Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for



            Our New Version 3 of the HP Authentication Suite of applications has been released.

            Search V3 Release update

            HP Authentication Suite V3 release update

            Modified on Tue, 1 Apr at 7:30 AM


            HP Authentication Suite Version 3 has just been released, which includes several new features, critical bug fixes, and enhancements to overall system usability and performance. To help you and your customers prepare for this release, we have outlined key technical considerations and changes you should be aware of.


            Universal Print – Pull-Print Mode

            We have expanded our Universal Print capabilities with a third release mode: Pull-Print (No-MFA). This addition complements the existing Secure Print and Direct Print modes, providing greater flexibility to match diverse workflow requirements—all from a single device.

            Each printer registered with Microsoft Universal Print can now support any combination of the three modes—SecureDirect, and Pull (No-MFA)—configured per device to meet user or departmental needs. This enhancement ensures broader compatibility and more streamlined deployment options across varied environments.



            The Printing Options Explained

            Secure-Print (MFA)

            Provides secure, interactive print release at the device via multi-factor authentication (MFA).

            When printing to the Universal Print Shared "Secure" Queue, users can authenticate at the HP MFP using the HP Authentication Suite app, available directly from the device panel. Supported authentication methods include QR codeProximity Card, or Virtual Badge, in conjunction with Microsoft Authenticator MFA (OTP) on the user’s mobile device.

            Once authenticated, users can access a list of their pending print jobs to review, select, and release as needed. The interface also allows for job-specific output adjustments such as number of copies, duplex settings, colour vs. monochrome, and tray selection—providing both security and flexibility at the point of release.



            Direct-Print (No-MFA)

            Enables immediate, non-interactive print job output with no user authentication.

            Users assigned to the Universal Print Shared "Direct" Queue can send print jobs directly from their desktop, with the output immediately routed to the device’s tray. No authentication or user interaction is required at the printer.

            This mode is ideal for scenarios where real-time output is essential and the security risk of unattended print jobs is minimal—such as automated printing workflows for invoices, receipts, picking slips, or in warehouse environments where M365 Entra ID sign-in provides no additional value or adds unnecessary friction.


            Direct-Print with PIN-Protected Release (No-MFA)

            Adds an optional security layer to Direct-Print using HP Job Storage and PIN-based release, without requiring user sign-in.

            Users can define a PIN code in the Windows printer driver before sending a job to the Direct Queue. The job is stored securely in the device’s local print storage. At the device console, the user can select and release the stored job by entering the pre-set PIN.

            This option provides a lightweight access control mechanism, enabling controlled job release without MFA, while reducing the risk of sensitive documents being retrieved by unauthorized individuals. It is especially useful in delegated printing scenarios or where a balance of speed and security is required.




            Pull-Print (No-MFA)

            Provides badge-based, tap-and-go print release without requiring MFA.

            With the new Universal Print "Pull" Queue, users can submit print jobs from their desktop and retrieve them later by simply tapping their physical proximity badge or using a virtual badge via QR code or BLE mobile app. Upon badge authentication, the system automatically releases all queued jobs, signs the user out, and the output is printed immediately streamlining the walk-up experience with minimal user interaction.

            For users who need extended access to additional workflows, such as Mailflow, OneDrive, SharePoint, or Teams, Pull-Print also supports optional session persistence. This allows the user to remain signed in post-print to perform tasks like attaching scanned documents to an Outlook email or uploading files to a Teams channel.

            Additionally, the auto-release behavior is configurable. Users can disable automatic printing on badge tap, instead receiving a prompt to confirm whether they wish to release all pending Pull-Print jobs—enabling more controlled and context-sensitive document handling.






            Did You Know?

            With HP Command Centre, you can fully automate the deployment and registration of client printers into Microsoft Universal Print. This includes assigning specific printers to handle Secure-PrintDirect-Print, and Pull-Print workflows—or any combination thereof—all from a centralized interface.

            Exclusive to HP Authentication Suite, each HP printer can be registered up to three times in Azure Universal Print, allowing a single device to independently service Secure-, Direct-, and Pull-Print queues based on the required productivity, security, and user experience needs—without needing to manually register via the device console or Embedded Web Server (EWS).

            Additionally, Microsoft Universal Print "Anywhere" QR code release is now in Public Preview and is fully supported by HP’s Direct-Print Universal Print workflow. This enables true Follow-Me printing, where users can release jobs from any printer simply by scanning a QR code—perfect for dynamic or hybrid environments.

            Note: HP printer firmware 5.8.1 or later now supports native Universal Print registration via EWS but is limited to single registration and supports Direct-Print only (no tap-and-go or secure interactive release). However, these devices can still support Microsoft Print Anywhere, provided the QR code label is printed and users release jobs using the Microsoft 365 Mobile App.

