Version 4 of the HP Authentication Suite of applications has been released,Including Microsoft Universal Print Anywhere!
Search V4 Release update
TABLE OF CONTENTS
- (A) We do not Support the use of 3rd party MFA/Sign-in methods like Okta, PingID, Cisco Duo etc..
- (B) End User sign-in wants a passwords- Why?
- (C) Test users not having a valid Office 365 license
- (D) Using NFC/Smart Cards Issues
- (E) Azure Common Issues
- (F) Print Fleet Installers
- (G) Universal Print common issues
- (H) Other Admin Issues
- (I) How to get help
(A) We do not Support the use of 3rd party MFA/Sign-in methods like Okta, PingID, Cisco Duo etc..
We currently support only Microsoft login and the Microsoft Authenticator mobile app configured for Passwordless Sign‑in.
If a customer is not willing or able to transition to Microsoft authentication, they may not be able to proceed with the deployment. That said, if the opportunity is strategically valuable or has significant potential, we can evaluate the possibility of adding additional sign‑in methods in the future.
(B) End User sign-in wants a passwords- Why?
This is one of the most common issues we encounter: users are not correctly configured to register and begin using the HP Authentication Suite applications.
Many customers misunderstand the concept behind Microsoft Passwordless Sign‑in, particularly when it relies on web browser–based authentication. While they may already use Windows Hello on their PC—which provides passwordless sign‑in through FIDO2—the HP solution uses the printer’s embedded web browser for user authentication.
Because of this, additional configuration is required in both Azure AD and on the user’s mobile device to ensure successful passwordless registration and login.
To avoid setup issues, you will need to engage your Azure Security Specialist to ensure all required policies and configurations are correctly implemented
Here is a Quick Checklist for your Users and IT.
- Must have Installed Microsoft Authenticator Mobile Application.
- Must setup Microsoft Authenticator Mobile app in Passwordless Mode
- Must Test on PC Browser to ensure Passwordless mode is working
To verify that your Microsoft account is enabled for passwordless authentication, perform the following quick test using any computer’s web browser:
- Open a browser and go to https://office.com.
- Enter your Microsoft username only.
What should I see if passwordless sign‑in is enabled:
- You will be prompted to use the Microsoft Authenticator app.
- or you should see an option such as “Use the app instead.”
- and you are not asked for a password.
If you are asked to enter a password, or if there is no option to use the app, then one of the following is true:
- Your IT department has not yet enabled Microsoft Passwordless Authentication for your account, and/or
- Your Microsoft Authenticator app has not been configured to allow Passwordless sign‑in.
? Please ensure these issues are resolved before continuing with the setup process.
Here is a Video on how the Sign-in should look like once the user has registered both Microsoft and HP Secure Authentication Mobile applications correctly.. Sign-in with QR Code , Please always refer to User Manuals and any setup guides
(C) Test users not having a valid Office 365 license
That includes Universal Print such as Microsoft 365 E3, E5, or an equivalent plan.
Without the correct licensing, you cannot reliably verify whether your Azure tenant has any Conditional Access, Firewall, or network‑related issues that may be blocking access to key Microsoft services, including:
- Microsoft OneDrive
- SharePoint Online
- Microsoft Teams
- Mail flow (Exchange Online)
- Universal Print
Ensuring test users have the proper licenses is essential for accurate troubleshooting and validation.
(D) Using NFC/Smart Cards Issues
For Customers that do not want to use QRcode to Sign-in but have Card Readers and are using NFC/Smartcard's
- You are still required to use Microsoft Authenticator mobile app in Passwordless Mode to Register your card and perform MFA Sign-ins at the printers Console.
- All Card Readers need to be configured correctly to support HP Authentication Suite and users must have compliant Cards. See the following Article HP Authentication Manager Supported NFC & BLE Readers
(E) Azure Common Issues
AI01 - Please check network connections and base URL values.
AI02 - Invalid credentials or server error.
AI03 - Please check time and date settings.
AI04 - Server error - failed to obtain token.
AI05 - Server error - failed to obtain config.
AI06 - Graph Org Check failed: HTTP 401
- Firewall rules may be Blocking Access, they need to check logs etc..
- Conditional Access rule(s) can be preventing access, they need to Check Sign-in Logs and resolve
- See the following Link Error Codes
(F) Print Fleet Installers
Ensure printers have been Setup correctly prior to Deployment,
Date and Time + Time Zones
Sleep Mode Set to 300
Language
Printer has been claimed and no Errors in HP Command Centre
Printers have been Automatically Synchronised in HPCC and up to Date, or at least no greater than 2 Days Out of Sync.
Firmware 5.8.x > 5.9.0.2 are only certified to work
Printers are Workpath Capable and Enabled (DIMM) may be required on some Models.
No Other Sign-in Applications installed
Read the Following Articles - What's New? , Known issues - Limitation's
If other solutions have been installed and can be removed then format Printer and start Fresh
(G) Universal Print common issues
HPCC Universal Print Auto Registration account fails to register printers. This is quite common and it fails for the following reasons.
1.The account does not have a Universal Print Licence
2. The account has not been assigned Azure Print Admin Role.
3 The account has MFA Enabled
How?
On the printer console, sign in using the printer’s local administrator account, launch Universal Print, and manually register the _Pull, _Direct, and/or _Secure queues.
If the account provided by the customer requires only a username and password (with no MFA) and is able to complete the registration process without errors, then it is suitable for use in HPCC to automatically register the entire fleet.
For more details, refer to the relevant User Manuals and configuration guides
Don't forget, the customer can then Disable the Account used to deploy Universal Registered printers and even change the password or both if they believe its a Security Risk, just remember you will need the account again if you need to make large scale changes to the Fleet, else you can adjust printers Universal Print services from the Console manually.
(H) Other Admin Issues
- The Azure administrator does not have a Universal Print Licence so they cannot Share and map Printers.
This is quite common, as Global Admins etc do not automatically have a Universal Print Licences, they need to purchase one else they cannot finalise the Universal Print assignments. - Unable to Install Signal and or Log Analytics do to insufficient Privileges, this is common if the user does not have Azure owner rights etc. See the following article What Permissions / Roles Are Required to Install HP Authentication Manager Azure Services?
(I) How to get help
1.Review our Technical Support Website -it is full of tips, helpful guides etc.. https://help.hpauthsuite.com
2. Create a Ticket via the portal and or via email help@hpauthsuite.com
3. Please always send us App Logs using EWS - How to produce log diagnostic reports
4. You can also request a Teams/Zoom meeting with our Technical Team, just be sure all the appropriate stakeholders are present, Like the Azure IT Team, Business / Project Manager / End user and Printer Fleet installer etc..
FAQ
Whats going wrong
Why am I entering a Password
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article