Manage your organization
Why I need to manage an organization?
There are many ways to set up an organization. The setup depends on how your company operates and in the case of channel partners, how their customers operate their business.
Consider these factors when managing an organization:
What printer models will be used?
Will a firewall or proxy server be used?
What enrollment agents do you plan to use?
What functions will each user perform as an administrator and as a user?
Will identity federation be used?
What embedded applications will be used on the printers?
Will users need to authenticate at the printer? If yes, how do they plan to authenticate?
Will Cloud Print Management be used?
What print management policies will need to be configured?
How will the user submit print jobs?
What submission clients will be used?
For channel partners, there are more factors to consider. If you plan to use child organizations, then the answer to each of these questions will help determine the user accounts required in the child organization, if any.
Will users in the channel partner organization need access to child organizations?
Who will perform the ongoing management of users in the child organization?
Will Cloud Print Management be used in the child organization?
Understanding the Account Management dashboard
The Account Management dashboard is the landing page of the Account Management portal. The Account Management portal lets you manage organizational settings, create and manage users, assign user roles, and create child organizations under channel partner organizations. What can be seen depends upon the roles of the user.
Note: A user must have either the Organization Administrator or User Administrator role to access the Account Management portal.
The following is a sample Account Management dashboard for a user with the Organization Administrator or User Administrator role.
Organization
Users
Groups
Applications
The following is a sample Account Management dashboard for a user with the Organization Administrator or User Administrator role, and the Partner Administrator role.
Organization
Users
Groups
Applications
Child Organizations
The Account Management dashboard provides access to the following:
The Organization menu, which provides links to the following:
The Account Management dashboard
The Organization Roles page—Lets you select a set of roles that are automatically assigned to all users in the organization
The Authentication Provider page—The setup for federated identity management
Child organizations—Lets you view child organizations defined under the partner organization.
Note: These organizations appear only to users who have the Partner Administrator role.
Printer Login Configuration
The Users card and menu:
The Groups card and tab:
Shows the list of user groups in the organization
Note: Groups provide a quick way to assign the same set of roles to several users.
The Applications tab:
The Child organizations card:
Shows the list of child organizations under an organization.
Note: This card appears only to users who have the Partner Administrator role.
Organization settings
Organization settings
The Organization menu provides quick access to various organizational settings and information.
The Organization menu contains the following:
Organization Information—A link to the Account Management dashboard, which provides links to the user and group management pages
Note: For channel partners, there is also a link to the child organizations management page.
Organization Roles—Lets you select a set of roles that are automatically assigned to all users in the organization
Authentication Provider—The setup for federated identity management
Child Organizations—Lets you view child organizations defined under the partner organization
Note: This menu item appears only to channel partners.
Printer Login Configuration—Defines the user authentication modes allowed at printers
For more information, see Managing printer logins.
Configuring user login at the printer
You must configure the authentication process for users who log in at the printer. If the user is accessing Lexmark’s cloud-based functionality, such as Cloud Fleet Management or Cloud Print Management, then logging in to the printer is required.
From the Account Management web portal, click Organization > Printer Login Configuration.
The Organization Printer Login Configuration page allows you to select Single (Standard) and two-factor (Badge + PIN) authentication methods for user authentication.
You can either use Single (Standard) or two-factor (Badge + PIN) authentication methods for user authentication. Do either of the following:
Standard authentication
One or more of the standard authentication methods can be enabled at the same time.
Badge—Uses contactless card reader and user ID badges. Badges must be registered before they can be used. For more information, see Managing badges.
PIN—Uses a 4-digit to 12-digit PIN. PINs can be set by the user, the administrator, or Lexmark Cloud Services. PINs can be set to never expire or to expire after 1 hour up to 180 days. For more information, see Managing PINs.
Note: If an authentication provider has been configured, the PIN Generation option must be set to Administrator manually set and to Never expire.
Secure login—Users must obtain a one-time PIN each time they authenticate at the printer. For more information, see Obtaining secure login code.
Badge + PIN as second factor
In this method users must use their badge and enter their PIN to authenticate. The badge and PIN stipulations as stated in the Standard Authentication section also apply.
The Cloud Authentication eSF application polls the cloud for changes to the Printer Login Configuration settings every 15 minutes.
The settings on the Printer Login Configuration page overwrite settings that are configured with the Cloud Authentication application installed in the printer.
These settings are applied to all printers in the organization.
Understanding identity federation
Federation is the process of creating a trust relationship between a customer’s identity provider (IDP) and an external service, such as Lexmark Cloud Services. The identity provider can be Microsoft Azure Active Directory (Azure AD), Google Identity, or any other Security Assertion Markup Language (SAML) 2.0-compliant identity management system.
After this trust relationship is built, users can access Lexmark Cloud Services using the same credentials that they use for their other internal sites and services. The customer’s identity provider manages all aspects of credential management, including password validation, complexity of requirements, expiration, and potential use of multifactor authentication. Additionally, the identity provider can support Single Sign-On (SSO), which reduces the number of times users are required to authenticate as they switch between services.
Notes:
- Federation is supported by identity management services that use the SAML 2.0 standard.
- An organization can only be configured to federate with a single identity management provider.
To enable federation or to change the current federation configuration, do the following:
From the Account Management web portal, click Organization > Authentication Provider.
If federation is not enabled, then click Configure an Authentication Provider.
Enter the details in the Authentication Provider form.
For more information on completing the form, see the following:
Creating a child organization
Child organizations provide a means of grouping printers based on business needs. This grouping could be for customers of a channel partner or business units of an enterprise.
Note: You must have the Partner Administrator role to create and manage child organizations. For more information, see
Partner administrator.
Do I need to create a child organization?
There are two ways of organizing your customers’ printers: a hierarchical structure or a flat structure. The structure you choose determines whether child organizations are needed.
Note: We recommend using the hierarchical structure for organizing your customers’ printers.
Hierarchical structure—Uses a child organization for each of your customers. The printers of each customer are grouped in that customer’s organization, separating printer information between customers. Also, a hierarchical structure lets you grant access to future Lexmark Cloud Services capabilities on a customer-by-customer basis.
Flat structure—A flat structure places all printers from all customers in a single structure. Any future Lexmark Cloud Services capabilities added to one customer are available to all.
Hierarchical structure vs. flat structureIdentifying a customer’s printers | Printers for each customer are separated into different child organizations. | Printers must be tagged with an identifier to determine which customer is using it. |
Finding a specific printer | The customer must be known, or each child organization must be individually searched for the specific printer. | All printers are in one list. |
Print activity reporting | A customer’s printer activity can be easily determined by reporting on the print activity of the entire child organization. | A customer’s printer activity must be determined by filtering printers by customer-identifiable means. For example, you can filter printers by tags. |
Future Lexmark Cloud Services functionality | Future Lexmark Cloud Services functionality can be selectively granted to individual customers. | Future Lexmark Cloud Services functionality made available to one customer is available to all. Some enhanced functionality may not be supported in a flat structure. |
Account management by customers | A customer administrator can be added where needed in individual customer organizations without sharing access to information of other customers. | A customer administrator who is added can see all printer information for all customers. |
Creating a child organization
In the Account Management web portal, click Organization > Child Organizations.
Click Create.
Note: If there are no existing child organization, then click Create Child Organization.
In the Organization name field, type a unique name and then click Create Child Organization.