            Want to see it in action or include it in a client Proof of Concept? Get in touch—we would be happy to assist.



            New: HP Authentication Manager – Flexible Sign-In Options

            HP Authentication Manager now gives administrators granular control over authentication policies at the device level, enabling a balance between security requirements and user convenience.

            During deployment via HP Command Centre, IT teams can configure each printer to support different sign-in flows—ranging from Microsoft Entra ID with MFA/2FA to No-MFA, depending on the operational context and risk profile.

            Supported authentication methods include:

            • Physical Proximity Badges
            • Virtual/BLE Badges
            • FIDO2 Security Keys
            • Biometric Smart Cards
            • Readerless QR Code Sign-In
            • PIN-Based Job Release
            • Zero-Interaction Direct Output


            What does this mean in practice?

            Traditionally, accessing console applications (e.g., Mailflow, OneDrive, Teams, SharePoint) requires passwordless sign-in using Microsoft Authenticator with MFA push notifications. However, not every environment—or user—is suited for this model.

            For example, customers who rely on badge-based access and do not wish to enforce mobile-based MFA can now enable Tap-and-Go sign-in without Microsoft challenges, allowing seamless, passwordless entry into the device console.

            This flexibility is especially useful in shared device environments, secure facilities without mobile device access, or where a low-friction sign-in experience is preferred.

            Best of all, this behaviour is configurable per device and can be centrally managed during rollout using HP Command Centre-eliminating the need for manual setup at the device level.



            ⚠️ Important Security Notice – Disabling MFA ⚠️ 

            If you disable MFA/2FA and enable badge-only sign-in (physical or virtual), be aware that this introduces a potential impersonation risk.

            In this configuration, possession of a user's access card is sufficient to authenticate at the device—no additional identity verification is performed. An individual using another person’s card could gain full access to sensitive resources via the device, including:

            • OneDrive files
            • Corporate SharePoint libraries
            • Teams channels
            • Email via Outlook

            This is equivalent to using someone else's access badge to enter a secure building, floor, or room—a clear security vulnerability.

            We strongly advise that MFA remain enabled for environments requiring access to corporate data and cloud resources. Disabling MFA should only be considered in tightly controlled scenarios and must be supported by a formal customer policy and risk acknowledgment.



            Securing No-MFA Workflows with Biometric Smart Cards

            Looking to maintain a No-MFA sign-in experience without compromising security? We have a solution that delivers “convenience without compromise.”

            Customers can replace traditional ID badges or proximity cards with our new Cypher Card Biometric Smart Cards, which feature an integrated fingerprint reader directly on the card. Authentication is only successful when the authorized user’s fingerprint is verified—ensuring that only the cardholder can initiate sign-in, even without MFA.

            These advanced smart cards support multiple protocols, including FIDO2HID, and MIFARE, making them compatible with existing building access systemsWindows PC authentication via Passkeys, and now HP Authentication Manager.

            This approach allows customers to maintain Tap-and-Go convenience while significantly reducing the risk of credential misuse, particularly in environments where mobile MFA or device-based authentication is impractical.




            No Card Reader? No Problem.

            For environments where physical card readers are not available, users can leverage the HP Secure Authentication Mobile App, which functions as a virtual badge.

            The app enables users to authenticate by either:

            • Scanning the QR code generated by HP Authentication Manager on the device console, or
            • Using Bluetooth Low Energy (BLE) with BLE-certified readers for seamless tap-to-authenticate experiences.

            The latest version of the HP Secure Authentication app includes biometric app unlock, requiring users to authenticate using device-native biometrics (face recognition or fingerprint), or a device PIN, before the app can initiate a QR scan or BLE transmission.

            This ensures that even in No-MFA environments, users must pass a local device-level authentication before initiating access—adding a critical layer of security without sacrificing user convenience.



            Additional Fixes and Enhancements in Version 3

            HP Authentication Suite v3 includes a series of critical updates aimed at improving reliability, security, and compatibility:

            • Azure Registration Model Update: We have transitioned from using Application-level API permissions to User/Delegated permissions for Azure registration of HP Authentication Manager. This change resolves prior issues related to access, browsing, and visibility for SharePoint and OneDrive, ensuring smoother integration with Microsoft 365 services.
            • Reduced API Surface Area: We have minimized the set of required Microsoft Graph API permissions, enhancing the security posture by limiting unnecessary access scope.
            • Universal Print Auto-Registration Fixes: Improved the automated registration process of Universal Print devices via HP Command Centre, increasing consistency and reliability across deployments.
            • Direct-Print Service Stability: Resolved stability issues affecting Direct-Print workflows at the device level, ensuring smoother job handling and output.
            • PIN-Protected Direct-Print: PIN authentication for Direct-Print jobs has been corrected—users can now reliably define and use PIN codes for secure job release without full sign-in.

