Single Sign-On (SSO) of Web browser

February 26, 2021By Rakshit Patel

Single Sign-On (SSO) helps users without re-entering credentials to access PaperCut NG/web MF’s interface. For example, on the PaperCut NG/MF login screen, you can give a logged-in Windows user direct access to the PaperCut NG/MF web interface without having to re-enter their username and password. SSO is also especially appealing to sites with an intranet portal, as it enables various IT systems to be incorporated seamlessly into the portal without the need for separate logins. Single Sign-On also goes hand in hand with technologies such as two-factor authentication used in high-security environments. Sign-on will require the display of an ID card or reading a card with two-factor authentication.

In certain instances, user passwords are controlled and not known to the user by the security system, making it difficult to log in using a conventional login screen. The SSO support from PaperCut NG/MF enables PaperCut NG/MF to exploit the two-factor protection already in place.

An advanced subject is Web Single Sign-on. For many pages, the regular web login built-in with PaperCut NG/MF is most fitting.

Two separate web SSO approaches are provided by PaperCut NG/MF:


A Stanford University developed and freely licenced web authentication framework. It is deployed as an Apache module and operates on the PaperCut NG/MF Application Server by intercepting requests.WebAuth is operating system neutral, but needs to be set up with professional experience. The WebAuth integration of PaperCut NG/MF is actually very generic and is also used at many customer sites for Shibboleth SSO integration.

Integrated Windows Authentication

For Windows domain environments where the same Windows domain and intranet zone are accessed by both PaperCut NG/MF Application Server and user computers. PaperCut NG/MF uses current Windows technologies via Integrated Windows Authentication to securely recognise Windows domain users as PaperCut NG/MF users.

  • Session Cookies
  • JavaScript

In the default browser configuration, these two choices are often allowed. Please note that cookies only need to be allowed at the (temporary) session level – these cookies do not live through the restart of the browser and cannot be used to monitor your past visits to different websites.

Emerging configurations

Mobile devices as access credentials

Using mobile devices as access credentials, a new variant of single sign-on authentication has been developed. By using authentication methods including OpenID Connect and SAML[22] in combination with the X.509 ITU-T cryptography certificate used to identify the mobile device to the access server, users’ mobile devices can be used to automatically log them into various systems, such as building-access-control systems and computer systems.

In comparison to a password that is “something you have” a mobile device is “something you know” or biometrics (fingerprint, retinal scan, facial recognition, etc.), which is “something you are” For the best defence, security experts suggest using at least two of these three factors (multi-factor authentication).

ou can also Hire Dedicated Developer and Hire Dedicated Designers. Contact Crest Infotech to know more about Dedicated Development and Designing services in Details.

Rakshit Patel

Author ImageI am the Founder of Crest Infotech With over 15 years’ experience in web design, web development, mobile apps development and content marketing. I ensure that we deliver quality website to you which is optimized to improve your business, sales and profits. We create websites that rank at the top of Google and can be easily updated by you.