Skip to main content
Create Ticket

New to Formpipe Support Portal? Register for an account

Need a password reminder?

Configure Microsoft Azure to Support Lasernet Access to Azure Storage Through App-Registration-Based Authentication - Knowledgebase / Lasernet / Lasernet General Information - Formpipe Support Portal

This Article Category Knowledgebase

Configure Microsoft Azure to Support Lasernet Access to Azure Storage Through App-Registration-Based Authentication

Authors list
  • Last updated: 20 Dec 2024 by Sunil Panchal

Lasernet 10.10 and later support access to Azure Storage through app-registration-based authentication. In these Lasernet versions, Lasernet Cloud printing configuration and Lasernet modules for Azure Storage input and output provide an Application Registration authentication option. This option is configured with Client ID and Client Secret to enable Lasernet to authenticate with Microsoft Entra ID as an application and access Azure Storage.

The implementation of this access consists of three elements which must each be appropriately configured:

  • Microsoft Entra ID: An app registration that represents Lasernet must be granted appropriate API permissions.

  • Azure Storage container: The enterprise app (corresponding to that app registration) must be assigned appropriate app roles on the Azure Storage container that you want Lasernet to connect to.

  • Lasernet: The Azure Storage modules in a Lasernet configuration, or the configuration of Lasernet Cloud printing, or both, use a client ID and client secret to authenticate with Microsoft Entra ID.

The information below describes the configuration process.

Intended Audience

This information is intended for experienced Microsoft Azure administrators, who will understand how to complete tasks such as configuring role assignments on a storage container. So, this article contains only the supporting information that an administrator needs, such as which roles to assign.

The final stage of the process is to configure Lasernet. This task is completed by a Lasernet administrator and is described in Lasernet documentation. Consequently, this page describes only the information that the Microsoft Azure administrator must pass to the Lasernet administrator to enable them to configure Lasernet.

Configuration Process

To appropriately configure Microsoft Azure, follow this process.

1. Create an app registration to represent Lasernet.

2. Grant the app registration an appropriate set of API permissions.

3. Generate a client secret for the app registration.

4. Assign the enterprise application (that corresponds to the app registration) a set of appropriate roles on the storage account.

5. Supply the necessary information to the Lasernet administrator so that they can configure Lasernet.

Each task in this process is described in more detail below.

Create an App Registration

In Microsoft Entra ID, create an app registration to represent Lasernet.

Note

Microsoft Entra ID might already contain app registrations for Lasernet that serve other purposes. Consider whether to create a new additional app registration or modify an existing one.

This article assumes that you created a new app registration for Lasernet, for the purpose of enabling it to access Azure Storage.

Grant the App Registration Appropriate API Permissions

On the app registration’s API permissions page, grant it the following permissions:

  • Azure Storage

    • user_impersonation

  • Microsoft Graph

    • FileStorageContainer.Selected

    • User.Read

API permissions.png

Generate a Client Secret for the App Registration

1. On the Certificates and secrets page, generate a client secret for the app.

2. Note the new client secret (before the Azure Portal obscures it).

generate client secret.png

Assign the Lasernet Enterprise Application the Necessary Roles on the Storage Account

1. In the Azure Portal, navigate to the storage account that Lasernet will connect to.

2. On the Access Control (IAM) page, use the Role assignments tab to grant the enterprise app (that corresponds to the new app registration) the necessary roles on the storage account. Grant the enterprise app the following roles:

  • Storage Blob Data Contributor

  • Storage Blob Data Reader

  • Storage Queue Data Contributor

  • Storage Queue Data Reader

role assignment.png

Supply Configuration Information to the Lasernet Administrator

After you have completed this process, supply information from the following Microsoft Azure areas to the Lasernet administrator so that they can configure Lasernet:

  • App registration

    • Application (client) ID

    • Client secret Value

  • Tenant

    • Tenant domain

  • Storage account

    • Storage account Name

    • Container Name

To use this information to configure Lasernet, the Lasernet administrator can follow the instructions provided in the following guides:


Helpful Unhelpful

Add a comment

Please log in or register to submit a comment.

Need a password reminder?
This Article Category Knowledgebase

Share

Author
Sunil Panchal
Creation date
16 Dec 2024
Last update
20 Dec 2024
Publish date
20 Dec 2024