            These updates further strengthen HP Authentication Suite's role as a secure, flexible, and enterprise-ready solution for Microsoft Universal Print environments.


             

            What’s Next? Prepare for HP Authentication Suite Version 3

            As we approach the release of HP Authentication Suite v3, we recommend that partners and administrators begin preparing their environments and customers for the upcoming update.

            A key requirement prior to deploying the new application suite is to update the Azure App Registration permissions associated with the HP Authentication Manager. This update is mandatory before rolling out the v3 suite to all HP devices—all components must be upgraded from v2.x to v3.x to ensure full compatibility and feature availability.

            Pre-Deployment Configuration – Azure API Permissions

            Customers can apply the necessary Microsoft Graph API Delegated Permissions in advance to streamline deployment. These permissions cover the HP Authentication Suite apps, excluding Universal Print, which does not require any changes to its API permissions.

            Required Delegated API Permissions (8 total):

            • Microsoft Graph > Delegated > openid
            • Microsoft Graph > Delegated > offline_access
            • Microsoft Graph > Delegated > People.Read
            • Microsoft Graph > Delegated > Directory.Read.All
            • Microsoft Graph > Delegated > Sites.ReadWrite.All
            • Microsoft Graph > Delegated > Mail.ReadWrite
            • Microsoft Graph > Delegated > Mail.Send
            • Microsoft Graph > Delegated > ChannelMessage.Send

            Applying these permissions ensures seamless integration across supported workflows in Mailflow, OneDrive, SharePoint, Outlook, and Teams.


            *For detailed guidance or assistance with pre-deployment steps, please reach out to our support team.

             

            A screenshot of a computer AI-generated content may be incorrect.


            Once the customer has applied the updated API permissions to their Azure tenant, you will be able to deploy HP Authentication Suite v3 directly via HP Command Centre.

            Importantly, applying these new delegated permissions will not impact the currently deployed v2.x applications—it is safe to make these changes in advance of the upgrade.

            We also recommend using this opportunity to engage your customers in discussions about the new features, particularly the enhanced Universal Print options, and the flexible No-MFA sign-in configurations. These updates allow customers to tailor their environment to balance security, usability, and productivity.

            When HP Authentication Suite v3 is officially released to the Command Centre Store, you will have access to the complete set of updated documentation, including:

            • Installation Guides
            • Configuration Manuals
            • Full Release Notes


            * If you require assistance with planning, technical validation, or customer enablement, please do not hesitate to contact our support or solutions team.



            What is on the Horizon?

            As we look ahead to the end of the year, several significant enhancements are expected that will further extend the capability and flexibility of the HP Authentication Suite and its integration with Microsoft Universal Print and Azure services.

            Universal Print “Anywhere” – Follow-Me Print for 3rd Party Developers

            Microsoft is expected to make Universal Print “Anywhere” functionality available to third-party developers—including HP Authentication Suite—before year-end.

            What does this mean?
            Once in Public Preview, this capability will allow users to submit jobs to a centralized Secure or Pull Universal Print Queue and retrieve them from any Universal Print-enabled printer, regardless of location. No need to pre-select a specific shared queue.

            Effectively, this introduces true Follow-Me Print support for third-party platforms. Our current Universal Print v3 implementation is fully compatible and ready to support this functionality upon Microsoft’s general preview release.

            If you have an urgent use case or a qualified Proof of Concept opportunity, we may be able to assist in securing access to a Private Preview (via NDA) with Microsoft—provided your customer meets the eligibility criteria.

            Full Azure Integration – Customer-Owned Identity Storage

            Also planned before year-end is the option to store user card IDs, profile data, and registration information directly within the customer’s own Azure Tenant.

            This will eliminate the need for our Microsoft API services to store or manage user data, providing customers with full ownership and control of identity information inside their own Azure infrastructure, aligned with enterprise compliance and data sovereignty requirements.

            Enhanced Per-Device Usage Reporting

            We are introducing per-device user access reporting to provide visibility across printing, scanning, faxing, and copying activity—whether initiated from HP Authentication Suite apps or native printer functions.

            Key reporting capabilities will include:

            • Print job metadata (user, page count, colour vs mono, duplex, paper size)
            • Document destinations (OneDrive, SharePoint, etc.)
            • Consumables usage (toner, paper)

            These insights will support compliance, auditing, cost recovery, and operational efficiency use cases.



            Thank you for your continued support and enthusiasm for the HP Authentication Suite—a solution uniquely designed for HP’s secure MFPs and built to leverage the full power of the Microsoft cloud ecosystem. Together, we are delivering the future of Smart Document Exchange.

            * For more information or to discuss any of the upcoming features, contact us at: Help@hpauthsuite.com.

             

             

             


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0