Resolving Usernames for OIDC Profiles

If the username does not match between the Entra ID and the OIDC authentication profile when the user info is sent via the print job, you can use a token claim transformation to adjust how the user email appears in the SLNX User properties. For example, if only the user's first name appears in SLNX, but you need the full user name, the following steps are required to transform the user information that is obtained from Entra ID.

1. Add/Edit the Enterprise Application for SLNX OIDC in Entra ID

  1. Under Enterprise Applications, create an SLNX Open ID Connect application following standard procedures for Entra ID. If you previously created an Open ID Connect enterprise application, edit the following fields: 

    1. Select the [Single-Sign-on] tab.

    2. To create a new mail prefix value, click [Edit] in the Attributes & Claim section.

    3. Click [Add New Claim].

    4. Enter a name that will be used within SLNX when defining the User Login Name in User Attributes. For example, 'mailprefix'.

    5. Under Source, enable [Transformation].

    6. In the Transformation settings that appear: 

      • Transformation:  choose [ExtractMailPrefix()]

      • Parameter 1: enable Attribute

      • Attribute name: select 'user.mail' as the mail attribute, or select any attribute preferred.

  2. Save the changes.

2. Configure/Edit an SLNX OpenID Connect app registration in Entra ID

  1. Add a new registration for the SLNX Open ID Connect profile following standard Entra ID procedures. If you've already registered SLNX, edit the registration you created:

    1. Click [App Registrations].

    2. Select the SLNX open ID Connect profile you created.

    3. Edit the Manifest.

    4. Edit the line "acceptMappedClaims": to be true. The value is false by default, and you need to change it to true: 

      "acceptMappedClaims": true,

    5. Save the change.

3. Edit the OIDC auth profile in SLNX

  1. Follow the instructions in Setup OpenID Connect (OIDC) Authentication Profile to complete the profile.

  2. Under User Attribute, enter the claim name you created in 1. Add/Edit the Enterprise Application for SLNX OIDC in Entra ID above. The example used above was 'mailprefix'. 

  3. Under Scope Extensions, ensure you enter the following:

    https://graph.microsoft.com/User.Read

    https://graph.microsoft.com/Sites.ReadWrite.All

    https://graph.microsoft.com/Files.ReadWrite.All

  4. Save the changes.

When the user sends a print job to an SLNX secure print queue, the user name will correctly resolve using the OIDC profile.