- Distribution of the print profile to the device: Administrator of UEM manually creates and assigns the profile to the device/s. Currently this step is required to be made manually.
The workflow can be read here: Printer creation Workflow - User sends the print job by chosing his assigned printer after clicking ‘AirPrint’.
User/Printer configuration in ‘rules’ of the Proxy file: Print Proxy Configuration - Authorization verification is done by the Print Proxy
The workflow can be read here: Print Proxy - The print job is redirected to internal Print Server
The workflow can be read here: Print Server
Printer Creation Workflow
For iOS and iPadOS, when the Airprint profile is deployed to a device, a unique device identification is transferred with each print request. Print Proxy uses this identifier in combination with the UEM to identify the device, user, and membership within groups given access to print functionality.
The UEM replaces any device specific fields at the time of profile deployment. The device specific fields may vary based on the UEM system used. EBF Print expects this in the ResourcePath when receiving the print job.
EMM system | Device fields (variable) |
MobileIron | $DEVICE_UUID$ |
MS Intune | {{deviceid}} |
Workspace ONE | {{DeviceUid}} |
On the device, this AirPrint printer is only visible if the user has permission to print in the corresponding UEM and is double-checked for compliance by the Print Proxy as requests are issued.
Here is an example of an AirPrint print profile within your UEM:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>AirPrint</key> <array> <dict> <key>ForceTLS</key> <true/> <key>IPAddress</key> <string>ebf-print.company.com</string> <key>Port</key> <integer>8443</integer> <key>ResourcePath</key> <string>/ipp/print/$DEVICE_UUID$</string> </dict> </array> <key>PayloadDescription</key> <string>Configures AirPrint settings</string> <key>PayloadDisplayName</key> <string>AirPrint</string> <key>PayloadIdentifier</key> <string>com.apple.airprint.527389BF-56C7-4C95-9E46-032BEFDC9073</string> <key>PayloadType</key> <string>com.apple.airprint</string> <key>PayloadUUID</key> <string>527389BF-56C7-4C95-9E46-032BEFDC9073</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDisplayName</key> <string>AirPrint QA</string> <key>PayloadIdentifier</key> <string>AirPrint QA</string> <key>PayloadRemovalDisallowed</key> <false/> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>F8B38797-2C61-49EB-853A-CDD5C7CA770F</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>
The picture below shows, how a profile needs to be created and look like in Workspace ONE environment.
On macOS a script is published via UEM and executed on the device that will create the connection to EBF Print and establish a new Airprint printer. Afterwards, the new printer will be showing up for the user in any application’s print dialog if the device is compliant.
Printing from macOS is currently only available for Workspace One managed devices.
Print Proxy
The job of the Print Proxy is to receive print requests from devices and verify whether the device and/or user is authorized to print. When permission is granted the requests are forwarded to the appropriate Print Server.
The Print Proxy Admin UI provides an interface where an administrator can create print profiles and transfer them to the connected UEM system. The print profile is assigned to the corresponding users or groups in the UEM system. Authorization is carried out through these devices‘ and users‘ membership within UEM groups, and those groups being potentially being associated with a backing LDAP/Active Directory.
Print Server
The Print Server receives print requests from the Print Proxy and is responsible for forwarding them to the respective enterprise printing systems. Before the requests are forwarded, the print settings and user data are converted: The iOS end device transfers settings via IPP protocol, the Print Server then generates settings in Print Job Language (PJL) format („@PJL JOB NAME“, „@PJL SET USERNAME“, …) and merges them into the data stream.
EBF Print comes with two generic printer drivers which support the printer languages PCL6 (default-pcl.ppd) and PostScript (default.ppd). Meta-data is also included in LPD protocol when the print data is transferred to the Enterprise Print Server. When using LPD protocol, additional authentication is not required.