential data synchronization.

  • YSoft SafeQ 6 can verify user credentials using LDAPS authentication.

  • The connected data source must contain all information as described in the Available attributes in User Database.

  • The GUID attribute and the User ID attribute for individual user records must be unchangeable and unique across all connected domains.



Import Users via the CSV File User Replicator

The CSV File User Replicator imports users, roles, and cost centers from a specially formatted CSV file to the YSoft SafeQ 6 database. This enables use of any source of data with YSoft SafeQ 6. The only requirement is that the source must allow data export to CSV file or through custom developed scripts.

This import can be performed periodically; the operating system scheduler can be set to periodically run the CSV File User Replicator.

Integrate with Azure AD via OpenID Connect

You can set up integration with Azure AD via OpenID Connect so that the users can authenticate to YSoft SafeQ management interface with their Azure AD credentials. Furthermore, you can set up this integration in a way that user accounts in YSoft SafeQ are managed by an external Identity Provider (in this case, Azure AD). For the details and the limitations of this integration, see .Integration with external Identity Providers via OpenID Connect v6.0.65.