- Distribution of the print profile to the device: Administrator of EMM manually creates and assigns the profile to the device/s. Currently this step is required to be made manually.
The workflow can be read here: Print Profile Distribution Workflow - User sends the print job by chosing his assigned printer after clicking ‘AirPrint’.
User/Printer configuration in ‘rules’ of the Proxy file: Proxy Server Configuration - Authorization verification is done by the Print Proxy
The workflow can be read here: Print Proxy - The print job is redirected to internal Print Servers
The workflow can be read here: Print Server Workflow
Print Profile Distribution Workflow
When the print profile is deployed to a device, a unique device identification is transferred with each print request. Print Proxy uses this identifier in combination with the EMM to identify the device, user, and membership within groups given access to print functionality.
The EMM replaces any device specific fields at the time of profile deployment. The device specific fields may vary based on the EMM system used. EBF Print expects this in the ResourcePath when receiving the print job.
EMM system | Device fields (variable) |
MobileIron | $DEVICE_UUID$ |
MS Intune | {{deviceid}} |
Workspace ONE | {{DeviceUid}} |
On the iOS device, this AirPrint printer is only visible if the user has permission to print in the corresponding EMM, and is double-checked by the Print Proxy as requests are issued.
Here is an example of an AirPrint print profile within your EMM:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>AirPrint</key> <array> <dict> <key>ForceTLS</key> <true/> <key>IPAddress</key> <string>ebf-print.company.com</string> <key>Port</key> <integer>8443</integer> <key>ResourcePath</key> <string>/ipp/print/$DEVICE_UUID$</string> </dict> </array> <key>PayloadDescription</key> <string>Configures AirPrint settings</string> <key>PayloadDisplayName</key> <string>AirPrint</string> <key>PayloadIdentifier</key> <string>com.apple.airprint.527389BF-56C7-4C95-9E46-032BEFDC9073</string> <key>PayloadType</key> <string>com.apple.airprint</string> <key>PayloadUUID</key> <string>527389BF-56C7-4C95-9E46-032BEFDC9073</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDisplayName</key> <string>AirPrint QA</string> <key>PayloadIdentifier</key> <string>AirPrint QA</string> <key>PayloadRemovalDisallowed</key> <false/> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>F8B38797-2C61-49EB-853A-CDD5C7CA770F</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>
The picture below shows, how a profile needs to be created and look like in Workspace ONE environment.
Print Proxy
The job of the Print Proxy is to receive print requests from iOS devices and verify whether the device and/or user is authorized to print. When permission is granted the requests are forwarded to the appropriate Print Server.
The Print Proxy Admin UI provides an interface where an administrator can create print profiles and transfer them to the connected EMM system. The print profile is assigned to the corresponding users or groups in the EMM system. Authorization is carried out through these devices‘ and users‘ membership within EMM groups, and those groups being potentially associated with a backing LDAP/Active Directory.
Print Proxy Admin Portal Functions (for MobileIron use only)
The Print Proxy provides an admin interface in which an administrator can easily create print profiles for the corresponding EMM system. The print profile is assigned to users or groups by the administrator in the EMM. To create a profile, a name, the address (IP or URL) of the Print Proxy server and the network port are required. A profile is assigned to multiple users through groups.
Print Server Workflow
The Print Server receives print requests from the Print Proxy and is responsible for forwarding them to the respective enterprise printing systems.
Before the requests are forwarded, the print settings and user data are converted:
The iOS end device transfers settings via IPP protocol, the Print Server then generates settings in Print Job Language (PJL) format („@PJL JOB NAME“, „@PJL SET USERNAME“, …) and merges them into the data stream.
EBF Print comes with two generic printer drivers which support the printer languages PCL6 (default-pcl.ppd) and PostScript (default.ppd).
Meta-data is also included in LPD protocol when the print data is transferred to the Enterprise Print Server. When using LPD protocol, additional authentication is not required.