Chrome OS IPPS printing and deployment
Supporting and deploying Print Director queues to Chrome OS devices have the following requirements:
- Minimum Print Director version of 18.104.22.168.
- Chrome OS devices must be on the same network as the print server.
- Google organization settings: Include user account and filename in print job must be enabled. Note this will block printing to non-IPPS printers even if previously added.
- IPPS service on the PDAgent must be enabled.
- A ‘matched to device’ print queue that has IPP authentication disabled is required.
- Google account names must be stored in the user records Logon code or Secondary logon code fields.
Set the Google organisation setting to include usernames with print jobs
By default, Chrome OS will not include any user identifiable information with print jobs. All jobs are submitted with the same username ‘chronos’. To allow Chrome OS to include this information, we need to change a setting for the Google Workspace organisation. This will apply to all Google Workspace accounts within the organisation.
Note that once this setting has been changed, the version of Chrome OS at the time of publication, disables all printing via other protocols. This means any printers using the LPD or IPP protocols will no longer be available. Only printers using IPPS will be available. See https://support.google.com/chrome/a/answer/2657289?hl=en#printing_send_username_and_filename_enabled for more info.
Log in to the Google Admin Console
Use your browser to log into the Google Admin Console by selecting it in the list of Google Applications or going to https://admin.google.com.
Once in Google Admin, in the tree view on the left, navigate to Devices>Chrome>Settings>Users & browsers:
Scroll all the way down to the Printing section and change the CUPS Print job information drop-down to Include user account and filename in print job.
Ensure the IPPS service is enabled on the PDAgent
In Resource Manager open the PDAgent record for the print server and click the Services tab. Ensure the Enable IPP Server checkbox is ticked. Take note of the IPPS port number as this will be used when configuring the printer deployment in the Google Admin console.
Disable IPP authentication for the print queue on the server
Open Resource Manager and click PDAgents. Double click the server on the right and click the Print Queues tab. Double click the queue that will be used by the Chrome OS devices.
Now ensure the IPP Authentication drop down is set to Use supplied username.
If we are going to deploy the printer via the Google Admin console, then there is no need to set the queue as Advertised. In fact, if there are iOS or Android devices on the network, it would be better NOT to advertise this queue. Since the queue has authentication disabled, we wouldn’t want iOS or Android devices to use it. We would create separate advertised queues with authentication enabled for these devices. So our recommendation is to tick the Advertise checkbox only if the Chrome devices cannot have their printer deployed from Google Admin (e.g. if they are not Google Workspace / GSuite accounts).
Ensure Google user account names are matched to the correct user record
Google account names are normally the same as the user’s email address. So for example, a user with a Google Workspace account named email@example.com will need this entered into the Logon code field or Secondary logon code field for their record in Resource Manager.
If the user only has a Google Workspace account, and won’t be printing from other devices that might send a different username, then their email address can be entered into the Logon code field:
If however, the user also has a Windows device and an Active Directory account called johnsmith, then johnsmith will appear in the Logon code field and their email address must be entered into the Secondary logon code field so jobs sent from their Chrome OS device can be matched to the same record.
Add the printer in Chrome OS
You can deploy the printer using the Google Admin console to immediately make it available to all users within an organisational unit. Or you can manually add it on a specific Chrome device (skip to next section).
Deploy the printer to all devices in an Organizational Unit via Google Admin console
Log in to your Google Admin console and click on Devices, Chrome, Printers and Printers again.
Now select the organizational unit to which the printer will be deployed:
Click the plus sign in the bottom right to add a printer.
Now we must enter the printer information. In the Printer name field enter a name for your printer. You can optionally enter a Description for printer as well. If you select the Use driverless configuration, the printer will be added with a generic postscript driver which may not support all the options of the printer. So, if possible, select the correct manufacturer and model from the dropdowns. This will install the correct driver for the printer. Choose ipps and enter the address of the PDAgent server in the Host field (NB: not the printer address). Enter the port that was set for the PDAgent IPPS service (default is 9633) and then the path must be printers/ and the name of the print queue on the server. If there are spaces in the queue name, they must be replaced with a +. So, in our example, the queue name is Upstairs Printer, so we enter printers/Upstairs+Printer in the path field. Click Add Printer.
Now the printer will appear in the list of available printers. Click the printer to access the settings. Enable Allow for users in this organization if you want users with Chrome devices that aren’t necessarily enrolled Enterprise Chromebooks to be able to use the printer. If you only want enrolled Enterprise Chromebooks to access the printer then only enable Allow for devices in this organization. In our example below, we’ve enabled both.
Now when a user prints from an app on their Chrome device, they will see the new printer as an available printer. If the printer doesn’t appear in the Destination drop down, click the See more… option.
The printer should appear in this list. Select it and then click Print.
A popup will appear in the bottom left indicating that the job is printing.
We can check the list of waiting jobs on the PDAgent to confirm the job has arrived:
Add a printer on a specific Chrome OS device
If a queue is set to be Advertised in Resource Manager, it will appear in the list of available printers when printing from any app. Instead of having a building icon, it will have a normal printer icon.
It makes no difference which method is used for printing. Sometimes there may be difficulties in Advertising queues because of differences in network subnets or DNS servers between the PDAgent server and the Chrome OS devices. In this case, deploying via Google Admin resolves the problem. Also deploying via Google Admin makes it possible to limit the availability of the printer to certain organizational units, whereas Advertising the queue makes it available to all devices.
Document revision date: 2022/02/21