MFP should authenticate via AD or Entra, not a local list
Authentication against Active Directory (LDAP) or Entra ID (OAuth2 / SAML) automates staff onboarding/offboarding. No more lost badges after someone leaves, no forgotten users on the MFP.
Try this first
- 1For on-prem AD: create a service account with read-only LDAP rights. Don't use domain admin.
- 2Configure LDAP on the MFP: server, baseDN (e.g. DC=company,DC=local), bind DN of the service account, and which attribute identifies users (usually sAMAccountName).
- 3For Entra ID: pick an MFP that supports SAML or OAuth2 (HP, Canon, Ricoh, Konica Minolta, Xerox on recent firmware). Activate an Enterprise Application in Entra for the MFP vendor and assign users.
- 4Tie badges to AD/Entra accounts. First badge scan on the MFP asks for username + password, then the badge is linked.
- 5Test what happens with a blocked account. Expected: no access to scan, copy, or secure print. Otherwise you have a leak at offboarding.
When to bring us in
AD or Entra linkage across an MFP fleet is a small project: about a day for most SMB fleets. We do it including offboarding-flow validation.
See also
- Printer suddenly not foundFor everyone at once: print server or network. For one person: local Windows driver or expired authorisation.
- Print job stuck in queue, nothing happensA stuck queue blocks all subsequent prints. Cleaning takes two minutes.
- Scanner no longer sends emails (scan-to-email)Almost always: the account the scanner uses had its password expire, or the mail provider blocks old protocols.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.